From f67734c0e1c44c841d50a2b715dc0acbc9c482c4 Mon Sep 17 00:00:00 2001 From: Serhii Volovyk Date: Fri, 20 Mar 2026 13:10:18 +0200 Subject: [PATCH 1/4] set min T in tests to 1 pair --- integration-tests/src/lib.rs | 6 +++--- integration-tests/src/mpc_fixture/builder.rs | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/integration-tests/src/lib.rs b/integration-tests/src/lib.rs index 4b8efce2..5b381047 100644 --- a/integration-tests/src/lib.rs +++ b/integration-tests/src/lib.rs @@ -74,13 +74,13 @@ impl Default for NodeConfig { max_concurrent_generation: 16, max_concurrent_introduction: 2, triple: TripleConfig { - min_triples: 16, - max_triples: 320, + min_triples: 1, + max_triples: 1 * 3 * 4, // min per node * num nodes * 4 (safety factor) ..Default::default() }, presignature: PresignatureConfig { min_presignatures: 16, - max_presignatures: 320, + max_presignatures: 16 * 3 * 4, // min per node * num nodes * 4 (safety factor) ..Default::default() }, ..Default::default() diff --git a/integration-tests/src/mpc_fixture/builder.rs b/integration-tests/src/mpc_fixture/builder.rs index 7a4617e7..1c22df16 100644 --- a/integration-tests/src/mpc_fixture/builder.rs +++ b/integration-tests/src/mpc_fixture/builder.rs @@ -112,8 +112,8 @@ impl FixtureConfig { num_nodes, use_preshared_triples: false, presignature_stockpile: false, - node_min_triples: 10, - network_max_triples: 10 * num_nodes * 4, + node_min_triples: 1, + network_max_triples: 1 * num_nodes * 4, node_min_presignatures: 10, network_max_presignatures: 10 * num_nodes * 4, signature_timeout_ms: 10_000, From d91890d516f15196d6fe245cd9e5a860db06f605 Mon Sep 17 00:00:00 2001 From: Serhii Volovyk Date: Fri, 20 Mar 2026 17:44:15 +0200 Subject: [PATCH 2/4] clippy --- integration-tests/src/lib.rs | 2 +- integration-tests/src/mpc_fixture/builder.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-tests/src/lib.rs b/integration-tests/src/lib.rs index 5b381047..cb1c2f57 100644 --- a/integration-tests/src/lib.rs +++ b/integration-tests/src/lib.rs @@ -75,7 +75,7 @@ impl Default for NodeConfig { max_concurrent_introduction: 2, triple: TripleConfig { min_triples: 1, - max_triples: 1 * 3 * 4, // min per node * num nodes * 4 (safety factor) + max_triples: 3 * 4, // min per node * num nodes * 4 (safety factor) ..Default::default() }, presignature: PresignatureConfig { diff --git a/integration-tests/src/mpc_fixture/builder.rs b/integration-tests/src/mpc_fixture/builder.rs index 1c22df16..439cef08 100644 --- a/integration-tests/src/mpc_fixture/builder.rs +++ b/integration-tests/src/mpc_fixture/builder.rs @@ -113,7 +113,7 @@ impl FixtureConfig { use_preshared_triples: false, presignature_stockpile: false, node_min_triples: 1, - network_max_triples: 1 * num_nodes * 4, + network_max_triples: num_nodes * 4, node_min_presignatures: 10, network_max_presignatures: 10 * num_nodes * 4, signature_timeout_ms: 10_000, From 6d1a95a0452c32d6c9ae46ab4d57b99e7f528356 Mon Sep 17 00:00:00 2001 From: Serhii Volovyk Date: Fri, 27 Mar 2026 10:10:13 +0200 Subject: [PATCH 3/4] set default presignatures to 1 --- integration-tests/src/lib.rs | 4 ++-- integration-tests/src/mpc_fixture/builder.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/integration-tests/src/lib.rs b/integration-tests/src/lib.rs index cb1c2f57..05122a3e 100644 --- a/integration-tests/src/lib.rs +++ b/integration-tests/src/lib.rs @@ -79,8 +79,8 @@ impl Default for NodeConfig { ..Default::default() }, presignature: PresignatureConfig { - min_presignatures: 16, - max_presignatures: 16 * 3 * 4, // min per node * num nodes * 4 (safety factor) + min_presignatures: 1, + max_presignatures: 3 * 4, // min per node * num nodes * 4 (safety factor) ..Default::default() }, ..Default::default() diff --git a/integration-tests/src/mpc_fixture/builder.rs b/integration-tests/src/mpc_fixture/builder.rs index 439cef08..c5b1b924 100644 --- a/integration-tests/src/mpc_fixture/builder.rs +++ b/integration-tests/src/mpc_fixture/builder.rs @@ -114,8 +114,8 @@ impl FixtureConfig { presignature_stockpile: false, node_min_triples: 1, network_max_triples: num_nodes * 4, - node_min_presignatures: 10, - network_max_presignatures: 10 * num_nodes * 4, + node_min_presignatures: 1, + network_max_presignatures: num_nodes * 4, signature_timeout_ms: 