4c90617208
Some checks failed
CI / Frontend Lint (pull_request) Failing after 8s
CI / Frontend Type Check (pull_request) Failing after 6s
CI / Frontend Build (pull_request) Failing after 6s
CI / Frontend E2E Tests (pull_request) Failing after 7s
CI / Orchestrator Build (pull_request) Failing after 6s
CI / Contracts Compile (pull_request) Failing after 5s
CI / Contracts Test (pull_request) Failing after 6s
Code Quality / SonarQube Analysis (pull_request) Failing after 21s
Code Quality / Code Quality Checks (pull_request) Failing after 5s
Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s
Security Scan / OWASP ZAP Scan (pull_request) Failing after 4s
Closes gap-analysis v2 §7.5 and §10.5.
- services/eventSigner.ts — three interchangeable strategies
selected via EVENT_SIGNING_MODE:
hmac (default; back-compat) HMAC-SHA256 via EVENT_BUS_HMAC_SECRET
eip712 EIP-712 typed data signed by ORCHESTRATOR_PRIVATE_KEY
(ethers Wallet) or via services/hsm.ts when
EVENT_SIGNING_HSM_KEY_ID is set. Domain pinned to
CurrenciCombo/1/chain-138/NOTARY_REGISTRY_ADDRESS.
jws Compact JWS (HS256), useful when the signature has to
traverse a JWT-aware infra layer.
- services/eventBus.ts — publish() now delegates to getEventSigner();
verifyChain() uses the active signer, falling through to legacyHmac
for rows written before PR O so the historical tail still verifies.
- legacyHmac() helper + payloadHashOf() re-exported.
- 13 unit tests across mode resolution, HMAC round-trip, JWS
round-trip + tamper rejection, EIP-712 round-trip + ethers address
recovery, and cross-event replay rejection.
- Full suite 93/93 green; tsc --noEmit clean.