Use Signer trait for channel close signer and fee payer signer#159
Open
takasaki404 wants to merge 4 commits intotempoxyz:mainfrom
Open
Use Signer trait for channel close signer and fee payer signer#159takasaki404 wants to merge 4 commits intotempoxyz:mainfrom
Signer trait for channel close signer and fee payer signer#159takasaki404 wants to merge 4 commits intotempoxyz:mainfrom
Conversation
takasaki404
requested review from
Slokh,
brendanjryan,
mattsse and
onbjerg
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Server-side Tempo signing (
close_signerinSessionMethod,fee_payer_signerinChargeMethod) is hardcoded toalloy::signers::local::PrivateKeySigner. This forces operators to supply raw private keys directly, which is unacceptable for production deployments that use KMS (AWS KMS, GCP Cloud KMS), HSMs, or other managed signing infrastructure.Why the current implementation is insufficient
PrivateKeySigneris a concrete local signer — it holds an in-memory secret key. Every builder method, struct field, and internal call site is typed against it, making it impossible to plug in any alternative signer without forking the crate. The synchronoussign_hash_synccalls further restrict compatibility, since most KMS-backed signers are inherently async.Solution
Replace all server-side
PrivateKeySignerreferences with alloy'sdyn Signertrait:SessionMethod::close_signer→Option<Arc<dyn Signer + Send + Sync>>ChargeMethod::fee_payer_signer→Option<Arc<dyn Signer + Send + Sync>>TempoBuilder::fee_payer_signer→Option<Box<dyn Signer + Send + Sync>>impl Signer + Send + Sync + 'staticcosign_fee_payer_transactionbecomesasync fn; allsign_hash_synccalls becomesign_hash().awaitClient-side code (
TempoProvider,TempoSessionProvider) is unchanged — callers still create wallets withPrivateKeySignerwhich satisfiesimpl Signer. Existing usage compiles without modification.