Skip to content

inject privval instance spawned by cometbft into the signer #2981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

inject privval instance spawned by cometbft into the signer #2981

wants to merge 2 commits into from
+34 −4

Conversation

@tschuyebuhl
Copy link

@tschuyebuhl tschuyebuhl commented Nov 7, 2025

Background

At Chorus One, we recently deployed https://github.com/ChorusOne/nebula on Berachain as a remote signing solution that allows for decoupling of the validator node from the signer keys. It seemed to be running fine, but we noticed that our node was failing to propose a block.

After some further investigation, we found out that beacon-kit spawns another privval signer that's based on file-on-disk, requiring the node to have access to the key regardless of the remote signer deployed.
Also, the remote signer did not receive any SignBytes requests, which should be required for building blocks (IIRC it's randao?)

Proposed solution

After starting CometBFT, inject the built privval signer into the component provided to depinject. I deployed this on a local devnet, and I'm seeing the network progress, and also started seeing the requests (which currently on mainnet are absent)

[2025-11-07T13:15:20Z INFO  nebula::handler] Received request after 1.7734945s: ShowPublicKey
[2025-11-07T13:15:20Z INFO  nebula::handler] Processing request took: 5.25µs
[2025-11-07T13:15:20Z INFO  nebula::handler] Sending the response took: 132.791µs
[2025-11-07T13:15:20Z INFO  nebula::handler] Received request after 28.20575ms: SignBytes(snip)
[2025-11-07T13:15:20Z INFO  nebula::handler] Processing request took: 3.140291ms
[2025-11-07T13:15:20Z INFO  nebula::handler] Sending the response took: 140.083µs
[2025-11-07T13:15:20Z INFO  nebula::handler] Received request after 28.223625ms: SignBytes(snip)
[2025-11-07T13:15:20Z INFO  nebula::handler] Processing request took: 3.629916ms
[2025-11-07T13:15:20Z INFO  nebula::handler] Sending the response took: 136.458µs
[2025-11-07T13:15:20Z INFO  nebula::handler] Received request after 28.14925ms: SignProposal(h:185, r:0, step:32)
[2025-11-07T13:15:20Z DEBUG nebula::handler] waiting for lock
[2025-11-07T13:15:20Z DEBUG nebula::handler] lock acquired, took: 6.541µs
[2025-11-07T13:15:20Z INFO  nebula::safeguards] checking if proposal should be signed, state: ConsensusData 184/0/2, proposal: 185/0/32
[2025-11-07T13:15:20Z INFO  nebula::cluster] replicating state: ConsensusData 185/0/32, leader_id: 1

Other notes

Ideally, we'd just change the ProvideBlsSigner to return the Comet's privval from the get go, but that caused issues with circular dependencies, because we'd have to provide CometBFT service to the Signer, which currently is relatively pure and used by components which are in turn used by CometBFT, closing the loop.
Maybe there's some more sophisticated way to handle this. If so, please let me know! I'm not very well versed with cosmossdk / cometbft development, so there's a big chance this solution isn't optimal

@tschuyebuhl tschuyebuhl requested a review from a team as a code owner November 7, 2025 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tschuyebuhl