[2/n][guardian-integration] in-process e2e harness#466
Merged
0xsiddharthks merged 8 commits intomainfrom Apr 28, 2026
Merged
Conversation
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
aac0a18 to
2fd7fb1
Compare
0xsiddharthks
changed the title
0xsiddharthks
changed the base branch from
siddharth/guardian-restart-safety
to
siddharth/deploy-guardian
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
2fd7fb1 to
f58edae
Compare
0xsiddharthks
force-pushed
the
siddharth/deploy-guardian
branch
from
370b474 to
942504b
Compare
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
f58edae to
c124d70
Compare
This was referenced Apr 23, 2026
0xsiddharthks
force-pushed
the
siddharth/deploy-guardian
branch
from
942504b to
91bcf58
Compare
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
c124d70 to
2fcf91f
Compare
0xsiddharthks
force-pushed
the
siddharth/deploy-guardian
branch
from
91bcf58 to
e0a17e2
Compare
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
2fcf91f to
56510fb
Compare
0xsiddharthks
force-pushed
the
siddharth/deploy-guardian
branch
from
e0a17e2 to
1422d8d
Compare
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
56510fb to
1bb33df
Compare
0xsiddharthks
force-pushed
the
siddharth/deploy-guardian
branch
from
1422d8d to
89064c8
Compare
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
4 times, most recently
from
96f3774 to
49100e6
Compare
mskd12
reviewed
Apr 28, 2026
| aws-sdk-s3 = "1.12.0" | ||
| aws-credential-types = "1" | ||
|
|
||
| aws-smithy-mocks = { version = "0.1", optional = true } |
Contributor
There was a problem hiding this comment.
nit: any way to remove the mock library from the main dependency list? IIUC it is just used by the test harness, right?
Contributor
Author
There was a problem hiding this comment.
Yeah, afaik we can remove it, but then we have to pass --features test-utils everytime we want to run a test.
but i think we might be able to manage that via nextest profiles.
let me check.
mskd12
reviewed
Apr 28, 2026
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
f5289b5 to
67c9469
Compare
0xsiddharthks
changed the title
bmwill
approved these changes
Apr 28, 2026
Contributor
bmwill
left a comment
bmwill
left a comment
There was a problem hiding this comment.
not major issues, mostly just some nits or asks to add TODOs so we don't forget things.
| run_bitcoin_withdrawal_e2e(true).await | ||
| } | ||
|
|
||
| async fn run_bitcoin_withdrawal_e2e(with_guardian: bool) -> Result<()> { |
Contributor
There was a problem hiding this comment.
I suppose this makes sense while we are getting the integration hooked up. We may want to evaluate if we want to have all tests run with guardian by default eventually.
Comment on lines
+36
to
+38
| /// Start an operator-init'd guardian. Withdrawal RPCs stay gated until | ||
| /// [`Self::finalize`] completes provisioner-init. | ||
| pub async fn start(network: Network) -> Result<Self> { |
Contributor
There was a problem hiding this comment.
At which stage is the guardian pubkey available? Here or after finalize? we do need to commit to it, and likely a url of some such, onchain and it would probably be beneficial to be able to have the key available at contract init time.
Contributor
There was a problem hiding this comment.
From a conversation we had today, the committing onchain will be done post this series
| .await | ||
| .context("bind guardian harness listener")?; | ||
| let addr: SocketAddr = listener.local_addr()?; | ||
| let endpoint = format!("http://{addr}"); |
Contributor
There was a problem hiding this comment.
Just a note, do we want to use traditional TLS termination or require mTLS from the validators to the guardian?
Comment on lines
+307
to
+309
| nodes[0] | ||
| .wait_for_mpc_key(std::time::Duration::from_secs(120)) | ||
| .await?; |
Contributor
There was a problem hiding this comment.
We do we need this if we fetch the key from onchain below?
| .onchain_state() | ||
| .current_committee() | ||
| .ok_or_else(|| anyhow::anyhow!("no current committee after DKG"))?; | ||
| let master_pubkey = hashi.get_onchain_mpc_pubkey()?; |
Comment on lines
+137
to
+140
| /// URL of the `hashi-guardian` gRPC endpoint. When not set, the guardian | ||
| /// integration is bypassed. | ||
| #[serde(skip_serializing_if = "Option::is_none")] | ||
| pub guardian_endpoint: Option<String>, |
Contributor
There was a problem hiding this comment.
maybe add a TODO that this is temporary and will be removed once we commit it onchain?
