From 8f57ba5bfd1fe1dfa6fb59aa7cb456141f057bab Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 15 Jan 2026 01:57:21 +0000 Subject: [PATCH 1/6] Add support for the simple "sigs-based auth" VSS scheme At https://github.com/lightningdevkit/vss-server/pull/79 we added a new, trivial, VSS authentication scheme that ensures client isolation without much else. This is great for testing, and we expect some to do new-account-rate-limiting via other means, so might well become a common default. Here we add support to it in ldk-node. --- bindings/ldk_node.udl | 4 ++- src/builder.rs | 64 ++++++++++++++++++++++++++++++++++++++----- src/io/vss_store.rs | 42 +++++++++++++++++++++++++++- 3 files changed, 101 insertions(+), 9 deletions(-) diff --git a/bindings/ldk_node.udl b/bindings/ldk_node.udl index d40f72f4a..b0234a4b1 100644 --- a/bindings/ldk_node.udl +++ b/bindings/ldk_node.udl @@ -135,7 +135,9 @@ interface Builder { [Throws=BuildError] Node build_with_fs_store(NodeEntropy node_entropy); [Throws=BuildError] - Node build_with_vss_store(NodeEntropy node_entropy, string vss_url, string store_id, string lnurl_auth_server_url, record fixed_headers); + Node build_with_vss_store(NodeEntropy node_entropy, string vss_url, string store_id, record fixed_headers); + [Throws=BuildError] + Node build_with_vss_store_and_lnurl_auth(NodeEntropy node_entropy, string vss_url, string store_id, string lnurl_auth_server_url, record fixed_headers); [Throws=BuildError] Node build_with_vss_store_and_fixed_headers(NodeEntropy node_entropy, string vss_url, string store_id, record fixed_headers); [Throws=BuildError] diff --git a/src/builder.rs b/src/builder.rs index 7a285876f..1477a8550 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -584,6 +584,32 @@ impl NodeBuilder { self.build_with_store(node_entropy, kv_store) } + /// Builds a [`Node`] instance with a [VSS] backend and according to the options + /// previously configured. + /// + /// Uses a simple authentication scheme proving knowledge of a secret key. + /// + /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. + /// + /// **Caution**: VSS support is in **alpha** and is considered experimental. + /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are + /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted. + /// + /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md + pub fn build_with_vss_store( + &self, node_entropy: NodeEntropy, vss_url: String, store_id: String, + fixed_headers: HashMap, + ) -> Result { + let logger = setup_logger(&self.log_writer_config, &self.config)?; + let builder = VssStoreBuilder::new(node_entropy, vss_url, store_id, self.config.network); + let vss_store = builder.build_with_sigs_auth(fixed_headers).map_err(|e| { + log_error!(logger, "Failed to setup VSS store: {}", e); + BuildError::KVStoreSetupFailed + })?; + + self.build_with_store(node_entropy, vss_store) + } + /// Builds a [`Node`] instance with a [VSS] backend and according to the options /// previously configured. /// @@ -601,16 +627,17 @@ impl NodeBuilder { /// /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md /// [LNURL-auth]: https://github.com/lnurl/luds/blob/luds/04.md - pub fn build_with_vss_store( + pub fn build_with_vss_store_and_lnurl_auth( &self, node_entropy: NodeEntropy, vss_url: String, store_id: String, lnurl_auth_server_url: String, fixed_headers: HashMap, ) -> Result { let logger = setup_logger(&self.log_writer_config, &self.config)?; let builder = VssStoreBuilder::new(node_entropy, vss_url, store_id, self.config.network); - let vss_store = builder.build(lnurl_auth_server_url, fixed_headers).map_err(|e| { - log_error!(logger, "Failed to setup VSS store: {}", e); - BuildError::KVStoreSetupFailed - })?; + let vss_store = + builder.build_with_lnurl(lnurl_auth_server_url, fixed_headers).map_err(|e| { + log_error!(logger, "Failed to setup VSS store: {}", e); + BuildError::KVStoreSetupFailed + })?; self.build_with_store(node_entropy, vss_store) } @@ -956,6 +983,29 @@ impl ArcedNodeBuilder { self.inner.read().unwrap().build_with_fs_store(*node_entropy).map(Arc::new) } + /// Builds a [`Node`] instance with a [VSS] backend and according to the options + /// previously configured. + /// + /// Uses a simple authentication scheme proving knowledge of a secret key. + /// + /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. + /// + /// **Caution**: VSS support is in **alpha** and is considered experimental. + /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are + /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted. + /// + /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md + pub fn build_with_vss_store( + &self, node_entropy: Arc, vss_url: String, store_id: String, + fixed_headers: HashMap, + ) -> Result, BuildError> { + self.inner + .read() + .unwrap() + .build_with_vss_store(*node_entropy, vss_url, store_id, fixed_headers) + .map(Arc::new) + } + /// Builds a [`Node`] instance with a [VSS] backend and according to the options /// previously configured. /// @@ -973,14 +1023,14 @@ impl ArcedNodeBuilder { /// /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md /// [LNURL-auth]: https://github.com/lnurl/luds/blob/luds/04.md - pub fn build_with_vss_store( + pub fn build_with_vss_store_and_lnurl_auth( &self, node_entropy: Arc, vss_url: String, store_id: String, lnurl_auth_server_url: String, fixed_headers: HashMap, ) -> Result, BuildError> { self.inner .read() .unwrap() - .build_with_vss_store( + .build_with_vss_store_and_lnurl_auth( *node_entropy, vss_url, store_id, diff --git a/src/io/vss_store.rs b/src/io/vss_store.rs index a7af8ecc2..111e8f447 100644 --- a/src/io/vss_store.rs +++ b/src/io/vss_store.rs @@ -29,6 +29,7 @@ use prost::Message; use rand::RngCore; use vss_client::client::VssClient; use vss_client::error::VssError; +use vss_client::headers::sigs_auth::SigsAuthProvider; use vss_client::headers::{FixedHeaders, LnurlAuthToJwtProvider, VssHeaderProvider}; use vss_client::types::{ DeleteObjectRequest, GetObjectRequest, KeyValue, ListKeyVersionsRequest, PutObjectRequest, @@ -69,6 +70,7 @@ impl_writeable_tlv_based_enum!(VssSchemaVersion, const VSS_HARDENED_CHILD_INDEX: u32 = 877; const VSS_LNURL_AUTH_HARDENED_CHILD_INDEX: u32 = 138; +const VSS_SIGS_AUTH_HARDENED_CHILD_INDEX: u32 = 139; const VSS_SCHEMA_VERSION_KEY: &str = "vss_schema_version"; // We set this to a small number of threads that would still allow to make some progress if one @@ -853,6 +855,44 @@ impl VssStoreBuilder { Self { node_entropy, vss_url, store_id, network } } + /// Builds a [`VssStore`] with the simple signature-based authentication scheme. + /// + /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth + /// server. + /// + /// **Caution**: VSS support is in **alpha** and is considered experimental. Using VSS (or any + /// remote persistence) may cause LDK to panic if persistence failures are unrecoverable, i.e., + /// if they remain unresolved after internal retries are exhausted. + /// + /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md + /// [LNURL-auth]: https://github.com/lnurl/luds/blob/luds/04.md + pub fn build_with_sigs_auth( + &self, fixed_headers: HashMap, + ) -> Result { + let secp_ctx = Secp256k1::new(); + let seed_bytes = self.node_entropy.to_seed_bytes(); + let vss_xprv = Xpriv::new_master(self.network, &seed_bytes) + .map_err(|_| VssStoreBuildError::KeyDerivationFailed) + .and_then(|master| { + master + .derive_priv( + &secp_ctx, + &[ChildNumber::Hardened { index: VSS_HARDENED_CHILD_INDEX }], + ) + .map_err(|_| VssStoreBuildError::KeyDerivationFailed) + })?; + + let sigs_auth_xprv = vss_xprv + .derive_priv( + &secp_ctx, + &[ChildNumber::Hardened { index: VSS_SIGS_AUTH_HARDENED_CHILD_INDEX }], + ) + .map_err(|_| VssStoreBuildError::KeyDerivationFailed)?; + + let auth_provider = SigsAuthProvider::new(sigs_auth_xprv.private_key, fixed_headers); + self.build_with_header_provider(Arc::new(auth_provider)) + } + /// Builds a [`VssStore`] with [LNURL-auth] based authentication scheme as default method for /// authentication/authorization. /// @@ -869,7 +909,7 @@ impl VssStoreBuilder { /// /// [VSS]: https://github.com/lightningdevkit/vss-server/blob/main/README.md /// [LNURL-auth]: https://github.com/lnurl/luds/blob/luds/04.md - pub fn build( + pub fn build_with_lnurl( &self, lnurl_auth_server_url: String, fixed_headers: HashMap, ) -> Result { let secp_ctx = Secp256k1::new(); From 8616c6e61cc4d2e1c4efb38df5f64db4739b914f Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 15 Jan 2026 02:01:27 +0000 Subject: [PATCH 2/6] Switch to new sigs-based auth in VSS integration tests When we added the trivial sigs-based authentication scheme in VSS, we made it the default if no other authentication scheme was configured and default features are enabled. This broke our integration tests as we were expecting no authentication to be required in such a case. Here we fix this by switching to the new sigs-based auth scheme, removing `store_id`s to demonstrate client isolation while we're at it. Sadly, because we don't currently have a test framework for LNURL-auth-based VSS, and because VSS no longer defaults to no-auth, we can't practically test the upgrade-from-0.6 logic anymore, so opt to simply drop the test. --- src/builder.rs | 2 +- tests/integration_tests_vss.rs | 50 ++++++++-------------------------- 2 files changed, 12 insertions(+), 40 deletions(-) diff --git a/src/builder.rs b/src/builder.rs index 1477a8550..802ba7715 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -589,7 +589,7 @@ impl NodeBuilder { /// /// Uses a simple authentication scheme proving knowledge of a secret key. /// - /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. + /// `fixed_headers` are included as it is in all the requests made to VSS. /// /// **Caution**: VSS support is in **alpha** and is considered experimental. /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are diff --git a/tests/integration_tests_vss.rs b/tests/integration_tests_vss.rs index 54912b358..7ecc14f64 100644 --- a/tests/integration_tests_vss.rs +++ b/tests/integration_tests_vss.rs @@ -25,10 +25,10 @@ async fn channel_full_cycle_with_vss_store() { builder_a.set_chain_source_esplora(esplora_url.clone(), None); let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); let node_a = builder_a - .build_with_vss_store_and_fixed_headers( + .build_with_vss_store( config_a.node_entropy, vss_base_url.clone(), - "node_1_store".to_string(), + "".to_owned(), HashMap::new(), ) .unwrap(); @@ -39,12 +39,7 @@ async fn channel_full_cycle_with_vss_store() { let mut builder_b = Builder::from_config(config_b.node_config); builder_b.set_chain_source_esplora(esplora_url.clone(), None); let node_b = builder_b - .build_with_vss_store_and_fixed_headers( - config_b.node_entropy, - vss_base_url, - "node_2_store".to_string(), - HashMap::new(), - ) + .build_with_vss_store(config_b.node_entropy, vss_base_url, "".to_owned(), HashMap::new()) .unwrap(); node_b.start().unwrap(); @@ -66,11 +61,9 @@ async fn vss_v0_schema_backwards_compatibility() { let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap()); let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); - let rand_suffix: String = - (0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect(); - let store_id = format!("v0_compat_test_{}", rand_suffix); let storage_path = common::random_storage_path().to_str().unwrap().to_owned(); - let seed_bytes = [42u8; 64]; + let mut seed_bytes = [42u8; 64]; + rand::thread_rng().fill_bytes(&mut seed_bytes); let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes); // Setup a v0.6.2 `Node` persisted with the v0 scheme. @@ -81,11 +74,7 @@ async fn vss_v0_schema_backwards_compatibility() { builder_old.set_entropy_seed_bytes(seed_bytes); builder_old.set_chain_source_esplora(esplora_url.clone(), None); let node_old = builder_old - .build_with_vss_store_and_fixed_headers( - vss_base_url.clone(), - store_id.clone(), - HashMap::new(), - ) + .build_with_vss_store(vss_base_url.clone(), "".to_owned(), HashMap::new()) .unwrap(); node_old.start().unwrap(); @@ -119,12 +108,7 @@ async fn vss_v0_schema_backwards_compatibility() { builder_new.set_chain_source_esplora(esplora_url, None); let node_new = builder_new - .build_with_vss_store_and_fixed_headers( - node_entropy, - vss_base_url, - store_id, - HashMap::new(), - ) + .build_with_vss_store(node_entropy, vss_base_url, "".to_owned(), HashMap::new()) .unwrap(); node_new.start().unwrap(); @@ -145,11 +129,9 @@ async fn vss_node_restart() { let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap()); let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); - let rand_suffix: String = - (0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect(); - let store_id = format!("restart_test_{}", rand_suffix); let storage_path = common::random_storage_path().to_str().unwrap().to_owned(); - let seed_bytes = [42u8; 64]; + let mut seed_bytes = [42u8; 64]; + rand::thread_rng().fill_bytes(&mut seed_bytes); let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes); // Setup initial node and fund it. @@ -159,12 +141,7 @@ async fn vss_node_restart() { builder.set_storage_dir_path(storage_path.clone()); builder.set_chain_source_esplora(esplora_url.clone(), None); let node = builder - .build_with_vss_store_and_fixed_headers( - node_entropy, - vss_base_url.clone(), - store_id.clone(), - HashMap::new(), - ) + .build_with_vss_store(node_entropy, vss_base_url.clone(), "".to_owned(), HashMap::new()) .unwrap(); node.start().unwrap(); @@ -193,12 +170,7 @@ async fn vss_node_restart() { builder.set_chain_source_esplora(esplora_url, None); let node = builder - .build_with_vss_store_and_fixed_headers( - node_entropy, - vss_base_url, - store_id, - HashMap::new(), - ) + .build_with_vss_store(node_entropy, vss_base_url, "".to_owned(), HashMap::new()) .unwrap(); node.start().unwrap(); From 1debcf8407138f0abca2b92b5ab23e48d4b56837 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Fri, 20 Feb 2026 17:43:20 +0000 Subject: [PATCH 3/6] f drop test we can't easily upgrade --- tests/integration_tests_vss.rs | 72 +--------------------------------- 1 file changed, 2 insertions(+), 70 deletions(-) diff --git a/tests/integration_tests_vss.rs b/tests/integration_tests_vss.rs index 7ecc14f64..498d4ad5e 100644 --- a/tests/integration_tests_vss.rs +++ b/tests/integration_tests_vss.rs @@ -13,7 +13,7 @@ use std::collections::HashMap; use ldk_node::entropy::NodeEntropy; use ldk_node::Builder; -use rand::{rng, Rng}; +use rand::{rng, RngCore}; #[tokio::test(flavor = "multi_thread", worker_threads = 1)] async fn channel_full_cycle_with_vss_store() { @@ -55,74 +55,6 @@ async fn channel_full_cycle_with_vss_store() { .await; } -#[tokio::test(flavor = "multi_thread", worker_threads = 1)] -async fn vss_v0_schema_backwards_compatibility() { - let (bitcoind, electrsd) = common::setup_bitcoind_and_electrsd(); - let esplora_url = format!("http://{}", electrsd.esplora_url.as_ref().unwrap()); - let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); - - let storage_path = common::random_storage_path().to_str().unwrap().to_owned(); - let mut seed_bytes = [42u8; 64]; - rand::thread_rng().fill_bytes(&mut seed_bytes); - let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes); - - // Setup a v0.6.2 `Node` persisted with the v0 scheme. - let (old_balance, old_node_id) = { - let mut builder_old = ldk_node_062::Builder::new(); - builder_old.set_network(bitcoin::Network::Regtest); - builder_old.set_storage_dir_path(storage_path.clone()); - builder_old.set_entropy_seed_bytes(seed_bytes); - builder_old.set_chain_source_esplora(esplora_url.clone(), None); - let node_old = builder_old - .build_with_vss_store(vss_base_url.clone(), "".to_owned(), HashMap::new()) - .unwrap(); - - node_old.start().unwrap(); - let addr_old = node_old.onchain_payment().new_address().unwrap(); - common::premine_and_distribute_funds( - &bitcoind.client, - &electrsd.client, - vec![addr_old], - bitcoin::Amount::from_sat(100_000), - ) - .await; - node_old.sync_wallets().unwrap(); - - let balance = node_old.list_balances().spendable_onchain_balance_sats; - assert!