recovery: L402 and static address recovery from local backup file#1121
recovery: L402 and static address recovery from local backup file#1121hieblmi wants to merge 10 commits into
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the resilience of Loop by introducing a robust local recovery system. It allows users to restore their static address and L402 client state from an encrypted backup, ensuring continuity of operations even after data loss or a fresh installation. The changes include automated backup creation on startup, a new CLI command for restoration, and a dedicated recovery service that handles encryption, key derivation, and integration with existing static address and deposit management functionalities. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a local recovery mechanism for Loop static addresses and L402 authentication state. It includes a new recovery package for managing encrypted backups, a recover CLI command, and a gRPC service to trigger the restoration process. On the daemon side, backups are automatically generated during startup. Feedback suggests that backup failures during startup should not prevent the daemon from running and recommends enhancing the atomic file writing logic with explicit synchronization and better temporary file cleanup.
hieblmi
force-pushed
the
recover-l402-static
branch
3 times, most recently
from
a2e5f02 to
83e2547
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
8 times, most recently
from
5790124 to
dddf020
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
from
dddf020 to
5dfa10c
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
13 times, most recently
from
d71f3a2 to
405e610
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
10 times, most recently
from
afff0cc to
eff46ef
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
from
eff46ef to
239b90a
Compare
hieblmi
force-pushed
the
recover-l402-static
branch
3 times, most recently
from
b018815 to
d3096f6
Compare
Derive confirmation heights from a stable wallet view, retain unconfirmed static-address deposits, mark vanished deposits as replaced after repeated misses, and replay the startup block to recovered deposit FSMs so expiry handling is not missed after restart.
Return static-address UTXOs only once they have active deposit records, report unconfirmed value separately, and reject unconfirmed deposits from withdrawal and channel-open paths that still require confirmed inputs.
Allow static loop-ins to select unconfirmed deposits, persist the original selected outpoints, validate that those outpoints are still available before HTLC signing, and align autoloop expiry ordering with static loop-in selection.
Subscribe to static loop-in confirmation-risk notifications, start the payment deadline only after server acceptance or legacy confirmation fallback, refresh selected deposits before the legacy fallback so recovered monitors use current confirmation heights, and cancel the swap invoice when the server rejects the risk wait.
Record server confirmation-risk decisions durably, wire notification persistence through loopd, recover payment-deadline timers after restart, and keep notification fanout cache state deduplicated by swap hash.
Low-confirmation static deposits can be accepted by the server only after asynchronous confirmation-risk policy permits them, so a CLI user may see a delay after confirming the swap. The warning must also reflect the deposits selected by automatic coin selection, not just manually provided outpoints. Add a static loop-in warning for selected deposits below the conservative six-confirmation threshold, mirror automatic selection for warning output, and cover manual and auto-selected warning cases in CLI tests.
Static loop-in replay sessions changed once low-confirmation warnings and payment-timeout prompts were added. The fixtures need to reflect the new CLI interaction sequence. Add replay fixtures for static loop-in warning prompts, and refresh payment-timeout and fee replay variants.
hieblmi
force-pushed
the
recover-l402-static
branch
from
d3096f6 to
2d70936
Compare
|
@hieblmi, remember to re-request review from reviewers when ready |
3 participants
only last commit is relevant for this PR, the rest is rebased on the dyn-conf-tracker PR
Adds encrypted local recovery for static-address/L402 state.
The recovery backup is written once per paid L402 generation and contains the paid l402.token, Bitcoin network, L402 token metadata, the L402-bound static-address server key, protocol/expiry, main/change key families, first address height, and the V0 client pubkey needed to recreate the current concrete static-address row.
On fresh installs, Loop restores the latest valid backup before creating a new paid L402 generation. Existing installs backfill the immutable backup for their active generation. loop recover restores a specific backup file, or the latest valid backup in the active network directory when no file is provided.
The backup intentionally does not store mutable address cursors, per-address rows, server xpubs, pkScript, Taproot address strings, deposit FSM state, or scan gap/lookahead policy. These values are either derivable or recovered through wallet/chain scanning and reconciliation.