hailin
747e4ae8ef
refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing
...
- Remove Address field from PartyEndpoint (parties connect to router themselves)
- Update K8s Discovery to only manage PartyID and Role labels
- Add Party registration and SessionEvent protobuf definitions
- Implement PartyRegistry and SessionEventBroadcaster domain logic
- Add RegisterParty and SubscribeSessionEvents gRPC handlers
- Prepare infrastructure for party-driven MPC coordination
This is the first phase of migrating from coordinator-driven to party-driven
architecture following international MPC system design patterns.
2025-12-05 08:11:28 -08:00
c26a24b544
fix(mpc-service): 确保 keygen 会话包含完整的参与者列表
...
问题:account-service 要求 participants 数量必须等于 threshold_n
原因:createKeygenSession 传入的 participants 可能不足 3 个
修复:
- 在 createKeygenSession 中自动补全参与者列表
- 对于 2-of-3 配置,确保有 3 个参与者:
- user-party (用户端)
- server-party-1 (服务端)
- server-party-2 (备份)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 06:04:47 -08:00
e23af5d4ad
fix(mpc-service): 添加 MPC_COORDINATOR_URL 和 MPC_MESSAGE_ROUTER_WS_URL 配置
...
问题:mpc-service 的 MPCCoordinatorClient 需要 MPC_COORDINATOR_URL 环境变量
原本只配置了 MPC_SESSION_COORDINATOR_URL,导致 Invalid URL 错误
修改内容:
- docker-compose.yml: 添加 MPC_COORDINATOR_URL 和 MPC_MESSAGE_ROUTER_WS_URL
- mpc-service/.env.example: 更新环境变量文档
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 05:55:26 -08:00
4db5534372
feat(mpc): 添加 server-party-api 服务,实现用户 share 生成
...
新增 mpc-system/services/server-party-api:
- 为 mpc-service 提供同步的 TSS keygen/signing API
- 参与 TSS 协议生成用户 share 并直接返回(不存储)
- 支持 API Key 认证
- 端口 8083 对外暴露
更新 mpc-service TSSWrapper:
- 改为调用 server-party-api 而非本地二进制
- 新增 MPC_SERVER_PARTY_API_URL 配置
- 超时时间调整为 10 分钟
架构: mpc-service -> account-service -> server-party-api -> TSS
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 05:32:41 -08:00
9dee0d36a5
feat(backup,mpc): 添加 prisma 迁移文件
...
backup-service 和 mpc-service 缺少 prisma/migrations 目录
导致 prisma migrate deploy 无法执行
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 04:01:47 -08:00
2fd784e3d2
fix(mpc-service): 使用标准 migrate deploy 替代 db push
...
移除 db push --accept-data-loss,改用 prisma migrate deploy
这是创建账号流程涉及的第3个服务(identity, backup, mpc)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 03:36:33 -08:00
178a5c9f8b
feat(mpc-service): 实现混合传输模式 (WebSocket + HTTP轮询)
...
- 优先尝试 WebSocket 连接 (5秒超时)
- WebSocket 失败自动降级到 HTTP 轮询
- HTTP 轮询间隔 100ms,总超时 5分钟
- 新增 getTransportMode() 方法查看当前传输模式
- 修复 message-router 404 导致的 socket hang up 问题
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 00:00:49 -08:00
a701f55342
fix(mpc-service): 修复 WebSocket 导入方式
...
将 `import WebSocket from 'ws'` 改为 `import * as WebSocket from 'ws'`
以兼容 CommonJS 模块系统
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 22:58:00 -08:00
9363e4991f
fix(mpc-service): 使用 prisma db push 自动同步数据库 schema
...
- 容器启动时执行 prisma db push 自动创建/同步表结构
- 删除 migrations 目录,不再使用 migrate 机制
- 这是标准做法:schema.prisma 定义表结构,db push 同步到数据库
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:56:30 -08:00
8850ea6ab0
fix(mpc-service): 重构数据库迁移机制,从根本解决表不存在问题
...
问题分析:
- 旧迁移文件只有 party_shares 表,缺少 session_states 和 share_backups 表
- Prisma 的 _prisma_migrations 表记录迁移已完成,导致新表无法创建
- 迁移状态与实际数据库不一致
解决方案:
1. 删除旧迁移目录,创建全新的 0001_init 迁移
2. 新迁移包含所有三个表: party_shares, session_states, share_backups
3. 添加 docker-entrypoint.sh 启动脚本,容器启动时自动运行迁移
4. 修改 Dockerfile 使用 entrypoint 脚本
deploy.sh 新增命令:
- migrate-reset: 重置数据库并重新运行迁移
- migrate-push: 强制同步 schema (创建缺失的表)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:47:42 -08:00
122bf84c24
fix(mpc-service): 修复数据库迁移,添加缺失的表
...
migration.sql 与 schema.prisma 不同步,缺失以下表:
- session_states: 会话状态跟踪表
- share_backups: 分片备份表
同时修复了索引名称以匹配 schema 定义。
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:32:36 -08:00
e51edc2ce4
fix(mpc-service): 修复 MPC 会话流程,先创建会话再加入
...
