LIT-3920 - wrapped-keys - Batch generate private keys & optionally sign messages in a single operation #675
Conversation
MaximusHaximus
changed the title
MaximusHaximus
requested review from
Ansonhkg,
DashKash54 and
FedericoAmura
and removed request for
Ansonhkg and
joshLong145
| import { setLitActionsCodeToLocal } from './tests/wrapped-keys/util'; | ||
|
|
||
| // Use the current LIT action code to test against | ||
| setLitActionsCodeToLocal(); |
There was a problem hiding this comment.
This makes our tinny tests use the locally built code for all LIT actions in wrapped-keys instead of running them against the CIDs in wrapped-keys LIT_ACTION_CID_REPOSITORY
There was a problem hiding this comment.
Since the idea is that users use the IPFS Cid shouldn't the tests reflect that?
There was a problem hiding this comment.
I guess it depends on the users; some people will be using the code directly, others the CIDs... what I want to do is run the entire suite against the cids and then again against the current code ideally, but see other comment re: doing so without jest.
The reason this is here right now is because we have a chicken and egg problem - in-progress code in PRs isn't in IPFS, and pinning repeatedly to IPFS as we iterate on a lit action would result in a ton of churn and manual updates right now.
We could make this code always use IPFS CIDs, but it would require that all actions we want to test would exist in IPFS before we can test against them -- and we want to run tests while developing the actions where they will be changing often.
In this PR, I wanted to be sure tests pass with the current code rather than previous CIDs -- once we have confirmed all of the LIT actions code here is GTG and published all of the lit actions to IPFS, I can update the CIDs in wrapped-keys and remove this code so the tests run against CIDs again
There was a problem hiding this comment.
Cool as you mentioned we can run the tests against IPFS afterwards
There was a problem hiding this comment.
I think we should stick to the LA code, not the IPFS. That way we can validate the code with our tests continuously, not depend on IPFS and we can always calculate the CID from the code but not the other way around
Also, after having the CID generation/LA publish step on SDK publish we will have them updated automatically every time this goes public
There was a problem hiding this comment.
👍 I agree @FedericoAmura <3 Ideally, all tests would run against the data in the same commit by default, and if we want to test against prior versions we'd explicitly do that. The main thing is just getting the CID repo in the same commit to always match the current source code in that commit... I think we can do that with a husky hook script that runs on-commit
There was a problem hiding this comment.
husky hook script that runs on-commit
Good idea
local-tests/tests/wrapped-keys/testFailEthereumSignTransactionWrappedKeyWithInvalidParam.ts
Show resolved
Hide resolved
local-tests/tests/wrapped-keys/testFailEthereumSignTransactionWrappedKeyWithMissingParam.ts
Show resolved
Hide resolved
local-tests/tests/wrapped-keys/testSignTransactionWithSolanaEncryptedKey.ts
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/signTransaction.js
Show resolved
Hide resolved
packages/wrapped-keys/src/lib/api/batch-generate-private-keys.ts
Outdated
Show resolved
Hide resolved
DashKash54
left a comment
DashKash54
left a comment
There was a problem hiding this comment.
@MaximusHaximus there appears to be a problem in the batch method as each node generates its own random private key and signs with it. But only one node returns the encrypted key to the user hence the encrypted key won't match the signedMessage
| EthereumLitTransaction, | ||
| } from '@lit-protocol/wrapped-keys'; | ||
|
|
||
| const emptyLitActionRepositoryCommon: LitActionCodeRepositoryCommon = { |
There was a problem hiding this comment.
The way the fallback logic inside of the wrapped-keys package works, if the code for a particular LIT action is an empty string (falsey), it uses CIDs -- otherwise it uses the string as the LIT action code. It's 'empty' because it contains no code at all, for any key -- basically it resets the entire code repository so that any calls to use the LIT actions will use the defined CIDs instead of trying to use code. For type safety it needs to be an object with the correct keys, where all appropriate values remain strings.
There was a problem hiding this comment.
The way the fallback logic inside of the wrapped-keys package works, if the code for a particular LIT action is an empty string (falsey), it uses CIDs -- otherwise it uses the string as the LIT action code
The fallback logic sounds a lil convoluted, like we intentionally keep it empty and then fall back- is it like this to work with TS? Doesn't the user provides a param to pass the code or IPFS Cid
There was a problem hiding this comment.
Keeping the values on the object always as strings keeps the type consistent so handling values in the object requires less complexity in typescript -- because values on the object are all of type string, we always know what type a value is without needing to do assertions against it, and the code to check if it's a falsy string to know if we should try to use any particular value as code or not is the same as if the value was 'null' -- but typescript doesn't force us to check it's a string or add a manual type annotation telling TS it IS a string before using it as code like it would if we had defined it as a { string | null } type :)
packages/wrapped-keys-lit-actions/src/lib/common/internal/getDecryptedKey.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/common/batchGenerateEncryptedKeys.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/common/batchGenerateEncryptedKeys.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/signMessage.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/ethereum/generateEncryptedEthereumPrivateKey.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/solana/generateEncryptedSolanaPrivateKey.js
Show resolved
Hide resolved
packages/wrapped-keys/src/lib/api/batch-generate-private-keys.ts
Outdated
Show resolved
Hide resolved
packages/wrapped-keys/src/lib/api/batch-generate-private-keys.ts
Outdated
Show resolved
Hide resolved
|
@DashKash54 Per our conversation, I've pushed commits that remove all Thinking about this change, though -- we could also normalize this behaviour and remove the runOnce usage for the existing LIT actions, and configure them to use the same new 'only use response from a single node' logic. This would improve performance for anyone using the per-network generate methods also. It would be a similar 1-line change 🤔 |
| import { setLitActionsCodeToLocal } from './tests/wrapped-keys/util'; | ||
|
|
||
| // Use the current LIT action code to test against | ||
| setLitActionsCodeToLocal(); |
There was a problem hiding this comment.