(balance > 0); - let node_id = node_old.node_id(); - - // Workaround necessary as v0.6.2's VSS runtime wasn't dropsafe in a tokio context. - tokio::task::block_in_place(move || { - node_old.stop().unwrap(); - drop(node_old); - }); - - (balance, node_id) - }; - - // Now ensure we can still reinit from the same backend. - let mut builder_new = Builder::new(); - builder_new.set_network(bitcoin::Network::Regtest); - builder_new.set_storage_dir_path(storage_path); - builder_new.set_chain_source_esplora(esplora_url, None); - - let node_new = builder_new - .build_with_vss_store(node_entropy, vss_base_url, "".to_owned(), HashMap::new()) - .unwrap(); - - node_new.start().unwrap(); - node_new.sync_wallets().unwrap(); - - let new_balance = node_new.list_balances().spendable_onchain_balance_sats; - let new_node_id = node_new.node_id(); - - assert_eq!(old_node_id, new_node_id); - assert_eq!(old_balance, new_balance); - - node_new.stop().unwrap(); -} - #[tokio::test(flavor = "multi_thread", worker_threads = 1)] async fn vss_node_restart() { let (bitcoind, electrsd) = common::setup_bitcoind_and_electrsd(); @@ -131,7 +63,7 @@ async fn vss_node_restart() { let storage_path = common::random_storage_path().to_str().unwrap().to_owned(); let mut seed_bytes = [42u8; 64]; - rand::thread_rng().fill_bytes(&mut seed_bytes); + rand::rng().fill_bytes(&mut seed_bytes); let node_entropy = NodeEntropy::from_seed_bytes(seed_bytes); // Setup initial node and fund it. From cf6cd174b495a77eaf4046e9c4d80adc93a7ddf1 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Fri, 20 Feb 2026 18:15:49 +0000 Subject: [PATCH 4/6] f update other tests --- src/io/vss_store.rs | 17 ++++++++++------- tests/integration_tests_vss.rs | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/io/vss_store.rs b/src/io/vss_store.rs index 111e8f447..71dc9e86d 100644 --- a/src/io/vss_store.rs +++ b/src/io/vss_store.rs @@ -1002,7 +1002,6 @@ mod tests { use rand::distr::Alphanumeric; use rand::{rng, Rng, RngCore}; - use vss_client::headers::FixedHeaders; use super::*; use crate::io::test_utils::do_read_write_remove_list_persist; @@ -1012,11 +1011,13 @@ mod tests { let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); let mut rng = rng(); let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect(); - let mut vss_seed = [0u8; 32]; + let mut vss_seed = [0u8; 64]; rng.fill_bytes(&mut vss_seed); - let header_provider = Arc::new(FixedHeaders::new(HashMap::new())); + let entropy = NodeEntropy::from_seed_bytes(vss_seed); let vss_store = - VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap(); + VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet) + .build_with_sigs_auth(HashMap::new()) + .unwrap(); do_read_write_remove_list_persist(&vss_store); } @@ -1025,11 +1026,13 @@ mod tests { let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); let mut rng = rng(); let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect(); - let mut vss_seed = [0u8; 32]; + let mut vss_seed = [0u8; 64]; rng.fill_bytes(&mut vss_seed); - let header_provider = Arc::new(FixedHeaders::new(HashMap::new())); + let entropy = NodeEntropy::from_seed_bytes(vss_seed); let vss_store = - VssStore::new(vss_base_url, rand_store_id, vss_seed, header_provider).unwrap(); + VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet) + .build_with_sigs_auth(HashMap::new()) + .unwrap(); do_read_write_remove_list_persist(&vss_store); drop(vss_store) diff --git a/tests/integration_tests_vss.rs b/tests/integration_tests_vss.rs index 498d4ad5e..a1b587758 100644 --- a/tests/integration_tests_vss.rs +++ b/tests/integration_tests_vss.rs @@ -13,7 +13,7 @@ use std::collections::HashMap; use ldk_node::entropy::NodeEntropy; use ldk_node::Builder; -use rand::{rng, RngCore}; +use rand::RngCore; #[tokio::test(flavor = "multi_thread", worker_threads = 1)] async fn channel_full_cycle_with_vss_store() { From 344eb8d5cd96e3dda025a7a74528e1ee325eae53 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 29 Jan 2026 15:36:11 +0000 Subject: [PATCH 5/6] Document when someone should want to use `store_id` --- src/builder.