Idemix Repository Modernization Plan

[adecaro]

Idemix Repository Modernization Plan

Executive Summary

This document outlines a comprehensive modernization plan for the IBM Idemix repository. The plan focuses on improving code quality, maintainability, and developer experience through structural reorganization, dependency updates, and adoption of modern Go tooling practices.

Goals

• 1. Simplify repository structure by removing sub-modules
• 2. Improve code quality through automated linting
• 3. Modernize logging infrastructure
• 4. Update all dependencies to latest stable versions
• 5. Improve code organization and maintainability
• 6. Remove deprecated cryptographic schemes
• 7. Enhance testing and CI/CD pipeline

Phase 1: Repository Structure Cleanup

1.1 Remove Sub-Modules

Rationale: Sub-modules add complexity to dependency management and make the repository harder to maintain.

Action Items:

• Merge bccsp/schemes/aries/go.mod into root go.mod
• Merge bccsp/schemes/weak-bb/go.mod into root go.mod
• Remove all go.mod and go.sum files from subdirectories
• Update import paths if necessary
• Verify all tests pass after consolidation

1.2 Remove Deprecated Cryptographic Schemes

Rationale: The dlog and weak-bb schemes are no longer needed and removing them will reduce maintenance burden.

Action Items:

• Remove bccsp/schemes/dlog/ directory entirely
• Remove bccsp/schemes/weak-bb/ directory entirely
• Update bccsp/ to remove references to these schemes
• Update tests to remove dependencies on these schemes
• Update documentation to reflect removed schemes
• Search for and remove any imports of these packages throughout the codebase

Files/Directories to Remove:

bccsp/schemes/dlog/
bccsp/schemes/weak-bb/

1.3 Reorganize MSP-Related Files

Rationale: Consolidating MSP-related files into a dedicated directory improves code organization and discoverability.

Current Structure:

.
├── idemixmsp/
│   ├── identities.pb.go
│   ├── identities.proto
│   ├── msp_config.pb.go
│   └── msp_config.proto
├── msp.go
├── idemix_roles.go
├── idemixmsp_test.go
├── idemixmsp_aries_test.go

Proposed Structure:

msp/
├── config/
│   ├── identities.pb.go
│   ├── identities.proto
│   ├── msp_config.pb.go
│   └── msp_config.proto
├── provider.go (renamed from msp.go)
├── roles.go (renamed from idemix_roles.go)
├── provider_test.go (renamed from idemixmsp_test.go)
└── aries_test.go (renamed from idemixmsp_aries_test.go)

Action Items:

• Create new msp/ directory structure
• Move and rename files according to new structure
• Update all import paths throughout the codebase
• Update package declarations
• Verify all tests pass after reorganization
• Update documentation and README

Phase 2: Logging Infrastructure Modernization

2.1 Remove Custom Logging Package

Rationale: The custom common/flogging package adds unnecessary complexity. Modern Go projects should use standard logging libraries.

Action Items:

• Remove common/flogging/ directory entirely
• Choose replacement logging library (recommendations below)
• Create logging adapter/wrapper if needed
• Update all logging calls throughout the codebase
• Update tests to work with new logging approach
• Update documentation

Recommended Logging Libraries:

Option 1: slog (Go 1.21+) - Recommended

• Built into Go standard library
• Structured logging support
• Zero external dependencies
• Good performance

Option 2: zap

• Already partially used (flogging wraps zap)
• Excellent performance
• Rich ecosystem
• Structured logging

Option 3: zerolog

• Excellent performance
• Zero allocations
• Simple API

2.2 Logging Migration Strategy

Phase 2.2.1: Preparation

• Audit all logging calls in the codebase
• Document logging patterns and levels used
• Create logging interface/adapter

Phase 2.2.2: Implementation

• Implement new logging wrapper
• Create migration guide for developers
• Update core packages first
• Update remaining packages
• Update all tests

Phase 2.2.3: Cleanup

• Remove flogging package
• Remove flogging dependencies from go.mod
• Update CI/CD to remove flogging-related checks

Phase 3: Code Quality and Tooling

3.1 Introduce golangci-lint

Rationale: golangci-lint aggregates multiple linters and provides comprehensive code quality checks.

Action Items:

• Create .golangci.yml configuration file
• Configure enabled linters (recommendations below)
• Fix existing linting issues
• Integrate into CI/CD pipeline
• Add pre-commit hooks (optional)
• Document linting process in CONTRIBUTING.md

Recommended Linters Configuration:

linters:
  enable:
    - errcheck      # Check for unchecked errors
    - gosimple      # Simplify code
    - govet         # Vet examines Go source code
    - ineffassign   # Detect ineffectual assignments
    - staticcheck   # Advanced Go linter
    - unused        # Check for unused code
    - gofmt         # Check formatting
    - goimports     # Check imports
    - misspell      # Check for misspelled words
    - gocritic      # Comprehensive Go linter
    - revive        # Fast, configurable linter
    - gosec         # Security-focused linter
    - bodyclose     # Check HTTP response body closes
    - noctx         # Check for missing context
    - unparam       # Check for unused function parameters

3.2 Add Additional Development Tools

Action Items:

• Add gofumpt for stricter formatting
• Add go mod tidy check in CI
• Add vulnerability scanning with govulncheck
• Add license header checking
• Add code coverage reporting
• Add benchmark tracking

Phase 4: Dependency Management

4.1 Update All Dependencies

Rationale: Keeping dependencies up-to-date ensures security patches, bug fixes, and access to new features.

Action Items:

• Audit current dependencies
• Check for known vulnerabilities
• Update to latest stable versions
• Run full test suite after updates
• Update go.mod go directive to latest stable version
• Document any breaking changes

Current Major Dependencies to Update:

github.com/IBM/mathlib
github.com/golang/protobuf -> google.golang.org/protobuf
github.com/pkg/errors -> errors (stdlib) or fmt.Errorf with %w
go.uber.org/zap (if keeping)

4.2 Dependency Cleanup

Action Items:

• Remove unused dependencies
• Replace deprecated packages
• Consolidate duplicate functionality
• Document dependency choices in README

Phase 5: Testing Infrastructure

5.1 Improve Test Coverage

Action Items:

• Audit current test coverage
• Set minimum coverage threshold (recommend 80%)
• Add missing unit tests
• Add integration tests where appropriate
• Add benchmark tests for critical paths
• Configure coverage reporting in CI

5.2 Test Organization

Action Items:

• Organize tests by package
• Create test helpers package
• Add table-driven tests where appropriate
• Add fuzzing tests for cryptographic functions
• Document testing practices

Phase 6: Documentation

6.1 Update Documentation

Action Items:

• Update README.md with new structure
• Create/update CONTRIBUTING.md
• Add architecture documentation
• Add API documentation
• Create migration guide for users
• Add examples directory with usage examples
• Document all public APIs with godoc comments

6.2 Add Documentation Generation

Action Items:

• Set up godoc hosting
• Add documentation generation to CI
• Create documentation website (optional)

Phase 7: CI/CD Improvements

7.1 Enhance GitHub Actions Workflow

Current Workflow: .github/workflows/go.yml

Proposed Enhancements:

• Add golangci-lint job
• Add vulnerability scanning
• Add code coverage reporting
• Add multiple Go version testing
• Add multiple OS testing (Linux, macOS, Windows)
• Add dependency review
• Add automated release process
• Add changelog generation

7.2 Add Pre-commit Hooks

Action Items:

• Create .pre-commit-config.yaml
• Add formatting checks
• Add linting checks
• Add test execution
• Document setup in CONTRIBUTING.md

Phase 8: Code Modernization

8.1 Go Version Update

Action Items:

• Update to Go 1.21+ (for slog support)
• Use new language features where appropriate
• Update build constraints
• Test on new Go version

8.2 Code Improvements

Action Items:

• Replace github.com/pkg/errors with standard library error wrapping
• Use errors.Is() and errors.As() for error checking
• Replace github.com/golang/protobuf with google.golang.org/protobuf
• Add context.Context to long-running operations
• Improve error messages with more context
• Add structured logging fields

8.3 Performance Improvements

Action Items:

• Add benchmarks for critical paths
• Profile memory allocations
• Optimize hot paths
• Add performance regression tests

Phase 9: Security Enhancements

9.1 Security Audit

Action Items:

• Run security scanners (gosec, govulncheck)
• Review cryptographic implementations
• Check for common vulnerabilities
• Add security policy (SECURITY.md)
• Set up security advisories

9.2 Secure Coding Practices

Action Items:

• Add input validation
• Improve error handling
• Add rate limiting where appropriate
• Document security considerations

Appendix: Recommended .golangci.yml

run:
  timeout: 5m
  tests: true
  modules-download-mode: readonly

linters:
  enable:
    - errcheck
    - gosimple
    - govet
    - ineffassign
    - staticcheck
    - unused
    - gofmt
    - goimports
    - misspell
    - gocritic
    - revive
    - gosec
    - bodyclose
    - noctx
    - unparam
    - unconvert
    - goconst
    - gocyclo
    - dupl
    - prealloc
    - exportloopref
    - nilerr
    - nilnil
    - nolintlint

linters-settings:
  errcheck:
    check-type-assertions: true
    check-blank: true
  
  govet:
    check-shadowing: true
  
  gocyclo:
    min-complexity: 15
  
  dupl:
    threshold: 100
  
  goconst:
    min-len: 3
    min-occurrences: 3

issues:
  exclude-rules:
    - path: _test\.go
      linters:
        - dupl
        - gosec
        - goconst

[adecaro]

Linked Issues:

• use flogging from fabric-lib-go #55

[Soumya8898]

Thanks @adecaro for publishing the issue here, So as I discussed I will proceed with implementing step wise with discussing the plan on a very higher level and individual PR for each step. Can you assign this to me?

[adecaro]

Go ahead @Soumya8898 , thanks a lot for your effort 🙏

[adecaro]

Hi @Soumya8898 , just a ping to check if you need any feedback. Thanks 🙏

[Soumya8898]

Hi @adecaro Thanks for the check, I am currently implementing Phase-1, will post the implementation steps along with some of my doubts.