问题:mpc-service 尝试用 identity-service 生成的 SHA256 哈希作为
joinToken 加入会话,但 session-coordinator 期望的是由它自己
CreateSession 接口生成的 JWT token。
修复:
- coordinator-client.ts: 添加 createSession() 方法
- participate-keygen.handler.ts: 先创建会话获取 JWT,再加入
- participate-signing.handler.ts: 同上
- rotate-share.handler.ts: 同上(使用 keygen 类型)
流程变更:
1. CreateSession -> 获取 sessionId + JWT joinToken
2. JoinSession 使用 JWT token 加入会话
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:21:22 -08:00
467206fd61
fix(mpc-service): 修复 coordinator-client 请求/响应格式
...
session-coordinator 使用 camelCase JSON 格式:
请求:
- session_id, party_id, join_token -> joinToken, partyId
- 添加必需字段 deviceType, deviceId
响应:
- session_info.session_id -> sessionId
- other_parties -> participants
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:11:16 -08:00
e4abc7eb83
fix(mpc-service): 添加 /api/v1 前缀到 coordinator-client 路径
...
session-coordinator 的 API 路由注册在 /api/v1/sessions 下,
但 coordinator-client 调用的是 /sessions(404 错误)。
修复所有端点路径:
- /sessions/join -> /api/v1/sessions/join
- /sessions/report-completion -> /api/v1/sessions/report-completion
- /sessions/{id}/status -> /api/v1/sessions/{id}/status
- /sessions/report-failure -> /api/v1/sessions/report-failure
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 21:06:06 -08:00
55d40c8200
fix(mpc-service): 改用 Debian slim 基础镜像
...
- 从 Alpine 改为 Debian slim (与 identity-service 一致)
- 使用 curl 进行健康检查
- 添加 DATABASE_URL 用于 Prisma generate
- 通过代理访问官方源
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 19:57:11 -08:00
e068b99dc1
fix(mpc-service): 将 keygen/signing 接口标记为 Public
...
临时解决 identity-service 调用 mpc-service 时的 401 认证错误:
- keygen/participate
- keygen/participate-sync
- signing/participate
- signing/participate-sync
TODO: 添加适当的服务间认证机制(API key 或 service JWT)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 18:05:31 -08:00
00e359b412
fix(mpc-service): 直接从环境变量读取配置
...
ConfigService.get('port') 读取不到嵌套配置
改为直接使用 process.env.APP_PORT
修复服务监听错误端口 (6379 -> 3006)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 10:29:59 -08:00
a17ac1b06a
fix(mpc-service): 使用 openssl 包替代 openssl1.1-compat
...
Alpine 3.22 已移除 openssl1.1-compat
使用 openssl (OpenSSL 3) 替代
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 10:17:08 -08:00
b67a5434e2
fix(mpc-service): 安装 OpenSSL 1.1 修复 Prisma 引擎加载失败
...
错误: libssl.so.1.1: No such file or directory
解决: 在 production stage 安装 openssl1.1-compat
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 10:14:36 -08:00
781619e2ff
revert: 恢复 backup-service 和 mpc-service 原始 Dockerfile
...
回滚到纯 Alpine 版本(最初可用的版本)
- backup-service: 66199cc6fa4d7a🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 10:10:22 -08:00
451aa8fae8
feat(mpc-service): 添加初始数据库 migration
...
创建 party_shares 和 signing_sessions 表及索引
修复健康检查失败问题(缺少数据库表)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 10:03:03 -08:00
afdaa888ec
refactor: 将所有服务的健康检查从 wget 改为 curl
...
curl 相比 wget 的优势:
- 更轻量 (二进制文件更小)
- 更常用 (标准 HTTP 工具)
- 语法更简洁 (curl -f vs wget -q --spider)
- 退出码更可靠 (-f 参数在 HTTP 错误时返回非 0)
修改的服务:
- identity-service
- wallet-service
- mpc-service
- reward-service
- leaderboard-service
- reporting-service
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 09:19:35 -08:00
451185005f
fix: 修复多个服务的 Docker 健康检查和构建配置
...
identity-service:
- 修复 HEALTHCHECK URL: /health → /api/v1/health
wallet-service:
- 修复 HEALTHCHECK URL: /health → /api/v1/health
leaderboard-service:
- 修复端口: 3000 → 3007
- 添加 HEALTHCHECK (/api/health)
- 添加非 root 用户 (nestjs)
- 添加 NODE_ENV=production
mpc-service:
- builder 阶段从 alpine 改为 slim (解决 Prisma 兼容性)
- 添加 OpenSSL 依赖到 builder 阶段
- 添加 wget 依赖
- HEALTHCHECK 从 node 脚本改为 wget
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 07:33:33 -08:00
b224e209a6
fix(mpc-service): 修复PostgreSQL兼容性问题
...