Comment on lines
+14
to
+17
| pub struct GuardianClient { | ||
| endpoint: String, | ||
| channel: Channel, | ||
| } |
Contributor
There was a problem hiding this comment.
We should instrument this with metrics like we do our other gRPC client. Happy to add a TODO and add them as a follow up PR.
Comment on lines
+71
to
+72
| /// TODO: Investigate if it can be moved to std::sync::Mutex | ||
| pub shares: tokio::sync::Mutex<Vec<Share>>, |
Contributor
There was a problem hiding this comment.
yeah we should have this be std::sync::Mutex
Comment on lines
+11
to
+18
| pub mod enclave; | ||
| pub mod getters; | ||
| pub mod heartbeat; | ||
| pub mod init; | ||
| pub mod rpc; | ||
| pub mod s3_logger; // used by the monitor | ||
| pub mod setup; | ||
| pub mod withdraw; |
Contributor
There was a problem hiding this comment.
were these files just not getting compiled?
Comment on lines
-26
to
-32
| mod getters; | ||
| mod heartbeat; | ||
| mod init; | ||
| mod rpc; | ||
| mod s3_logger; | ||
| mod setup; | ||
| mod withdraw; |
Contributor
There was a problem hiding this comment.
ah this is where they were.
`GuardianHarness::finalize` and `create_fully_initialized_enclave` were running the same "drive an operator-init'd enclave to fully-initialized state" sequence (set BTC keys, build init state, state.init, mark logged) inline. Lift it into `hashi_guardian::test_utils::finalize_enclave` and call it from both. The harness's `finalize` shrinks to a single helper call plus the `is_fully_initialized` post-condition. No visibility or API changes to the `Enclave` types.
The `network` field was set in `start()` but never read internally; the getter was marked `#[allow(dead_code)]`. The enclave already owns the network, and `pub` already opts out of dead-code lint, so the attribute on a `pub` API was a smell.
Extract `run_bitcoin_withdrawal_e2e(with_guardian: bool)` as the shared body for the deposit → withdrawal → confirm flow. Both `test_bitcoin_withdrawal_e2e_flow` and `test_bitcoin_withdrawal_with_guardian_e2e_flow` now reduce to one-line wrappers that pass `false` / `true`. Forces the two flows to stay in lockstep — any future change to the deposit/withdrawal path is automatically exercised under both configurations. The guardian variant gains the post-deposit balance assertion and the withdrawal_request_id / withdrawal_txid log lines that were previously only in the no-guardian variant; behavior is otherwise unchanged. `setup_test_networks` is no longer called from the bitcoin-withdrawal test (its setup is now inlined into the parameterized helper) but remains in use by the other 3 e2e tests.
Reuse setup_test_networks via a shared `_with(builder)` helper so the guardian withdrawal flow doesn't re-implement the network-init logging. Trim doc comments on guardian_harness, finalize_enclave, and create_fully_initialized_enclave.
Collapse the wrapper + helper pair into one function that always takes a builder. The 3 existing call sites pass `TestNetworksBuilder::new() .with_nodes(4)` explicitly, which removes the wrapper-of-a-wrapper and keeps any future setup customization at the call site.
0xsiddharthks
force-pushed
the
siddharth/guardian-e2e-harness
branch
from
67c9469 to
dffff49
Compare
zhouwfang
pushed a commit
that referenced
this pull request
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enclave(+EnclaveConfig/EnclaveState/Scratchpad) frommain.rsinto a newenclave.rslib module— @mskd12 this is just a simple move. no changes made to the code.
enclave_btc_keypairandhashi_btc_master_pubkeywent from private topub(crate).init.rs::testsreads these fields directly viaenclave.config.<field>.get()enclave.rsallows the e2e-tests to construct and derive an enclave in-processtest-utilsfeature onhashi-guardianexposing constructors for partially/fully-initialized enclaves.Tests harness changes
e2e-tests::GuardianHarnessruns an in-process guardian over real gRPC.TestNetworksBuilder::with_guardian()orchestrates start → DKG → finalize.test_bitcoin_withdrawal_with_guardian_e2e_flowdoes full e2e flow with guardian