I think we should stick to the LA code, not the IPFS. That way we can validate the code with our tests continuously, not depend on IPFS and we can always calculate the CID from the code but not the other way around
Also, after having the CID generation/LA publish step on SDK publish we will have them updated automatically every time this goes public
packages/wrapped-keys-lit-actions/src/lib/common/internal/getDecryptedKey.js
Outdated
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/solana/internal/signMessage.js
Outdated
Show resolved
Hide resolved
|
@DashKash54 I merged in the new executeJs change from #677 and updated This behaviour leverages the existing executeJs function behaviour to get the absolute fastest response from any node and return immediately, as soon as any one successful response is received. This also gives us the added benefit that if any one request to any node succeeds, the call will succeed. Basically the best of both worlds when it comes to both speed of response and resilience to errors. |
Co-authored-by: Daryl Collins <[email protected]> Signed-off-by: Anson <[email protected]>
…WithLitAction()` to set `numResponsesRequired: 1` on its `executeJs()` call
…for `sync-actions-to-ipfs` script - Updated axios dependency to be a dev dependency (we don't use it in any of our SDK packages), using ^1.6.0 since that was already in our yarn.lock - Added `form-date` as a dev dependency
… sync-actions-to-ipfs.js
MaximusHaximus
force-pushed
the
LIT-3920-batchGeneratePrivateKeys
branch
from
0757183 to
54053fe
Compare
…ey` -> `generateEncryptedPrivateKey` and `signedMessage` -> `signMessage`
There was a problem hiding this comment.
Looks good, approving but left few more comments & questions @MaximusHaximus
packages/wrapped-keys-lit-actions/src/lib/ethereum/internal/signMessage.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/solana/signTransactionWithEncryptedSolanaKey.js
Show resolved
Hide resolved
packages/wrapped-keys-lit-actions/src/lib/ethereum/signTransactionWithEncryptedEthereumKey.js
Show resolved
Hide resolved
packages/wrapped-keys/src/lib/lit-actions-client/batch-generate-keys.ts
Outdated
Show resolved
Hide resolved
DashKash54
left a comment
DashKash54
left a comment
There was a problem hiding this comment.
Just a small suggestion for big PRs like this it'll be nice to keep the name same and raise another PR for updating the naming, makes easier to review @MaximusHaximus
…thEncryptedSolanaKey` LA to validate unsigned tx before decrypting the private key
We can update the existing Lit Actions later as it's not only the Lit Action but also the client that needs to be updated with run on single node flag eg: |
It has a down side that all the node loads increase, we can reduce the network load by 8-10x if we run only on once |
…thEncryptedEthereumKey` LA to validate unsigned tx before decrypting the private key
packages/wrapped-keys-lit-actions/src/lib/solana/signTransactionWithEncryptedSolanaKey.js
Show resolved
Hide resolved
OK, I'll leave them as is for now -- just FYI, the client change only involves adding a single parameter into each API function's file where they call |
DashKash54
left a comment
DashKash54
left a comment
There was a problem hiding this comment.
Please address the remaining comments specifically the ones in which I've tagged you @MaximusHaximus
If you want feel free to do it now @MaximusHaximus |
…d` with `useSingleNode` - Fixed test assertions in testUseEoaSessionSigsToRequestSingleResponse
…`useSingleNode` for generating network-specific wrapped keys
… for `generateEncryptedKey` actions
…dress to get walletAddress instead of exporting the key in testBatchGeneratePrivateKeys
|
@DashKash54 All set
|
Description
This PR adds a new API function to
wrapped-keysand corresponding LITAction towrapped-keys-lit-actionsfacilitates the execution of multiple operations -- previously requiring executing 4 independent actions -- in a single API call to a single LIT action execution.Noteworthy changes in this PR:
LIT_ACTION_CID_REPOSITORY_COMMONconstant, and a newlitActionCodeRepositoryCommonconstant towrapped-keys; 'common' LIT actions are not network-specific, so these repositories do not have multiple entries keyed byNetwork(evm or solana) under each LIT action entry; instead there is a single entry per LIT action which provides functionality for multiple networks.wrapped-keysNew functions
api.batchGeneratePrivateKeys()actions, where each action can define either network (evm or solana), and an optional message to sign and return the signature ofconfig.setLitActionsCodeCommon()New types
BatchGeneratePrivateKeysResult/BatchGeneratePrivateKeysActionResultBatchGeneratePrivateKeysParams/GeneratePrivateKeyActionLitActionCodeRepositoryCommonwrapped-keys-lit-actionsNew LIT action
batchGenerateEncryptedKeys()nnew keys and optionally signing a message for each key, and returning the results of all generated keys and signed messages in a single execution of one LIT actionType of change
How Has This Been Tested?
Checklist: