Wire up VSS storage and standalone test harness#2
Merged
amackillop merged 2 commits intomasterfrom Mar 30, 2026
Merged
Conversation
Switch from local filesystem KVStore to VSS for all node state. The builder now calls build_with_vss_store_and_fixed_headers instead of build(). store_id is SHA256(mnemonic), which doesn't depend on the network and doesn't leak the node pubkey. NetworkInfra/LspInfra get a vss_url field with hardcoded endpoints for mainnet and signet. Regtest reads MDK_VSS_URL from the environment. The integration test recipe now spins up its own ephemeral PostgreSQL + VSS server, so tests don't need an external VSS process running. VSS output goes to a log file and only gets dumped on test failure. Tests were all sharing the same mnemonic, which meant the same VSS store_id. Parallel runs would clobber each other. Each test now generates a random mnemonic; only the deterministic-node-id test keeps the fixed one. Nix flake pulls in vss-server from lightningdevkit/vss-server, builds it with noop_authorizer (no JWT config needed), and exposes VSS_EXE in the dev shell. This is not the same VSS version used currently by the LSP so this was also tested against the staging environment to verify.
martinsaposnic
approved these changes
Mar 30, 2026
The integration-test flake output was a cargoNextest derivation that ran tests inside the Nix sandbox with no PostgreSQL or VSS server. Every test panicked on missing MDK_VSS_URL. Replace the derivation with a writeShellApplication wrapper that calls `just integration-test`, which already starts Postgres and VSS, runs the tests, and tears everything down. This avoids duplicating the orchestration in Nix preCheck hooks. CI now uses `nix run` instead of `nix build` since the tests need loopback networking. Also suppress the VSS log dump on test failure for now, as it floods CI output with debug noise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Switch from local filesystem KVStore to VSS for all node state. The builder now calls build_with_vss_store_and_fixed_headers instead of build(). store_id is SHA256(mnemonic), which doesn't depend on the network and doesn't leak the node pubkey.
NetworkInfra/LspInfra get a vss_url field with hardcoded endpoints for mainnet and signet. Regtest reads MDK_VSS_URL from the environment.
The integration test recipe now spins up its own ephemeral PostgreSQL + VSS server, so tests don't need an external VSS process running. VSS output goes to a log file and only gets dumped on test failure.
Tests were all sharing the same mnemonic, which meant the same VSS store_id. Parallel runs would clobber each other. Each test now generates a random mnemonic; only the deterministic-node-id test keeps the fixed one.
Nix flake pulls in vss-server from lightningdevkit/vss-server, builds it with noop_authorizer (no JWT config needed), and exposes VSS_EXE in the dev shell. This is not the same VSS version used currently by the LSP so this was also tested against the staging environment to verify.