[Feat] add flow chain

[tanut32039]

No description provided.

[Copilot]

Pull request overview

Adds Flow-chain signing support to the FKMS service by introducing Flow transaction encoding/hashing, P-256 signing in the local signer, and the corresponding gRPC API surface.

Changes:

• Add Flow chain type across config and proto, plus a new SignFlow RPC implemented in the server.
• Introduce Flow transaction codec utilities (RLP payload/envelope encoding and SHA3-256 envelope hashing).
• Extend LocalSigner to support P-256 ECDSA and require a Flow address_override for signer identity.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
src/signer/signature/ecdsa.rs	Adds P-256 signature type + serialization via Signature trait.
src/signer/local.rs	Adds Flow/P-256 signing path, address_override handling, generic public key encoding, and tests.
src/signer/aws.rs	Restricts AWS signer initialization to EVM only and removes XRPL address derivation.
src/server/service.rs	Adds sign_flow RPC handler and Flow chain type mapping for signer address listing.
src/config/signer/local.rs	Adds Flow to ChainType and an optional address_override field to local signer configs.
src/commands/utils.rs	Threads address_override from config into LocalSigner::new.
src/codec/flow.rs	New Flow codec module for payload RLP, envelope hash, and signed transaction encoding (+ tests).
src/codec.rs	Exposes the new flow codec module.
proto/fkms/v1/signer.proto	Adds Flow chain enum value, Flow signer payload, and SignFlow RPC.
Cargo.toml / Cargo.lock	Adds p256, ecdsa, and elliptic-curve dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

encode_signed_transaction accepts any signature: &[u8] but Flow expects a raw P-256 signature as 64 bytes (r||s). Consider validating signature.len() == 64 (and erroring otherwise) to avoid producing malformed transactions when an unexpected signer implementation is used.

Suggested change

	) -> anyhow::Result<Vec<u8>> {
	) -> anyhow::Result<Vec<u8>> {
	// Flow expects raw P-256 signatures as 64 bytes (r || s).
	if signature.len() != 64 {
	return Err(anyhow!(
	"invalid Flow signature length: expected 64 bytes (r||s), got {} bytes",
	signature.len()
	));
	}

[Copilot]

Flow address parsing in the codec accepts addresses with or without a 0x prefix, but address_override validation requires the prefix and exactly 16 hex characters. This mismatch can be confusing for operators. Consider accepting both forms (and normalizing to a canonical form, e.g. 0x + lowercase) before storing/using the override.

[Copilot]

ChainType::Icon creates signing_key using the generic ecdsa::SigningKey alias (EcdsaSigningKey::from_slice), but then stores it in SigningKey::EcdsaK256, which expects a k256::ecdsa::SigningKey. This won’t type-check (and the curve type for ecdsa::SigningKey<C> can’t be inferred here). Use K256SigningKey::from_slice(private_key)? for ICON as well (or specify the curve type explicitly) so the enum variant matches the constructed key.

Suggested change

	let signing_key = EcdsaSigningKey::from_slice(private_key)?;
	let signing_key = K256SigningKey::from_slice(private_key)?;