chore(release): v2.6.0-beta #2696
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chore(release): propagate kdf 2.5.0-beta bump (staging→dev)
chore(release): propagate kdf 2.5.0-beta changelogs (staging→dev)
chore(release): propagate `delete_wallet` RPC (staging→dev)
…stc versions (#2443) Recent Rust compiler updates have tightened coherence rules, causing the blanket From<MmError> for MmError conversions to break. Instead of refactoring the core MmError type, this commit applies a minimal, mechanical change: it inserts calls to the new .map_mm_err() helper before each ? where the conversion would fail. No changes to business logic or public API 100% an internal compatibility update
chore(release): propagate `get_enabled_address` hw wallet hotfix (staging→dev)
chore(release): propagate walletconnect connection hotfix (staging→dev)
* post merge fix: After merging staging into dev, there were compilation errors due to #2443, this fixes it * review fix: Improve error handling with `.into()`
This introduces a new experimental RPC, `experimental::liquidity_routing::find_best_quote`, to find the most cost-effective swap path by aggregating atomic swaps with external liquidity routing via the 1inch API. The new endpoint allows users to execute token swaps even if they do not directly hold the tokens required by maker orders. It evaluates possible swap paths by combining external liquidity routing with atomic swaps to find the most price-effective route. Key changes include: - A new RPC endpoint `experimental::liquidity_routing::find_best_quote` for pathfinding. - Core logic in `mm2src/mm2_main/src/rpc/lp_commands/lr_swap/lr_impl.rs` to process orders and query the 1inch API. - Refactored the 1inch API client in `trading_api` to use a `UrlBuilder` for more robust URL construction and added support for the Portfolio API. - Extracted common Ethereum utility functions into a new `coins/eth/eth_utils.rs` module to improve code organization. - Updated `RpcOrderbookEntryV2` and `MmNumberMultiRepr` to be deserializable. Currently, this feature only supports filling `ask` orders with liquidity routing performed before the atomic swap.
chore(release): propagate final 2.5.0-beta changelog (staging→dev)
Parity nodes have been deprecated for years, this removes support for them and also fixes the conflict between version checking and komodo-defi-proxy.
Implements expirable maker orders which can be easily used with timeout_in_minutes arg in setprice RPC. It's an optional field and doesn't cause a breaking-change.
* feat(use-clap-for-kdf): use clap to parse CLI-Args #2215 - had to set clap version to "=v4.2" in Cargo.toml, because cargo was trying to fetch clap version 4.5 and it requires a higher version of rust tool-chain (1.74) and the current one is (1.72) - clap provides both "-h" or "--help" for the help - override the behaviour of the help to be able to show the same message as before with the version of KDF_VERSION provided by the git-commit - modes & subcommands like `btc2kmd`, `events`, `vanity`, `update_config` weren't actually used or handled by the code, so I removed them * fix(use-clap-for-cli): remove '=' from Cargo.toml as the Cargo.lock file is already created. * fix(use-clap-for-cli): hard-code the version output prefix to keep it like before * fix(use-clap-for-cli): remove reference for the JSON parameters from help as they can quickly become obsolete and outdated.
EVM max withdrawals were broken due to the max flag always being set to false. This commit passes the correct `req.max` value and also addresses two low-balance edge cases: it avoids panic from arithmetic underflow when calculating max amount to transfer, and gracefully handles cryptic RPC errors by converting known “insufficient funds” messages into a clear `WithdrawError::AmountTooLow`.
This commit improves the error handling for EVM withdrawals when the provided EIP-1559 max_fee_per_gas is too low. Previously, the API returned a generic string-based error, forcing the user to guess a new fee. Now, the withdraw endpoint can return a structured error object containing the required network base fee, allowing client applications to better handle the error.
…eamers (#2489) * refactor(event-streaming): impl DeriveStreamerId trait for all streamers #2441 - Added DeriveStreamerId trait with InitParam for new and DeriveParam for derive_streamer_id, including lifetime 'a for flexible references. - Refactored streamer structs to use &str for DeriveParam where applicable. * refactor(orderbook_events): introduce BaseAndRel type alias for DeriveParam #2441 Replaces the raw tuple (&str, &str) with a named type alias for clarity * docs(event-streaming): add documentation for DeriveStreamerId trait and its associated types #2441 --------- Co-authored-by: BigFish2086 <[email protected]>
In addition to fixing a small wasm build problem, this commit bumps Debian CI image to bullseye.