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/builder.rs b/src/builder.rs index 802ba7715..7fba4e880 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -591,6 +591,11 @@ impl NodeBuilder { /// /// `fixed_headers` are included as it is in all the requests made to VSS. /// + /// `store_id` allows you to segment LDK Node storage from other storage accessed with + /// [`VssStoreBuilder`] using the same [`NodeEntropy`] (as storage with different keys is + /// obviously segmented to prevent wallets from reading data for unrelated wallets). It can be + /// any value. + /// /// **Caution**: VSS support is in **alpha** and is considered experimental. /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted. @@ -619,6 +624,11 @@ impl NodeBuilder { /// The returned JWT token in response to the signed LNURL request, will be used for /// authentication/authorization of all the requests made to VSS. /// + /// `store_id` allows you to segment LDK Node storage from other storage accessed with + /// [`VssStoreBuilder`] using the same authentication (as storage with different keys is + /// obviously segmented to prevent wallets from reading data for unrelated wallets). It can be + /// any value. + /// /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. /// /// **Caution**: VSS support is in **alpha** and is considered experimental. @@ -990,6 +1000,11 @@ impl ArcedNodeBuilder { /// /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. /// + /// `store_id` allows you to segment LDK Node storage from other storage accessed with + /// [`VssStoreBuilder`] using the same [`NodeEntropy`] (as storage with different keys is + /// obviously segmented to prevent wallets from reading data for unrelated wallets). It can be + /// any value. + /// /// **Caution**: VSS support is in **alpha** and is considered experimental. /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted. @@ -1017,6 +1032,11 @@ impl ArcedNodeBuilder { /// /// `fixed_headers` are included as it is in all the requests made to VSS and LNURL auth server. /// + /// `store_id` allows you to segment LDK Node storage from other storage accessed with + /// [`VssStoreBuilder`] using the same authentication (as storage with different keys is + /// obviously segmented to prevent wallets from reading data for unrelated wallets). It can be + /// any value. + /// /// **Caution**: VSS support is in **alpha** and is considered experimental. /// Using VSS (or any remote persistence) may cause LDK to panic if persistence failures are /// unrecoverable, i.e., if they remain unresolved after internal retries are exhausted. From feeacab5b8e7d370c660548556cf0f8efcf1a683 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Mon, 23 Feb 2026 12:28:59 +0000 Subject: [PATCH 6/6] f rename vars --- src/io/vss_store.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/io/vss_store.rs b/src/io/vss_store.rs index 71dc9e86d..7bee47d6a 100644 --- a/src/io/vss_store.rs +++ b/src/io/vss_store.rs @@ -1011,8 +1011,8 @@ mod tests { let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); let mut rng = rng(); let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect(); - let mut vss_seed = [0u8; 64]; - rng.fill_bytes(&mut vss_seed); + let mut node_seed = [0u8; 64]; + rng.fill_bytes(&mut node_seed); let entropy = NodeEntropy::from_seed_bytes(vss_seed); let vss_store = VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet) @@ -1026,8 +1026,8 @@ mod tests { let vss_base_url = std::env::var("TEST_VSS_BASE_URL").unwrap(); let mut rng = rng(); let rand_store_id: String = (0..7).map(|_| rng.sample(Alphanumeric) as char).collect(); - let mut vss_seed = [0u8; 64]; - rng.fill_bytes(&mut vss_seed); + let mut node_seed = [0u8; 64]; + rng.fill_bytes(&mut node_seed); let entropy = NodeEntropy::from_seed_bytes(vss_seed); let vss_store = VssStoreBuilder::new(entropy, vss_base_url, rand_store_id, Network::Testnet)