Sync to kth/0.81.0 + explicit_bzero on sensitive wallet wrappers

[fpelliccioni]

Summary

• Bumps conan dep to kth/0.81.0 to pick up the C-API change that passes value_struct params by const* in the safe variant (refactor(c-api): value_struct params by const* in the safe variant kth#285).
• Regenerated py-native wrappers forward &local to every kth_xxx_t const* entry point.
• Adds a portable kth_py_native_explicit_bzero(void*, size_t) helper (explicit_bzero on glibc/BSD/macOS, SecureZeroMemory on Windows, volatile-loop fallback).
• Wallet wrappers for ec_private, hd_private, wallet_data now scrub their stack-local value_struct buffers after the C-API has consumed them — both input ctors/setters and output getters.

Dependency

• Requires refactor(c-api): value_struct params by const* in the safe variant kth#285 merged and kth/0.81.0 published to the conan remote before CI can resolve the dep.

Test plan

• 171 tests green locally against the local kth/0.81.0 package.
• CI rerun after kth/0.81.0 hits the remote.

Summary by CodeRabbit

Release Notes

• Dependencies

  • Updated Knuth library to version 0.81.0 for improved performance and stability.

• Security

  • Enhanced memory handling for sensitive cryptographic data (keys, seeds, hashes) to prevent information leakage through memory residue.

• Documentation

  • Clarified internal references to wallet security utilities for better code maintainability.

[coderabbitai]

Warning

Rate limit exceeded

@fpelliccioni has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 51 minutes and 50 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 51 minutes and 50 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 33264636-a5bf-4995-b04b-65990f74e0bc

📥 Commits

Reviewing files that changed from the base of the PR and between 1e142ef and 8570ba0.

📒 Files selected for processing (18)

• conanfile.py
• include/kth/py-native/utils.h
• src/chain/double_spend_proof_spender.cpp
• src/chain/get_blocks.cpp
• src/chain/get_headers.cpp
• src/chain/header.cpp
• src/chain/output_point.cpp
• src/chain/point.cpp
• src/chain/script.cpp
• src/chain/stealth_compact.cpp
• src/chain/token_data.cpp
• src/chain/transaction.cpp
• src/wallet/ec_private.cpp
• src/wallet/ec_public.cpp
• src/wallet/hd_private.cpp
• src/wallet/hd_public.cpp
• src/wallet/payment_address.cpp
• src/wallet/wallet_data.cpp

📝 Walkthrough

Walkthrough

This PR updates the Conan dependency version to kth/0.81.0 and systematically modifies Python C-API wrapper functions across chain and wallet modules to pass hash and struct objects by pointer instead of by value, adding secure memory zeroing in sensitive wallet operations.

Changes

Cohort / File(s)	Summary
Dependency & Documentation conanfile.py, include/kth/py-native/utils.h	Updated Knuth dependency from v0.80.0 to v0.81.0; added clarifying comment that wallet-wrapper secure-zero helper has moved to C-API.
Chain Module: Hash Pointer Passing src/chain/double_spend_proof_spender.cpp, src/chain/get_blocks.cpp, src/chain/get_headers.cpp, src/chain/header.cpp, src/chain/output_point.cpp, src/chain/point.cpp, src/chain/transaction.cpp	Refactored setter/constructor calls to pass hash objects by pointer (&hash, &value, &stop) instead of by value across multiple chain binding functions.
Chain Module: Pattern Functions src/chain/script.cpp, src/chain/stealth_compact.cpp, src/chain/token_data.cpp	Updated script pattern and token data functions to pass hash/shorthash parameters by pointer; added kth_core_secure_zero for sensitive hash data in endorsement creation.
Wallet Module: Constructor & Accessor Updates src/wallet/ec_private.cpp, src/wallet/ec_public.cpp, src/wallet/hd_private.cpp, src/wallet/hd_public.cpp, src/wallet/payment_address.cpp	Modified wallet constructors to accept hash/key structs by pointer and added secure zeroing of sensitive buffers after operations; updated accessors to zeroize returned data before returning to Python.
Wallet Module: Data Accessors src/wallet/wallet_data.cpp	Updated encrypted-seed getter/setter to pass by pointer and added kth_core_secure_zero cleanup for sensitive encrypted data.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• k-nuth/py-native#3: Modifies Python C-extension wrapper call sites with hash argument passing changes and secure-zero handling similar to this PR.
• k-nuth/py-native#5: Updates the same Python wrapper files (header.cpp, get_blocks, output_point, script, wallet modules) to adapt how kth hash/structs are passed in alignment with C API evolution.
• k-nuth/py-native#6: Reshaped the generated wrapper functions that this PR modifies (double_spend_proof_spender, stealth_compact, token_data, ec/hd files) to support the pointer-based argument passing pattern introduced here.