* adds nodejs 20 to ci container * remove comment * remove mm2 (in favor of kdf) from dockerfiles * move node install from ci container to build cache action
This commit migrates to the stable compiler 1.85.1, some crates (like as mm2_state_machine, mm2_err_handle and certain test crates) still retain nightly features due to their practical benefits in those contexts.
chore(release): propagate get_private_keys hotfix (staging→dev)
This makes KDF no longer locked to a specific compiler version, instead, uses the latest available stable version
Signed-off-by: Onur Özkan <[email protected]>
…tion` response (#2538)
This commit introduces an automated GitHub Actions workflow to remind reviewers about stale pull requests. The workflow runs daily at 12:00 PM UTC on business days and posts a reminder on non-draft PRs that have been waiting for review for two or more days and have fewer than two approvals. `status: in progress`, `status: pending review` labels are no longer required.
This commit make txsize not round up by default. It then adds a new fixed tx fee option "dingo_fee"=true, with rounding up, that could be set for a coin in the coins file.
…2499) This implements activation only, full WalletConnect implementation for UTXO coins will follow.
* serialize get_servers_with_latest_block_count requests as in, perfrom them in series instead of in parallel (and label the connection as not_needed once done with the request). this makes it so we won't break the max_connected threshold (this is a lie as we can break it by at most one extra connection due to the running background task that also manages connections aside from us forcefully instantiating connections in get_servers_with_latest_block_count) * we actually don't need the not_needed() call since any forceful request will always call not_needed() at the end (check ElectrumClient::electurm_request_to())
* handle more OS signals Signed-off-by: Onur Özkan <[email protected]> * drop `signal` feature from tokio Signed-off-by: Onur Özkan <[email protected]> * disable `spawn_os_signal_handler` for Windows Signed-off-by: Onur Özkan <[email protected]> * broadcast shutdown signals through streaming manager Signed-off-by: Onur Özkan <[email protected]> * apply nit Signed-off-by: Onur Özkan <[email protected]> --------- Signed-off-by: Onur Özkan <[email protected]>
Signed-off-by: Onur Özkan <[email protected]>
Signed-off-by: Onur Özkan <[email protected]>
This ensures correct behavior for URLs like `/endpoint?id=10` which would never work with the previous approach as it looks for the `&` char. Signed-off-by: Onur Özkan <[email protected]>
…#2674) * use webpki roots for rustls * isolate webpki dep update to ios only * add platform specific certificate validation * fmt tcp_stream.rs --------- Co-authored-by: Kadan Stadelmann <[email protected]>
* drop `enable-solana` feature Signed-off-by: Onur Özkan <[email protected]> * implement our own rpc client for solana Signed-off-by: Onur Özkan <[email protected]> * simplify encode_bincode_base64 Signed-off-by: Onur Özkan <[email protected]> * fix get_token_accounts_by_owner bug Signed-off-by: Onur Özkan <[email protected]> * reduce `pub` scopes Signed-off-by: Onur Özkan <[email protected]> * add timeout handling Signed-off-by: Onur Özkan <[email protected]> * handle status code Signed-off-by: Onur Özkan <[email protected]> --------- Signed-off-by: Onur Özkan <[email protected]>
Since 7000 conflicts with airplay receiver port in macos.
This hides noisy commits (e.g., toolchain upgrades) so blame points to the last meaningful change.
…#2680) This PR reduces delays for legacy atomic swaps on the iOS platform. Since the default iOS auto-lock timeout is 30 seconds, the app often returned to the background before another broadcast could occur. This commit fixes this.
…agation locking (#2661) This commit removes the maker pubkeys trie state and the Patricia-trie memory db out of Orderbook into a dedicated trie store to reduce Orderbook locking time and let messages propagate before trie work.
