Skip to content

Experiment with ifdef-guarded changes to xdr.#601

Open
leighmcculloch wants to merge 2 commits intomainfrom
xdrifdef
Open

Experiment with ifdef-guarded changes to xdr.#601
leighmcculloch wants to merge 2 commits intomainfrom
xdrifdef

Conversation

@leighmcculloch
Copy link
Member

@leighmcculloch leighmcculloch commented Feb 17, 2026

What

Experiment with ifdef-guarded changes to xdr.

Why

For:

Copilot AI review requested due to automatic review settings February 17, 2026 19:38
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces a build tag system to support experimental XDR changes from go-stellar-sdk. The changes allow the codebase to conditionally compile with different XDR types based on build tags (xdr_hello_world, xdr_ledger_entry_ext_v2, xdr_transaction_meta_v5), enabling experimentation with future protocol changes without breaking existing builds.

Changes:

  • Updated go-stellar-sdk dependency to a version with ifdef-guarded XDR types
  • Implemented build tag infrastructure in Makefile and CI/CD workflows
  • Refactored operation type validation and transaction metadata handling to use build-tag-specific helper functions

Reviewed changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated no comments.

Show a summary per file
File Description
go.mod, go.sum Updated go-stellar-sdk and golang.org/x dependencies
Makefile Added XDR_BUILD_TAGS_ALL variable and GOTAGS/GOLANGCI_LINT_TAGS support for conditional compilation
.github/workflows/stellar-rpc.yml Added matrix build to test with and without XDR tags, plus verification step
.github/workflows/golang.yml Added golangci-lint run with XDR build tags
cmd/stellar-rpc/internal/preflight/preflight*.go Split operation validation into build-tag-specific files
cmd/stellar-rpc/internal/methods/simulate_transaction*.go Split operation validation into build-tag-specific files
cmd/stellar-rpc/internal/feewindow/feewindow*.go Refactored fee extraction and operation type checking with build tags
cmd/stellar-rpc/internal/integrationtest/*.go Extracted helper functions for transaction metadata handling with build tag variants

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@socket-security
Copy link

socket-security bot commented Feb 17, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgolang/​github.com/​stellar/​go-stellar-sdk@​v0.0.0-20251208182759-7568ee53f4fd ⏵ v0.0.0-20260216044013-b2a189759a2c75 +1100100100100

View full report

@socket-security
Copy link

socket-security bot commented Feb 17, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: golang golang.org/x/crypto under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/go-stellar-sdk@v0.0.0-20260216044013-b2a189759a2cgolang/github.com/fsouza/fake-gcs-server@v1.49.2golang/github.com/prometheus/client_golang@v1.23.2golang/golang.org/x/crypto@v0.45.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/crypto@v0.45.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/net under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/go-stellar-sdk@v0.0.0-20260216044013-b2a189759a2cgolang/github.com/fsouza/fake-gcs-server@v1.49.2golang/github.com/prometheus/client_golang@v1.23.2golang/golang.org/x/net@v0.47.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/net@v0.47.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/sync under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/go-stellar-sdk@v0.0.0-20260216044013-b2a189759a2cgolang/github.com/fsouza/fake-gcs-server@v1.49.2golang/github.com/prometheus/client_golang@v1.23.2golang/github.com/creachadair/jrpc2@v1.3.3golang/golang.org/x/sync@v0.18.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/sync@v0.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/sys under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/go-stellar-sdk@v0.0.0-20260216044013-b2a189759a2cgolang/github.com/fsouza/fake-gcs-server@v1.49.2golang/github.com/prometheus/client_golang@v1.23.2golang/github.com/sirupsen/logrus@v1.9.3golang/golang.org/x/sys@v0.38.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/sys@v0.38.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: golang golang.org/x/text under BSD-3-Clause

Location: Package overview

From: ?golang/github.com/stellar/go-stellar-sdk@v0.0.0-20260216044013-b2a189759a2cgolang/github.com/fsouza/fake-gcs-server@v1.49.2golang/github.com/prometheus/client_golang@v1.23.2golang/golang.org/x/text@v0.31.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/text@v0.31.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leighmcculloch