1. Dockerfile: 将DATABASE_URL协议从mysql改为postgresql
2. schema.prisma: 重命名索引以满足PostgreSQL全局唯一性要求
- idx_party_id -> idx_ps_party_id (party_shares)
- idx_session_id -> idx_ps_session_id (party_shares)
- idx_status -> idx_ps_status (party_shares)
- idx_session_id -> idx_ss_session_id (session_states)
- idx_party_id -> idx_ss_party_id (session_states)
- idx_status -> idx_ss_status (session_states)
已在WSL2中验证Docker构建成功。
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 06:09:16 -08:00
a9594ef15e
fix(mpc-service): 修复数据库provider从mysql改为postgresql
...
mpc-service错误配置为mysql,与项目统一使用的postgresql不一致,
导致服务启动时Prisma验证DATABASE_URL失败。
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 05:54:07 -08:00
efd1156739
fix(mpc-service): correct build output path to dist/main.js
...
NestJS with tsconfig outDir: ./dist builds to dist/main.js, not dist/src/main.js.
Added build verification step to catch this earlier.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 04:41:29 -08:00
9b4a1d119c
fix(services): switch from Alpine to Debian slim for Prisma OpenSSL
...
Alpine 3.22 removed openssl1.1-compat package which Prisma needs.
Switched production stage from node:20-alpine to node:20-slim (Debian)
which has proper OpenSSL support.
Changes:
- Use node:20-slim for production stage (keep Alpine for build)
- Install openssl and wget via apt-get
- Update user creation from Alpine (addgroup/adduser) to Debian (groupadd/useradd)
Validated identity-service build and startup in WSL2:
- Build passes successfully
- NestJS starts and loads all routes
- Prisma client connects without OpenSSL errors
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 04:12:27 -08:00
c2b44eef29
fix(services): add OpenSSL 1.1 compatibility for Prisma in Alpine
...
Prisma engine requires libssl.so.1.1 which is not available in Alpine
Linux by default (Alpine uses OpenSSL 3.x). Added openssl1.1-compat
package to all service Dockerfiles.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 04:03:15 -08:00
7bb4259290
fix(services): correct NestJS build output path in all Dockerfiles
...
NestJS with sourceRoot: "src" outputs to dist/src/main.js not dist/main.js.
Fixed CMD paths in all service Dockerfiles:
- identity-service: dist/src/main.js (verified in WSL2)
- wallet-service: dist/src/main.js
- backup-service: dist/src/main.js
- planting-service: dist/src/main.js
- referral-service: dist/src/main.js
- reward-service: dist/src/main.js
- mpc-service: dist/src/main.js
- leaderboard-service: dist/src/main.js
- reporting-service: dist/src/main.js
- authorization-service: dist/src/main.js
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 03:56:02 -08:00
0a0b7eb886
feat(services): add individual deploy scripts for each service
...
Add deploy.sh script to each service directory for independent
deployment and management:
- identity-service, wallet-service, backup-service
- planting-service, referral-service, reward-service
- mpc-service, leaderboard-service, reporting-service
- authorization-service
Each script supports:
- build / build-no-cache
- start / stop / restart
- logs / logs-tail
- status / health
- migrate / shell
Also updated main deploy.sh with build-no-cache command.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 03:36:50 -08:00
77db1009dd
fix(services): add DATABASE_URL for Prisma generate in Dockerfiles
...
Add dummy DATABASE_URL environment variable prefix to all npx prisma
generate commands in Dockerfiles. Prisma requires DATABASE_URL at
build time to generate the client, but the actual value is only used
at runtime.
Services updated:
- authorization-service (postgresql)
- backup-service (postgresql)
- leaderboard-service (postgresql)
- mpc-service (mysql)
- planting-service (postgresql)
- referral-service (postgresql)
- reporting-service (postgresql)
- reward-service (postgresql)
- wallet-service (postgresql + npm install fix)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 02:54:31 -08:00
hailin
6fa4d7ac1d
feat: 添加MPC多方计算服务模块
...
新增 mpc-service 微服务,实现 MPC-TSS 门限签名功能:
架构设计:
- 采用六边形架构(Hexagonal Architecture)
- 实现 CQRS 命令查询职责分离模式
- 遵循 DDD 领域驱动设计原则
核心功能:
- Keygen: 分布式密钥生成协议参与
- Signing: 门限签名协议参与
- Share Rotation: 密钥份额轮换
- Share Management: 份额查询和管理
技术栈:
- NestJS + TypeScript
- Prisma ORM
- Redis (缓存和分布式锁)
- Kafka (事件发布)
- Jest (单元/集成/E2E测试)
测试覆盖:
- 单元测试: 81个
- 集成测试: 30个
- E2E测试: 15个
- 总计: 111个测试全部通过
文档:
- ARCHITECTURE.md: 架构设计文档
- API.md: REST API接口文档
- TESTING.md: 测试架构说明
- DEVELOPMENT.md: 开发指南
- DEPLOYMENT.md: 部署运维文档
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-27 17:31:43 -08:00
hailin
Developer