Fixes a critical bug where get_private_keys in iguana mode derived keys from an empty passphrase when ctx.conf["passphrase"] was null which happens when loading it from KDF encrypted storage instead of passing it from config.
chore(release): 2.6.0-beta dev -> staging
smk762
previously approved these changes
Nov 26, 2025
There was a problem hiding this comment.
Confirmed SIA functioning in wallet and postman with recent bugfixes operational
- bestorders (v2)
- tx_history (indexing)
- swaps (maker tx parsing)
- withdraw / withdraw max / orderbook / broadcast_raw_transaction and other standard methods functional
utxo consolidation and wallet connect methods have been documented and confirmed operational, along with the new timeout param in setprice.
WIP features (solana/LR) will not been tested or documented until further developed.
Iguana privkey bugfix and updated trezor ops to align with firmware confirmed functioning.
Misc other automated/postman/wallet testing performed to confirm ready for release.
Thanks for all the hard work gentlemen. It's been a challenge, but also an honor. 🫡 🖖
DeckerSU
approved these changes
Nov 29, 2025
DeckerSU
left a comment
DeckerSU
left a comment
There was a problem hiding this comment.
LGTM.
As part of this security review, only the dependencies were examined (99+ updated dependencies and 126 newly added ones). Due to the large number of dependencies, they were reviewed in a semi-automatic mode with the help of AI. All "suspicious" areas were checked manually. The review included searching for malicious inclusions such as:
- Sending data to external servers
- Theft of credentials or keys
- Unauthorized access to files
- Intentional weakening of cryptographic functions
- Logging of sensitive information
None of these were found, and all modified/added packages were deemed safe. However, I emphasize that this review does not cover potential errors in the logic of kdf itself.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v2.6.0-beta - 2025-11-28
Features:
SIA Integration:
m/44'/1991'/0'/0'/0'derivation path, wallet operations, transaction history v1, and legacy swaps are supported. #2540WalletConnect:
Trading:
timeout_in_minutesfield onsetprice, so stale listings retire automatically while staying backwards compatible. #2516UTXO Management:
consolidate_utxosRPC to merge small outputs and reduce fee overhead. #2587Work in Progress (WIP) Features:
Solana Protocol:
Liquidity Routing:
best_swapRPC that performs ask-side liquidity routing to surface the optimal route for a desired outcome amount. #2362Enhancements/Fixes:
Swaps and Order Matching:
Wallet and Keys:
get_private_keysresponses. #2685get_private_keysreturned incorrect keys in iguana mode that were derived from an empty passphrase whenpassphraseis null, this happened when loading wallets from KDF encrypted storage. #2683UTXO / Electrum:
chain_variantconfig replacing hardcoded ticker handling. #2692EVM / ETH:
maxwithdrawal logic, prevented underflow on low balances, and now return structured EIP-1559 withdrawal errors that include network-required fee info. #2531 #2532WalletConnect:
pairing_topicinnew_connectionresponses. #2538RPCs:
get_enabled_coins,task::init_trezor::init, andwc_get_sessionsto accept an emptyparamsfield so RPC callers can omit optional payloads without breaking compatibility. #2612helpRPC. #2613Event Streaming:
stream::shutdown_signal::enable). #2667Tendermint / Cosmos:
get_trade_feeRPC for Tendermint-based assets (trade/swap only, not wallet-only assets) that requires an existing on-chain account. #2663CLI:
clap, standardizing-h/--helpand version output, removing unused/undocumented modes. #2510Graceful Shutdown:
Error Handling:
map_mm_errhelper and applied it at key conversion sites to satisfy newer Rust coherence rules without changing error semantics forMmError. #2443Other Changes:
Toolchain:
Dependencies:
Infrastructure / CI:
deploy: wasm-playgroundlabel. #2607Core Maintenance:
static mutglobals in favor of thread-safe primitives across executor/WASM/coins/swap tests. #2590Documentation:
NB - Backwards compatibility breaking changes:
ETH Clients:
EVM / ETH Withdrawal Errors:
Fixed-Fee UTXO Coins:
CLI Modes:
clap; scripts relying on them may need updates (RPC API unchanged). #2510