hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rwadurian/backend/services/backup-service/docs
History
hailin 747e4ae8ef refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 
- Remove Address field from PartyEndpoint (parties connect to router themselves)
- Update K8s Discovery to only manage PartyID and Role labels
- Add Party registration and SessionEvent protobuf definitions
- Implement PartyRegistry and SessionEventBroadcaster domain logic
- Add RegisterParty and SubscribeSessionEvents gRPC handlers
- Prepare infrastructure for party-driven MPC coordination

This is the first phase of migrating from coordinator-driven to party-driven
architecture following international MPC system design patterns.
 		2025-12-05 08:11:28 -08:00
..
API.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00
ARCHITECTURE.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00
DEPLOYMENT.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00
DEVELOPMENT.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00
README.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00
TESTING.md refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 2025-12-05 08:11:28 -08:00

README.md

Backup Service Documentation

Welcome to the backup-service documentation. This service is responsible for securely storing MPC backup shares (Party 2/3) for the RWA Durian platform.

Documentation Index

Document Description
ARCHITECTURE.md DDD + Hexagonal architecture, design patterns, directory structure, domain layer details
API.md API endpoints reference, authentication, request/response formats, SDK examples
DEVELOPMENT.md Development setup, environment configuration, adding features, debugging
TESTING.md Unit tests, E2E tests, test utilities, running tests, writing good tests
DEPLOYMENT.md Docker, Kubernetes deployment, environment variables, security, monitoring

Quick Links

Getting Started

  1. Development Setup
  2. Environment Variables
  3. Running Tests

API Reference

  1. Store Backup Share
  2. Retrieve Backup Share
  3. Revoke Backup Share
  4. Health Endpoints

Architecture

  1. Hexagonal Architecture
  2. Domain Layer
  3. Database Schema
  4. Key Decisions

Deployment

  1. Docker Deployment
  2. Kubernetes Deployment
  3. Security Considerations

Service Overview

Purpose: Securely store and manage MPC backup shares (Party 2) for account recovery

Key Features:

  • Double encryption (AES-256-GCM)
  • Service-to-service JWT authentication
  • Rate limiting (3 retrieves per user per day)
  • Comprehensive audit logging
  • Physical server isolation from identity-service

Technology Stack:

  • NestJS 11.x (TypeScript)
  • Prisma 7.x ORM
  • PostgreSQL 15
  • Docker / Kubernetes

Test Summary

Category Tests
Unit Tests 37
Mock E2E Tests 21
Real DB E2E Tests 20
Total 78

Critical Security Note

The backup-service MUST be deployed on a physically separate server from identity-service. This is mandatory for maintaining MPC security:

  • Party 0 (Server Share): identity-service (Server A)
  • Party 1 (Client Share): User device
  • Party 2 (Backup Share): backup-service (Server B)

If only one server is compromised, attackers can only obtain 1 of 3 shares, making key reconstruction impossible (2-of-3 threshold).