10_000, presignature_timeout_ms: 10_000, triple_timeout_ms: min_to_ms(10), From 014b88b74a4042723c338e4d5b7dd14d5f88072a Mon Sep 17 00:00:00 2001 From: Serhii Volovyk Date: Fri, 27 Mar 2026 13:36:33 +0200 Subject: [PATCH 4/4] Remove .github/copilot-instructions.md from version control (accidental commit) --- .github/copilot-instructions.md | 135 -------------------------------- 1 file changed, 135 deletions(-) delete mode 100644 .github/copilot-instructions.md diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md deleted file mode 100644 index da8300b5..00000000 --- a/.github/copilot-instructions.md +++ /dev/null @@ -1,135 +0,0 @@ -# Copilot Instructions for sig-net/mpc - -## Project Overview - -This repository implements **Sig.Network MPC** — a threshold Multi-Party Computation service that produces ECDSA signatures via smart contracts. Nodes collaboratively sign arbitrary payloads using the [cait-sith](https://github.com/sig-net/cait-sith) library; no single party ever holds the full private key. Signatures derive and control accounts on foreign chains (Ethereum, Bitcoin, Solana, Cosmos, Substrate, etc.). - -**Workspace version**: 1.11.0 (all crates share this version). -**Protocol version**: `PROTOCOL_VERSION = 1` (in `chain-signatures/node/src/lib.rs`). - -## Repository Layout - -``` -chain-signatures/ - contract/ # NEAR smart contract (Rust/WASM) — orchestrates signing and node membership - contract-eth/ # Ethereum smart contract (Solidity/Hardhat) - contract-sol/ # Solana program (Anchor) — sign/respond endpoints + indexer event types - crypto/ # Low-level MPC cryptographic helpers (cait-sith / k256 wrappers) - keys/ # HPKE encryption (X25519-HkdfSha256 + ChaCha20Poly1305) for inter-node messages - node/ # MPC node binary — the core service - primitives/ # Shared types used across crates (WASM-compatible) -integration-tests/ # End-to-end tests spinning up a local MPC cluster (Docker/Testcontainers) -doc/ # Architecture docs and specifications -infra/ # Terraform modules and deployment scripts -``` - -## Architecture Summary - -- **Smart Contracts** (NEAR, Ethereum, Solana): accept `sign` requests from users and `respond` calls from MPC nodes. Manage node membership via `vote_*` methods. -- **MPC Nodes** (`chain-signatures/node`): index sign requests from multiple chains, coordinate triple and pre-signature generation, collaboratively produce the final signature, and submit it back to the contract. -- **Cryptographic pipeline**: Triple Generation → Pre-Signature Generation → Signature. Triples and pre-signatures are stockpiled ahead of time to reduce signing latency. -- **Multi-chain indexers**: Each supported chain has its own indexer module: - - `indexer.rs` — NEAR (polls contract for sign requests) - - `indexer_eth/` — Ethereum (JSON-RPC or Helios light client) - - `indexer_sol.rs` — Solana (RPC + PubsubClient WebSocket) - - `indexer_hydration.rs` — Substrate/Hydration -- **Networking**: Nodes maintain a mesh (`mesh/` module), tracking each peer's connection status and a share-holder directory for participant selection. -- **HTTP API**: `axum`-based web server (`web/` module) exposing node status, metrics, and debug endpoints. - -For the authoritative protocol spec see `doc/mpc_node_specification.md`; for architecture overview see `doc/ARCHITECTURE.md`. - -## Building - -```bash -# Build all Rust crates -cargo build - -# Build the NEAR WASM contract (pinned Rust 1.81.0 + wasm32-unknown-unknown target) -./build-contract.sh - -# Build the Ethereum contract -cd chain-signatures/contract-eth && npm i && npx hardhat compile -``` - -## Testing - -```bash -# Unit tests (all crates except integration-tests) -cargo test --workspace --exclude integration-tests - -# Integration tests (requires Docker; redis:7.4.2 image pulled automatically) -cargo test -p integration-tests --jobs 1 -- --test-threads 1 - -# Integration tests inside Docker -cargo test -p integration-tests --features docker-test - -# Ethereum contract unit tests -cd chain-signatures/contract-eth && npx hardhat test -``` - -Integration tests depend on `mpc_node` built with features `test-feature` and `debug-page`. - -## Code Style and Conventions - -- Rust edition: **2021** for all crates. -- rustfmt edition: **2024** (see `rustfmt.toml`). -- All compiler warnings denied: `RUSTFLAGS=-D warnings`. -- Format with `cargo fmt`; CI enforces `cargo fmt -- --check`. -- Lint with `cargo clippy --tests -- -Dclippy::all`. -- Run `cargo audit` to check for known vulnerabilities. -- Use `tracing` (not `println!