Final tidy #7515
Merged
Final tidy #7515
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR performs comprehensive clang-tidy cleanup following PR #7508. The key changes include:
- Critical fix: Corrected commit secret derivation in
ledger_secret.hto use the full label instead of only 8 characters (though noted as having no security consequence in current usage) - API improvement: Changed HMAC API to accept
std::spaninstead ofstd::vectorfor better flexibility - Code quality improvements: Applied extensive clang-tidy suggestions including proper initialization, const correctness, [[nodiscard]] attributes, simplified control flow, and modern C++ idioms
Reviewed changes
Copilot reviewed 72 out of 72 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/node/ledger_secret.h | Fixed commit secret label usage (critical bug fix) and changed to use std::span |
| src/crypto/hmac.cpp | Updated HMAC implementation to accept std::span parameters |
| include/ccf/crypto/hmac.h | Changed HMAC API signature from vector to span |
| doc/build_apps/crypto.rst | Updated documentation to reflect new HMAC signature |
| .clang-tidy | Simplified HeaderFilterRegex pattern |
| src/node/*.h | Applied clang-tidy cleanups: initialization, const correctness, [[nodiscard]], std::move() |
| src/kv/*.h | Applied similar cleanups to KV store components |
| src/js/*.h | Applied cleanups to JavaScript integration components |
| Multiple other files | Extensive cleanup including: default member initialization, simplified else-after-return, range-based loops, proper casting, override specifiers |
eddyashton
approved these changes
Dec 10, 2025
Member
eddyashton
left a comment
eddyashton
left a comment
There was a problem hiding this comment.
I've skimmed this up and down and side-to-side a few times until my eyes glaze over, and it "looks good to me" (for fuzzy values of "looks", "good", and "me"). Hurrah for never thinking about tidy ever again!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow up to #7508 and hopefully last round of cleanups for clang-tidy.
This turned up an unfortunate and embarrassing mistake in the commit evidence derivation (
ledger_secret.h), where we only use the first 8 characters of the label. This is luckily of no security consequence, since we only use this one derivation at the moment, but I have added comments to highlight this if we ever add more.Contains a very small adjustment in the public hmac API (vector to span) that I claim is small enough no to warrant a changelog entry (it is API compatible for all plausible API usage).