Poem

🐰 Hash structs take the safer road,
By pointer now, not cargo load,
Secure zeros wipe the trace,
Memory cleaned without a trace,
Knotted cryptography—our place! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the two main changes: updating to kth/0.81.0 and adding secure zero-clearing on sensitive wallet wrappers, which align with the PR's objectives.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/sync-kth-0.81

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/wallet/hd_private.cpp (1)

294-303: ⚠️ Potential issue | 🟠 Major

Drop const qualifier from result variables to fix undefined behavior in secure-zero operations.

Writing to auto const result objects via cast-away-const pointers is undefined behavior per C++[dcl.type.cv]. The pattern appears in four hd_private.cpp getters (lines 299, 310, 394, 414) and wallet_data.cpp::encrypted_seed (line 133): each declares a const local, then calls kth_core_secure_zero((void*)&result, ...) to overwrite it—a UB violation that allows the compiler to optimize away the zeroing entirely, defeating the security guarantee.

Change auto const result = ... to auto result = ... in:

• kth_py_native_wallet_hd_private_secret (line 299)
• kth_py_native_wallet_hd_private_to_hd_key (line 310)
• kth_py_native_wallet_hd_private_chain_code (line 394)
• kth_py_native_wallet_hd_private_point (line 414)
• kth_py_native_wallet_wallet_data_encrypted_seed (wallet_data.cpp, line 133)

Suggested changes

-    auto const result = kth_wallet_hd_private_secret(self_handle);
+    auto result = kth_wallet_hd_private_secret(self_handle);

Apply identical change to the four other affected functions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/wallet/hd_private.cpp` around lines 294 - 303, The local variables
declared as "auto const result" in the HD-private getters are later passed to
kth_core_secure_zero via a casted pointer, which is undefined behavior; change
the declarations to non-const (e.g., replace "auto const result = ..." with
"auto result = ...") in kth_py_native_wallet_hd_private_secret,
kth_py_native_wallet_hd_private_to_hd_key,
kth_py_native_wallet_hd_private_chain_code,
kth_py_native_wallet_hd_private_point and similarly in wallet_data's
encrypted_seed so the secure-zero call legally overwrites the stack object.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/wallet/hd_private.cpp`:
- Around line 294-303: The local variables declared as "auto const result" in
the HD-private getters are later passed to kth_core_secure_zero via a casted
pointer, which is undefined behavior; change the declarations to non-const
(e.g., replace "auto const result = ..." with "auto result = ...") in
kth_py_native_wallet_hd_private_secret,
kth_py_native_wallet_hd_private_to_hd_key,
kth_py_native_wallet_hd_private_chain_code,
kth_py_native_wallet_hd_private_point and similarly in wallet_data's
encrypted_seed so the secure-zero call legally overwrites the stack object.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3450e575-9d98-4279-9fab-0e7fc40e87a5

📥 Commits

Reviewing files that changed from the base of the PR and between 14ebe39 and 1e142ef.

📒 Files selected for processing (18)

• conanfile.py
• include/kth/py-native/utils.h
• src/chain/double_spend_proof_spender.cpp
• src/chain/get_blocks.cpp
• src/chain/get_headers.cpp
• src/chain/header.cpp
• src/chain/output_point.cpp
• src/chain/point.cpp
• src/chain/script.cpp
• src/chain/stealth_compact.cpp
• src/chain/token_data.cpp
• src/chain/transaction.cpp
• src/wallet/ec_private.cpp
• src/wallet/ec_public.cpp
• src/wallet/hd_private.cpp
• src/wallet/hd_public.cpp
• src/wallet/payment_address.cpp
• src/wallet/wallet_data.cpp

[fpelliccioni]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[fpelliccioni]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.