From 53368c558d02ac897d5401ea1f8ae42e1f2b76bb Mon Sep 17 00:00:00 2001 From: Dzung Do Date: Thu, 5 Sep 2024 14:15:21 +0700 Subject: [PATCH 1/4] impl template doc --- README.md | 2 +- x/meshsecurity/README.md | 190 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 82a42d43..02aece19 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,4 @@ for specs and wasm contracts. * x - module code that is supposed to be imported by consumer chains * demo - contains an example application and CLI that is using the mesh-security module -* tests/e2e - end-to-end tests with the demo app and contracts \ No newline at end of file +* tests/e2e - end-to-end tests with the demo app and contracts \ No newline at end of file diff --git a/x/meshsecurity/README.md b/x/meshsecurity/README.md index 2849a9f1..cf2f40c3 100644 --- a/x/meshsecurity/README.md +++ b/x/meshsecurity/README.md @@ -1,2 +1,192 @@ # Meshi-security Cosmos module implementation + +# Integrate the mesh security module + + +## Prerequisites +Projects that want to integrate the meshsecurity module onto their Cosmos SDK chain must enable the following modules: +- [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking) +- [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) +- [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank) +- [x/wasm](github.com/CosmWasm/wasmd/x/wasm) + +## Configuring and Adding Module +1. Add the mesh security package to the go.mod and install it. + ``` + require ( + ... + github.com/osmosis-labs/mesh security v + ... + ) + ``` + **Note:** The version of the mesh security module will depend on which version of the Cosmos SDK your chain is using. If in doubt about which version to use, please consult the documentation: https://github.com/osmosis-labs/mesh security + +2. Add the following modules to `app.go` + ``` + import ( + ... + feeabsmodule "github.com/notional-labs/mesh security/v2/x/feeabs" + feeabskeeper "github.com/notional-labs/mesh security/v2/x/feeabs/keeper" + feeabstypes "github.com/notional-labs/mesh security/v2/x/feeabs/types" + ... + ) + ``` +3. In `app.go`: Register the AppModule for the fee middleware module. + ``` + ModuleBasics = module.NewBasicManager( + ... + feeabsmodule.AppModuleBasic{}, + ... + ) + ``` +4. In `app.go`: Add module account permissions for the fee abstractions. + ``` + maccPerms = map[string][]string{ + ... + feeabsmodule.ModuleName: nil, + } + // module accounts that are allowed to receive tokens + allowedReceivingModAcc = map[string]bool{ + feeabstypes.ModuleName: true, + } + ``` +5. In `app.go`: Add fee abstraction keeper. + ``` + type App struct { + ... + FeeabsKeeper feeabskeeper.Keeper + ... + } + ``` +6. In `app.go`: Add fee abstraction store key. + ``` + keys := sdk.NewKVStoreKeys( + ... + feeabstypes.StoreKey, + ... + ) + ``` +7. In `app.go`: Instantiate Fee abstraction keeper + ``` + app.FeeabsKeeper = feeabskeeper.NewKeeper( + appCodec, + keys[feeabstypes.StoreKey], + keys[feeabstypes.MemStoreKey], + app.GetSubspace(feeabstypes.ModuleName), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + app.TransferKeeper, + app.IBCKeeper.ChannelKeeper, + &app.IBCKeeper.PortKeeper, + scopedFeeabsKeeper, + ) + ``` +8. In `app.go`: Add the IBC router. + ``` + feeabsIBCModule := feeabsmodule.NewIBCModule(appCodec, app.FeeabsKeeper) + + ibcRouter := porttypes.NewRouter() + ibcRouter. + ... + AddRoute(feeabstypes.ModuleName, feeabsIBCModule) + ... + ``` +9. In `app.go`: Add the mesh security module to the app manager and simulation manager instantiations. + ``` + app.mm = module.NewManager( + ... + feeabsModule := feeabsmodule.NewAppModule(appCodec, app.FeeabsKeeper), + ... + ) + ``` + ``` + app.sm = module.NewSimulationManager( + ... + transferModule, + feeabsModule := feeabsmodule.NewAppModule(appCodec, app.FeeabsKeeper), + ... + ) + ``` +10. In `app.go`: Add the module as the final element to the following: +- SetOrderBeginBlockers +- SetOrderEndBlockers +- SetOrderInitGenesis + ``` + // Add fee abstraction to begin blocker logic + app.moduleManager.SetOrderBeginBlockers( + ... + feeabstypes.ModuleName, + ... + ) + + // Add fee abstraction to end blocker logic + app.moduleManager.SetOrderEndBlockers( + ... + feeabstypes.ModuleName, + ... + ) + + // Add fee abstraction to init genesis logic + app.moduleManager.SetOrderInitGenesis( + ... + feeabstypes.ModuleName, + ... + ) + ``` +11. In `app.go`: Allow module account address. + ``` + func (app *FeeAbs) ModuleAccountAddrs() map[string]bool { + blockedAddrs := make(map[string]bool) + + accs := make([]string, 0, len(maccPerms)) + for k := range maccPerms { + accs = append(accs, k) + } + sort.Strings(accs) + + for _, acc := range accs { + blockedAddrs[authtypes.NewModuleAddress(acc).String()] = !allowedReceivingModAcc[acc] + } + + return blockedAddrs + } + ``` +12. In `app.go`: Add to Param keeper. + ``` + func initParamsKeeper(appCodec codec.BinaryCodec, legacyAmino *codec.LegacyAmino, key, tkey sdk.StoreKey) paramskeeper.Keeper { + paramsKeeper := paramskeeper.NewKeeper(appCodec, legacyAmino, key, tkey) + ... + paramsKeeper.Subspace(feeabstypes.ModuleName) + ... + return paramsKeeper + } + ``` +13. Modified Fee Antehandler + + To allow for this, we use modified versions of `MempoolFeeDecorator` and `DeductFeeDecorate`. In these ante handlers, IBC tokens are swapped to the native token before the next fee handler logic is executed. + + If a blockchain uses the Fee Abstraction module, it is necessary to replace the `MempoolFeeDecorator` and `DeductFeeDecorate` with the `FeeAbstrationMempoolFeeDecorator` and `FeeAbstractionDeductFeeDecorate`, respectively. These can be found in `app/ante.go`, and should be implemented as below: + + Example: + ``` + anteDecorators := []sdk.AnteDecorator{ + ante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first + ante.NewRejectExtensionOptionsDecorator(), + feeabsante.NewFeeAbstrationMempoolFeeDecorator(options.FeeAbskeeper), + ante.NewValidateBasicDecorator(), + ante.NewTxTimeoutHeightDecorator(), + ante.NewValidateMemoDecorator(options.AccountKeeper), + ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper), + feeabsante.NewFeeAbstractionDeductFeeDecorate(options.AccountKeeper, options.BankKeeper, options.FeeAbskeeper, options.FeegrantKeeper), + // SetPubKeyDecorator must be called before all signature verification decorators + ante.NewSetPubKeyDecorator(options.AccountKeeper), + ante.NewValidateSigCountDecorator(options.AccountKeeper), + ante.NewSigGasConsumeDecorator(options.AccountKeeper, sigGasConsumer), + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler), + ante.NewIncrementSequenceDecorator(options.AccountKeeper), + ibcante.NewAnteDecorator(options.IBCKeeper), + } + ``` + \ No newline at end of file From 4a46fb4b9a3dc1045c75c85c514e6e1205e4f3f7 Mon Sep 17 00:00:00 2001 From: Dzung Do Date: Thu, 5 Sep 2024 19:46:15 +0700 Subject: [PATCH 2/4] add integrate guide for mesh security module --- x/meshsecurity/README.md | 190 ++++++++++++++++----------------------- 1 file changed, 75 insertions(+), 115 deletions(-) diff --git a/x/meshsecurity/README.md b/x/meshsecurity/README.md index cf2f40c3..289d1ff1 100644 --- a/x/meshsecurity/README.md +++ b/x/meshsecurity/README.md @@ -1,9 +1,8 @@ -# Meshi-security +# Mesh-security Cosmos module implementation # Integrate the mesh security module - ## Prerequisites Projects that want to integrate the meshsecurity module onto their Cosmos SDK chain must enable the following modules: - [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking) @@ -16,177 +15,138 @@ Projects that want to integrate the meshsecurity module onto their Cosmos SDK ch ``` require ( ... - github.com/osmosis-labs/mesh security v + github.com/osmosis-labs/mesh-security ... ) ``` - **Note:** The version of the mesh security module will depend on which version of the Cosmos SDK your chain is using. If in doubt about which version to use, please consult the documentation: https://github.com/osmosis-labs/mesh security 2. Add the following modules to `app.go` ``` import ( ... - feeabsmodule "github.com/notional-labs/mesh security/v2/x/feeabs" - feeabskeeper "github.com/notional-labs/mesh security/v2/x/feeabs/keeper" - feeabstypes "github.com/notional-labs/mesh security/v2/x/feeabs/types" + "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity" + meshseckeeper "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity/keeper" + meshsectypes "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity/types" ... ) ``` -3. In `app.go`: Register the AppModule for the fee middleware module. +3. In `app.go`: Register the AppModule for the mesh security module. ``` ModuleBasics = module.NewBasicManager( ... - feeabsmodule.AppModuleBasic{}, + meshsecurity.AppModuleBasic{}, ... ) ``` -4. In `app.go`: Add module account permissions for the fee abstractions. +4. In `app.go`: Add module account permissions: ``` maccPerms = map[string][]string{ ... - feeabsmodule.ModuleName: nil, + meshsectypes.ModuleName: {authtypes.Minter, authtypes.Burner} } - // module accounts that are allowed to receive tokens - allowedReceivingModAcc = map[string]bool{ - feeabstypes.ModuleName: true, - } ``` -5. In `app.go`: Add fee abstraction keeper. +5. In `app.go`: Add mesh security keeper. ``` type App struct { ... - FeeabsKeeper feeabskeeper.Keeper + MeshSecKeeper *meshseckeeper.Keeper ... } ``` -6. In `app.go`: Add fee abstraction store key. +6. In `app.go`: Add mesh security store key. ``` keys := sdk.NewKVStoreKeys( ... - feeabstypes.StoreKey, + meshsectypes.StoreKey, ... ) ``` -7. In `app.go`: Instantiate Fee abstraction keeper - ``` - app.FeeabsKeeper = feeabskeeper.NewKeeper( - appCodec, - keys[feeabstypes.StoreKey], - keys[feeabstypes.MemStoreKey], - app.GetSubspace(feeabstypes.ModuleName), - app.StakingKeeper, - app.AccountKeeper, - app.BankKeeper, - app.TransferKeeper, - app.IBCKeeper.ChannelKeeper, - &app.IBCKeeper.PortKeeper, - scopedFeeabsKeeper, - ) - ``` -8. In `app.go`: Add the IBC router. +7. In `app.go`: Instantiate mesh security keeper ``` - feeabsIBCModule := feeabsmodule.NewIBCModule(appCodec, app.FeeabsKeeper) - - ibcRouter := porttypes.NewRouter() - ibcRouter. - ... - AddRoute(feeabstypes.ModuleName, feeabsIBCModule) - ... + app.MeshSecKeeper = meshseckeeper.NewKeeper( + app.appCodec, + keys[meshsectypes.StoreKey], + memKeys[meshsectypes.MemStoreKey], + app.BankKeeper, + app.StakingKeeper, + &app.WasmKeeper, // ensure this is a pointer as we instantiate the keeper a bit later + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) ``` -9. In `app.go`: Add the mesh security module to the app manager and simulation manager instantiations. +8. In `app.go`: Add the mesh security module to the app manager instantiation. ``` app.mm = module.NewManager( ... - feeabsModule := feeabsmodule.NewAppModule(appCodec, app.FeeabsKeeper), - ... - ) - ``` - ``` - app.sm = module.NewSimulationManager( - ... - transferModule, - feeabsModule := feeabsmodule.NewAppModule(appCodec, app.FeeabsKeeper), + meshsecurity.NewAppModule(appCodec, app.MeshSecKeeper), ... ) ``` -10. In `app.go`: Add the module as the final element to the following: +9. In `app.go`: Add the module as the final element to the following: - SetOrderBeginBlockers - SetOrderEndBlockers - SetOrderInitGenesis ``` - // Add fee abstraction to begin blocker logic + // Add mesh security to begin blocker logic app.moduleManager.SetOrderBeginBlockers( ... - feeabstypes.ModuleName, + meshsectypes.ModuleName, ... ) - // Add fee abstraction to end blocker logic + // Add mesh security to end blocker logic app.moduleManager.SetOrderEndBlockers( ... - feeabstypes.ModuleName, + meshsectypes.ModuleName, ... ) - // Add fee abstraction to init genesis logic + // Add mesh security to init genesis logic app.moduleManager.SetOrderInitGenesis( ... - feeabstypes.ModuleName, + meshsectypes.ModuleName, ... ) ``` -11. In `app.go`: Allow module account address. - ``` - func (app *FeeAbs) ModuleAccountAddrs() map[string]bool { - blockedAddrs := make(map[string]bool) - - accs := make([]string, 0, len(maccPerms)) - for k := range maccPerms { - accs = append(accs, k) - } - sort.Strings(accs) - - for _, acc := range accs { - blockedAddrs[authtypes.NewModuleAddress(acc).String()] = !allowedReceivingModAcc[acc] - } - - return blockedAddrs - } - ``` -12. In `app.go`: Add to Param keeper. - ``` - func initParamsKeeper(appCodec codec.BinaryCodec, legacyAmino *codec.LegacyAmino, key, tkey sdk.StoreKey) paramskeeper.Keeper { - paramsKeeper := paramskeeper.NewKeeper(appCodec, legacyAmino, key, tkey) - ... - paramsKeeper.Subspace(feeabstypes.ModuleName) - ... - return paramsKeeper - } - ``` -13. Modified Fee Antehandler - - To allow for this, we use modified versions of `MempoolFeeDecorator` and `DeductFeeDecorate`. In these ante handlers, IBC tokens are swapped to the native token before the next fee handler logic is executed. - - If a blockchain uses the Fee Abstraction module, it is necessary to replace the `MempoolFeeDecorator` and `DeductFeeDecorate` with the `FeeAbstrationMempoolFeeDecorator` and `FeeAbstractionDeductFeeDecorate`, respectively. These can be found in `app/ante.go`, and should be implemented as below: - - Example: - ``` - anteDecorators := []sdk.AnteDecorator{ - ante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first - ante.NewRejectExtensionOptionsDecorator(), - feeabsante.NewFeeAbstrationMempoolFeeDecorator(options.FeeAbskeeper), - ante.NewValidateBasicDecorator(), - ante.NewTxTimeoutHeightDecorator(), - ante.NewValidateMemoDecorator(options.AccountKeeper), - ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper), - feeabsante.NewFeeAbstractionDeductFeeDecorate(options.AccountKeeper, options.BankKeeper, options.FeeAbskeeper, options.FeegrantKeeper), - // SetPubKeyDecorator must be called before all signature verification decorators - ante.NewSetPubKeyDecorator(options.AccountKeeper), - ante.NewValidateSigCountDecorator(options.AccountKeeper), - ante.NewSigGasConsumeDecorator(options.AccountKeeper, sigGasConsumer), - ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler), - ante.NewIncrementSequenceDecorator(options.AccountKeeper), - ibcante.NewAnteDecorator(options.IBCKeeper), - } - ``` - \ No newline at end of file +10. In `app.go`: Add the mesh security staking decorator to the slashing module. + ``` + app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + keys[slashingtypes.StoreKey], + // decorate the sdk keeper to capture all jail/ unjail events for MS + meshseckeeper.NewStakingDecorator(app.StakingKeeper, app.MeshSecKeeper), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + ``` +11. In `app.go`: Add the mesh security hooks to the staking module. + ``` + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + ... + // register hook to capture valset updates + app.MeshSecKeeper.Hooks() + ), + ) + ``` +12. In `app.go`: Add the mesh security hooks to the evidence module. + ``` + evidenceKeeper := evidencekeeper.NewKeeper( + ... + // decorate the SlashingKeeper to capture the tombstone event + meshseckeeper.CaptureTombstoneDecorator(app.MeshSecKeeper, app.SlashingKeeper, app.StakingKeeper), + ) + ``` +13. In `app.go`: Add the mesh security wasm message handler decorator to the wasm module. + ``` + meshMessageHandler := wasmkeeper.WithMessageHandlerDecorator(func(nested wasmkeeper.Messenger) wasmkeeper.Messenger { + return wasmkeeper.NewMessageHandlerChain( + meshseckeeper.NewIntegrityHandler(app.MeshSecKeeper), + nested, + meshseckeeper.NewDefaultCustomMsgHandler(app.MeshSecKeeper), + ) + }) + wasmOpts = append(wasmOpts, meshMessageHandler, + // add support for the mesh-security queries + wasmkeeper.WithQueryHandlerDecorator(meshseckeeper.NewQueryDecorator(app.MeshSecKeeper, app.SlashingKeeper)), + ) + ``` \ No newline at end of file From 82a281bc660db4645d1d2e0b49adba2365d24e58 Mon Sep 17 00:00:00 2001 From: Dzung Do Date: Thu, 5 Sep 2024 19:53:38 +0700 Subject: [PATCH 3/4] add integrate guide for mesh security provider module --- x/meshsecurityprovider/README.md | 111 +++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 x/meshsecurityprovider/README.md diff --git a/x/meshsecurityprovider/README.md b/x/meshsecurityprovider/README.md new file mode 100644 index 00000000..028acd82 --- /dev/null +++ b/x/meshsecurityprovider/README.md @@ -0,0 +1,111 @@ +# Mesh security provider +Cosmos module implementation + +# Integrate the mesh security provider module + +## Prerequisites +Projects that want to integrate the meshsecurityprovider module onto their Cosmos SDK chain must enable the following modules: +- [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking) +- [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) +- [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank) +- [x/wasm](github.com/CosmWasm/wasmd/x/wasm) + +## Configuring and Adding Module +1. Add the mesh security package to the go.mod and install it. + ``` + require ( + ... + github.com/osmosis-labs/mesh-security + ... + ) + ``` + +2. Add the following modules to `app.go` + ``` + import ( + ... + meshsecprov "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider" + meshsecprovkeeper "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider/keeper" + meshsecprovtypes "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider/types" + ... + ) + ``` +3. In `app.go`: Register the AppModule for the mesh security provider module. + ``` + ModuleBasics = module.NewBasicManager( + ... + meshsecprov.AppModuleBasic{}, + ... + ) + ``` +4. In `app.go`: Add mesh security provider keeper. + ``` + type App struct { + ... + MeshSecProvKeeper *meshsecprovkeeper.Keeper + ... + } + ``` +5. In `app.go`: Add mesh security provider store key. + ``` + keys := sdk.NewKVStoreKeys( + ... + meshsecprovtypes.StoreKey, + ... + ) + ``` +6. In `app.go`: Instantiate mesh security provider keeper + ``` + app.MeshSecProvKeeper = meshsecprovkeeper.NewKeeper( + appCodec, + keys[meshsecprovtypes.StoreKey], + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.BankKeeper, + &app.WasmKeeper, + app.StakingKeeper, + ) + ``` +7. In `app.go`: Add the mesh security provider module to the app manager instantiation. + ``` + app.mm = module.NewManager( + ... + meshsecprov.NewAppModule(app.MeshSecProvKeeper) + ... + ) + ``` +8. In `app.go`: Add the module as the final element to the following: +- SetOrderBeginBlockers +- SetOrderEndBlockers +- SetOrderInitGenesis + ``` + // Add mesh security to begin blocker logic + app.moduleManager.SetOrderBeginBlockers( + ... + meshsecprovtypes.ModuleName, + ... + ) + + // Add mesh security to end blocker logic + app.moduleManager.SetOrderEndBlockers( + ... + meshsecprovtypes.ModuleName, + ... + ) + + // Add mesh security to init genesis logic + app.moduleManager.SetOrderInitGenesis( + ... + meshsecprovtypes.ModuleName, + ... + ) + ``` +9. In `app.go`: Add the mesh security wasm message handler decorator to the wasm module. + ``` + meshMessageHandler := wasmkeeper.WithMessageHandlerDecorator(func(nested wasmkeeper.Messenger) wasmkeeper.Messenger { + return wasmkeeper.NewMessageHandlerChain( + meshsecprovkeeper.CustomMessageDecorator(app.MeshSecProvKeeper), + nested, + ) + }) + wasmOpts = append(wasmOpts, meshMessageHandler) + ``` \ No newline at end of file From f8bebde808185f749d8a8c76cb9e0bb6f7102d37 Mon Sep 17 00:00:00 2001 From: Dzung Do Date: Thu, 5 Sep 2024 19:57:30 +0700 Subject: [PATCH 4/4] add integrate guide for all mesh security modules --- README.md | 173 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 172 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 02aece19..2826c4af 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,175 @@ for specs and wasm contracts. * x - module code that is supposed to be imported by consumer chains * demo - contains an example application and CLI that is using the mesh-security module -* tests/e2e - end-to-end tests with the demo app and contracts \ No newline at end of file +* tests/e2e - end-to-end tests with the demo app and contracts + +# Integrate the mesh security consumer and provider modules + +## Prerequisites +Projects that want to integrate the meshsecurityprovider module onto their Cosmos SDK chain must enable the following modules: +- [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking) +- [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) +- [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank) +- [x/wasm](github.com/CosmWasm/wasmd/x/wasm) + +## Configuring and Adding Module +1. Add the mesh security package to the go.mod and install it. + ``` + require ( + ... + github.com/osmosis-labs/mesh-security + ... + ) + ``` + +2. Add the following modules to `app.go` + ``` + import ( + ... + "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity" + meshseckeeper "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity/keeper" + meshsectypes "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurity/types" + meshsecprov "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider" + meshsecprovkeeper "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider/keeper" + meshsecprovtypes "github.com/osmosis-labs/mesh-security-sdk/x/meshsecurityprovider/types" + ... + ) + ``` +3. In `app.go`: Register the AppModule for the mesh security modules. + ``` + ModuleBasics = module.NewBasicManager( + ... + meshsecurity.AppModuleBasic{}, + meshsecprov.AppModuleBasic{}, + ... + ) + ``` +4. In `app.go`: Add module account permissions: + ``` + maccPerms = map[string][]string{ + ... + meshsectypes.ModuleName: {authtypes.Minter, authtypes.Burner} + } + ``` +5. In `app.go`: Add mesh security keepers. + ``` + type App struct { + ... + MeshSecKeeper *meshseckeeper.Keeper, + MeshSecProvKeeper *meshsecprovkeeper.Keeper + ... + } + ``` +6. In `app.go`: Add mesh security store keys. + ``` + keys := sdk.NewKVStoreKeys( + ... + meshsectypes.StoreKey, + meshsecprovtypes.StoreKey, + ... + ) + ``` +7. In `app.go`: Instantiate mesh security keepers + ``` + app.MeshSecKeeper = meshseckeeper.NewKeeper( + app.appCodec, + keys[meshsectypes.StoreKey], + memKeys[meshsectypes.MemStoreKey], + app.BankKeeper, + app.StakingKeeper, + &app.WasmKeeper, // ensure this is a pointer as we instantiate the keeper a bit later + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + app.MeshSecProvKeeper = meshsecprovkeeper.NewKeeper( + appCodec, + keys[meshsecprovtypes.StoreKey], + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.BankKeeper, + &app.WasmKeeper, + app.StakingKeeper, + ) + ``` +8. In `app.go`: Add the mesh security modules to the app manager instantiation. + ``` + app.mm = module.NewManager( + ... + meshsecurity.NewAppModule(appCodec, app.MeshSecKeeper), + meshsecprov.NewAppModule(app.MeshSecProvKeeper) + ... + ) + ``` +9. In `app.go`: Add the module as the final element to the following: +- SetOrderBeginBlockers +- SetOrderEndBlockers +- SetOrderInitGenesis + ``` + // Add mesh security to begin blocker logic + app.moduleManager.SetOrderBeginBlockers( + ... + meshsectypes.ModuleName, + meshsecprovtypes.ModuleName, + ... + ) + + // Add mesh security to end blocker logic + app.moduleManager.SetOrderEndBlockers( + ... + meshsectypes.ModuleName, + meshsecprovtypes.ModuleName, + ... + ) + + // Add mesh security to init genesis logic + app.moduleManager.SetOrderInitGenesis( + ... + meshsectypes.ModuleName, + meshsecprovtypes.ModuleName, + ... + ) + ``` +10. In `app.go`: Add the mesh security staking decorator to the slashing module. + ``` + app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + keys[slashingtypes.StoreKey], + // decorate the sdk keeper to capture all jail/ unjail events for MS + meshseckeeper.NewStakingDecorator(app.StakingKeeper, app.MeshSecKeeper), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + ``` +11. In `app.go`: Add the mesh security hooks to the staking module. + ``` + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + ... + // register hook to capture valset updates + app.MeshSecKeeper.Hooks() + ), + ) + ``` +12. In `app.go`: Add the mesh security hooks to the evidence module. + ``` + evidenceKeeper := evidencekeeper.NewKeeper( + ... + // decorate the SlashingKeeper to capture the tombstone event + meshseckeeper.CaptureTombstoneDecorator(app.MeshSecKeeper, app.SlashingKeeper, app.StakingKeeper), + ) + ``` +13. In `app.go`: Add the mesh security wasm message handler decorator to the wasm module. + ``` + meshMessageHandler := wasmkeeper.WithMessageHandlerDecorator(func(nested wasmkeeper.Messenger) wasmkeeper.Messenger { + return wasmkeeper.NewMessageHandlerChain( + // security layer for system integrity, should always be first in chain + meshseckeeper.NewIntegrityHandler(app.MeshSecKeeper), + nested, + // append our custom message handler for mesh-security + meshseckeeper.NewDefaultCustomMsgHandler(app.MeshSecKeeper), + meshsecprovkeeper.CustomMessageDecorator(app.MeshSecProvKeeper), + ) + }) + wasmOpts = append(wasmOpts, meshMessageHandler, + // add support for the mesh-security queries + wasmkeeper.WithQueryHandlerDecorator(meshseckeeper.NewQueryDecorator(app.MeshSecKeeper, app.SlashingKeeper)), + ) + ``` \ No newline at end of file