` / `log`) for diagnostic output. -- Prefer `anyhow::Result` for application-level errors; use `thiserror` for library/crate-level error types. -- Async runtime: **Tokio** with `features = ["full"]`. - -## Storage - -The node uses multiple storage backends: - -| Backend | What it stores | Config | -|---------|---------------|--------| -| **Redis** (`deadpool-redis`) | Triples, pre-signatures, indexer checkpoints | `--redis-url` / `MPC_REDIS_URL` | -| **GCP Secret Manager** | Node's secret key share (production) | `--sk-share-secret-id` / `MPC_SK_SHARE_SECRET_ID` + `--gcp-project-id` / `MPC_GCP_PROJECT_ID` | -| **Disk** | Node's secret key share (dev/test) | `--sk-share-local-path` / `MPC_SK_SHARE_LOCAL_PATH` | -| **In-memory** | Fallback for tests when no Redis/GCP is configured | Automatic | - -Redis keys are namespaced as `{prefix}:{STORAGE_VERSION}:{account_id}`. The current `STORAGE_VERSION` is `"v11"` (in `chain-signatures/node/src/storage/mod.rs`); it is bumped on breaking schema changes to invalidate stale data. - -Storage modules live in `chain-signatures/node/src/storage/`: `triple_storage.rs`, `presignature_storage.rs`, `protocol_storage.rs`, `secret_storage.rs`, `checkpoint_storage.rs`. - -## Key Patterns - -- **Protocol ownership**: Every protocol invocation (triple, pre-signature, signature) has exactly one `Owner` node. Other participants follow the owner's lead and must not make unilateral decisions about a non-owned invocation. -- **Non-reuse invariant**: Triples and pre-signatures must never be used more than once. Code that selects or consumes them must transition state atomically and persistently. -- **Event-sourcing for recovery**: While a protocol is `Running`, all received messages are persisted before being applied so in-memory state can be replayed after a crash. -- **State sync**: Runs on every new peer connection. The owner sends its directory of held inputs; the peer responds with any that are missing so both sides reconcile. -- **Key derivation**: Foreign-chain account derivation follows NEAR's chain-key derivation spec (see `doc/ACCOUNT_DERIVATION.md`). - -## Important Files - -| File | Purpose | -|------|---------| -| `chain-signatures/node/src/protocol/` | Core MPC protocol state machines (`triple.rs`, `presignature.rs`, `signature.rs`, `state.rs`, `consensus.rs`) | -| `chain-signatures/node/src/indexer.rs` | NEAR chain indexer for sign requests | -| `chain-signatures/node/src/indexer_eth/` | Ethereum indexer (RPC + Helios light client) | -| `chain-signatures/node/src/indexer_sol.rs` | Solana indexer (RPC + WebSocket) | -| `chain-signatures/node/src/indexer_hydration.rs` | Substrate/Hydration indexer | -| `chain-signatures/node/src/mesh/` | P2P mesh networking and peer state tracking | -| `chain-signatures/node/src/web/` | axum HTTP API (status, metrics, debug) | -| `chain-signatures/node/src/storage/` | All storage backends and `ProtocolStorage` | -| `chain-signatures/contract/src/lib.rs` | NEAR contract entry points | -| `chain-signatures/contract-sol/src/lib.rs` | Solana Anchor program (sign, respond, respond_bidirectional) | -| `chain-signatures/crypto/` | Cryptographic primitives (cait-sith / k256 wrappers) | -| `chain-signatures/keys/src/hpke.rs` | HPKE encryption for inter-node messages | -| `integration-tests/src/` | Cluster setup helpers and test utilities | -| `doc/mpc_node_specification.md` | Authoritative distributed-algorithm spec | -| `doc/ARCHITECTURE.md` | Architecture overview | - -## CI Workflows - -| Workflow | Trigger | What it does | -|----------|---------|-------------| -| `unit.yml` | push to main/develop | Compile contract (WASM), compile ETH contract, cargo check/fmt/clippy/test/audit | -| `integration.yml` | push to develop | Full cluster integration tests in Docker | -| `prod-compatibility.yml` | PR / manual | Cross-version compatibility tests | -| `nightly.yml` | scheduled | Nightly regression suite | -| `k6-ci-loadtest.yml` | manual | k6-based load tests |