feat: its add trusted chain

[benjamin852]

why?

cumbersome to run add trusted chain for each edge contract

completing task originally started in this #827

• Task: ?

how?

• add command for running add trusted chain for all ITS edge contracts

• added check in sui scripts if chain is already trusted to return, to avoid the contract reverting

• ...

testing

confirmed was able to run the existing add trusted chain command for each chain by calling new command, which executed them all and produced live txs on devnet-ben.

• ...

---

Note

Adds a new CLI command to set trusted chains across all ITS chains (EVM, Sui, Stellar), with Sui deduping already-trusted chains, plus minor exports and a small CLI arg fix.

• CLI (common/its):
  • Add set-trusted-chains-all command to apply trusted chains across EVM, sui, and stellar using chain-specific helpers; requires --evmPrivateKey, --suiPrivateKey, --stellarPrivateKey, supports -y, --suiSignatureScheme, --suiPrivateKeyType.
  • Fix encode-recipient command signature (<destination-address>).
• Sui:
  • addTrustedChains now lists and skips already trusted chains; logs chains to add.
  • Export addTrustedChains, removeTrustedChains, setFlowLimits.
• Stellar:
  • Export addTrustedChains, removeTrustedChains, manageTrustedChains.
• EVM:
  • Export processCommand for reuse in common CLI.

^{Written by Cursor Bugbot for commit a082ec9. This will update automatically on new commits. Configure here.}

[greptile-apps]

Greptile Overview

Summary

This PR adds a convenient set-trusted-chains-all command to configure trusted chains across all ITS edge contracts (EVM, Sui, and Stellar) in a single operation. This eliminates the need to manually run separate commands for each chain type.

Key Changes:

• Added orchestration function in common/its.js that accepts separate private keys for each chain type
• Sui implementation now checks for already-trusted chains before transaction to avoid contract reverts
• Fixed typo in encode-recipient command (missing closing >)
• Exported necessary functions from chain-specific modules

Issues Found:

• The EVM script doesn't call parseTrustedChains() to expand the 'all' keyword, so it will attempt to literally set 'all' as a chain name instead of expanding it to all ITS edge chains
• Missing import of parseTrustedChains in evm/its.js

Confidence Score: 2/5

• This PR has a critical logic bug that will cause the EVM chain configuration to fail
• The EVM implementation is missing the crucial parseTrustedChains() call, which means when 'all' is passed, it won't be expanded to the list of ITS edge chains. Instead, it will literally try to set 'all' as a trusted chain name, causing incorrect behavior. The Sui and Stellar implementations handle this correctly.
• evm/its.js requires immediate attention to add parseTrustedChains() import and usage

Important Files Changed

File Analysis

Filename	Score	Overview
common/its.js	3/5	Added set-trusted-chains-all command to orchestrate setting trusted chains across all EVM, Sui, and Stellar chains. Includes typo fix in encode-recipient command. Logic depends on EVM script properly handling 'all' keyword expansion.
evm/its.js	1/5	Exported processCommand function for use by common script. Missing parseTrustedChains import and usage - 'all' keyword won't be expanded to all ITS edge chains.
stellar/its.js	5/5	Exported functions for use by common script. Already has duplicate chain checking in place.
sui/its.js	5/5	Added check to filter already trusted chains before transaction, avoiding contract revert. Exported functions for use by common script.

Sequence Diagram

sequenceDiagram
    participant User
    participant CommonITS as common/its.js
    participant EVMITS as evm/its.js
    participant SuiITS as sui/its.js
    participant StellarITS as stellar/its.js
    participant Contracts as ITS Contracts

    User->>CommonITS: set-trusted-chains-all
    Note over CommonITS: Receives private keys for<br/>EVM, Sui, and Stellar
    
    CommonITS->>EVMITS: callEvmSetTrustedChains()
    Note over EVMITS: Filter EVM chains with ITS
    loop For each EVM chain
        EVMITS->>EVMITS: processCommand('set-trusted-chains', ['all'])
        Note over EVMITS: Should expand 'all' to ITS edge chains<br/>(currently missing parseTrustedChains)
        EVMITS->>Contracts: multicall(setTrustedChain/setTrustedAddress)
    end
    EVMITS-->>CommonITS: Complete
    
    CommonITS->>SuiITS: callSuiAddTrustedChains()
    SuiITS->>SuiITS: parseTrustedChains(['all'])
    SuiITS->>SuiITS: listTrustedChains()
    SuiITS->>SuiITS: Filter already trusted chains
    SuiITS->>Contracts: add_trusted_chains(filtered list)
    SuiITS-->>CommonITS: Complete
    
    CommonITS->>StellarITS: callStellarAddTrustedChains()
    StellarITS->>StellarITS: parseTrustedChains(['all'])
    loop For each chain
        StellarITS->>Contracts: is_trusted_chain()
        Contracts-->>StellarITS: boolean
        alt Not already trusted
            StellarITS->>Contracts: set_trusted_chain()
        else Already trusted
            StellarITS->>StellarITS: Skip with warning
        end
    end
    StellarITS-->>CommonITS: Complete
    
    CommonITS-->>User: All chains configured

Loading

Additional Comments (2)

1. evm/its.js, line 459-460 (link)

   logic: When args contains ['all'], it won't be expanded to all ITS edge chains. Need to call parseTrustedChains(chains, args) to handle the 'all' case properly.

2. evm/its.js, line 30-37 (link)

   logic: Need to import parseTrustedChains to properly expand the 'all' keyword in the set-trusted-chains command.

_{4 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

logic: Need to export parseTrustedChains from ../common/utils to support the 'all' chains expansion in set-trusted-chains command.

Suggested change

	program.parse();
	module.exports = { its: main, getDeploymentSalt, handleTx, getTrustedChains, processCommand, parseTrustedChains };