Simplify keyset management to three core functions#2096
Open
crodas wants to merge 9 commits into
Open
Conversation
crodas
force-pushed
the
feature/simpler-wallet-key-management
branch
3 times, most recently
from
1d288d7 to
a7ee108
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2096 +/- ##
==========================================
+ Coverage 71.59% 71.67% +0.07%
==========================================
Files 356 356
Lines 74106 74361 +255
==========================================
+ Hits 53059 53301 +242
- Misses 21047 21060 +13 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
crodas
force-pushed
the
feature/simpler-wallet-key-management
branch
5 times, most recently
from
918427f to
ea9d710
Compare
Collaborator
I think I would change I would also keep What is the use case of the |
Collaborator
|
Or better we could avoid the enum KeysetLoadPolicy {
CacheOnly,
CacheThenNetwork,
Refresh,
}With the default CacheThenNetwork, |
crodas
force-pushed
the
feature/simpler-wallet-key-management
branch
2 times, most recently
from
c4b2401 to
55dd96c
Compare
thesimplekid
requested changes
Jun 19, 2026
thesimplekid
left a comment
thesimplekid
left a comment
Collaborator
There was a problem hiding this comment.
Can we add a test for how a wallet handle a receive that includes proofs from inactive keysets? I have seen issues with this and hope this PR fixes it or at least does not regress after #2114
Comment on lines
+38
to
+41
| KeysetLoadPolicy::CacheThenNetwork => { | ||
| self.metadata_cache | ||
| .load(&self.localstore, &self.client) | ||
| .await? |
Replace 6+ overlapping keyset functions with a clean, minimal API: - `keysets()`: Returns `Vec<KeySet>` (full keysets with keys included). In automatic mode, refreshes from the mint with graceful fallback to cached data on network failure. In manual mode (`set_keysets(Some(...))`), returns injected keysets directly without network access. - `active_keyset()`: Returns the active `KeySet` with the lowest input fee. - `keyset(id)`: Returns a single `KeySet` by ID. - `set_keysets(Option<Vec<KeySet>>)`: Enables manual keyset mode, bypassing the metadata cache entirely. Pass `None` to return to automatic mode. By returning full `KeySet` objects (which include `.keys`), the separate `load_keyset_keys(id)` function is no longer needed — callers access `.keys` directly from the keyset. Removed from Wallet and WalletTrait: - load_keyset_keys() - refresh_keysets() - fetch_active_keyset() - get_active_keyset() - get_mint_keysets(KeysetFilter) - load_mint_keysets() Also moves `metadata_cache_ttl` into `MintMetadataCache`, removing boilerplate TTL passing on every cache load call.
Introduces CacheOnly, CacheThenNetwork (default), and Refresh variants so callers can control whether keysets are loaded from cache, cache+network, or always refreshed. Adds load_cached() to MintMetadataCache for offline cache+DB access. Updates trait, FFI, and all callers.
When a mint rotates keysets, the wallet's cached active keyset becomes stale. Operations that build outputs with the old keyset get rejected with InactiveKeyset. Add retry_on_inactive_keyset helper that refreshes the keyset cache and retries once, applied to mint, swap, and receive.
Eliminate the dual-mode keyset code path (manual vs cache-based). Tests now go through the real metadata cache via MockMintConnector, which is upgraded to support multiple keysets.
crodas
force-pushed
the
feature/simpler-wallet-key-management
branch
from
55dd96c to
d6796c2
Compare
Verify the full receive preparation path works when a token contains proofs from an inactive keyset: token decoding, keyset lookup, fee calculation, and active keyset selection all succeed.
Only retry when the active keyset actually changes after refresh. If unchanged, return InactiveKeyset immediately. Add tests for retry-on-change, no-retry-when-unchanged, and no-retry-on-success.
Offline sends (OfflineExact/OfflineTolerance) now use KeysetLoadPolicy::CacheOnly so they never hit the network. Load all keysets once and derive fees, active IDs locally. Add tests for offline-without-cache, offline-with-cache, and online-from-network scenarios.
When the in-memory cache TTL expired, load() would fall back to the DB and return stale data instead of fetching fresh data from the mint. Fixed by only using the DB fallback when the cache is empty (cold start), not when it's stale. Also updated token_proofs doc comment.
load_from_db was setting updated_at to Instant::now(), making the TTL think DB-loaded data was freshly fetched. This delayed mint refreshes after cold starts. Now updated_at keeps its default value so the next load() correctly treats DB data as stale and fetches from the mint.
crodas
force-pushed
the
feature/simpler-wallet-key-management
branch
from
d6796c2 to
e1a8854
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replace 6+ overlapping keyset functions with a clean, minimal API:
keysets(): ReturnsVec<KeySet>(full keysets with keys included). In automatic mode, refreshes from the mint with a graceful fallback to cached data on network failure. In manual mode (set_keysets(Some(...))), returns injected keysets directly without network access.active_keyset(): Returns the activeKeySetwith the lowest input fee.keyset(id): Returns a singleKeySetby ID.set_keysets(Option<Vec<KeySet>>): Enables manual keyset mode, bypassing themetadata cache entirely. Pass
Noneto return to automatic mode.By returning full
KeySetobjects (which include.keys), the separateload_keyset_keys(id)function is no longer needed; callers access.keysdirectly from the keyset.Removed from Wallet and WalletTrait:
Also moves
metadata_cache_ttlintoMintMetadataCache, removing boilerplate TTL passing on every cache load call.Notes to the reviewers
Suggested CHANGELOG Updates
CHANGED
ADDED
REMOVED
FIXED
Checklist
just quick-checkbefore committingcrates/cdk-ffi)