Skip to content

feat(backend, mock-ase): encrypted data exchange#3888

Merged
sanducb merged 28 commits intomainfrom
feature/encrypted-data-exchange
May 6, 2026
Merged

feat(backend, mock-ase): encrypted data exchange#3888
sanducb merged 28 commits intomainfrom
feature/encrypted-data-exchange

Conversation

@sanducb
Copy link
Copy Markdown
Contributor

@sanducb sanducb commented Apr 6, 2026

Changes proposed in this pull request

This PR adds support for sending encrypted additional data over ILP on which the receiving ASE can action upon i.e. approve/reject a specific payment (e.g. if AML/KYC checks were not successful).

Context

Closes Rafiki Encrypted Data Exchange project

Checklist

  • Related issues linked using fixes #number
  • Tests added/updated
  • Make sure that all checks pass
  • Bruno collection updated (if necessary)
  • Documentation issue created with user-docs label (if necessary)
  • OpenAPI specs updated (if necessary)

@sanducb sanducb requested review from mkurapov and njlie April 6, 2026 14:54
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 6, 2026
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit b040ac8
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69fb17fb0c618b0008c8e79b

@github-actions github-actions Bot added type: tests Testing related pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package. type: source Changes business logic pkg: mock-ase pkg: documentation Changes in the documentation package. pkg: mock-account-service-lib labels Apr 6, 2026
@sanducb sanducb changed the title feat: encrypted data exchange feat(backend, mock-ase): encrypted data exchange Apr 6, 2026
@sanducb sanducb force-pushed the feature/encrypted-data-exchange branch from 3bea0bd to e8c8822 Compare April 7, 2026 06:53
njlie and others added 4 commits April 7, 2026 10:13
@njlie @sanducb
feat(backend): update sender data in incoming partial payment webhook (
48e71ca 
…#3810)

* feat: update sender data in incoming partial payment webhook

* feat(backend): update partial payment payload in webhook

* feat: uuid to id, use args object
@njlie @sanducb
feat(backend): add confirmPartialIncomingPayment resolver (#3819)
28125e9 
* feat: update sender data in incoming partial payment webhook

* feat(backend): update partial payment payload in webhook

* feat: uuid to id, use args object

* feat(backend): add confirmPartialIncomingPayment resolver

* feat: move return, revert jest env

* chore: rename kyc decision prefix
@njlie @sanducb
feat(backend): reject partial payment gql api (#3823)
921a317 
* feat(backend): add confirmPartialIncomingPayment resolver

* feat: move return, revert jest env

* feat(backend): reject partial payment gql api

* fix: use correct redis key

* fix: use const

* feat: move redis call out of resolver
@sanducb
feat(backend): add middleware that handles STREAM KYC/additional data…
fa44fe8 
… frames (#3706)

* feat(backend): add middleware that handles STREAM KYC/additional data payloads - wip

* feat(backend): add wip comment

* feat: support arbitrary data on prepare packets - WIP

* feat(pay): add controller to handle additional data in STREAM packets

* feat: add STREAM connection id in cache key for KYC response, remove unused env vars

* chore: address PR comments

* chore: add tests for payment decision middleware and interledgerjs changes

* fix: update app data controller ti return F99

* feat: update additional data middleware logic, add pay and stream-receiver updates

* chore(backend): use updated pay and stream-receiver from npm, update lockfile

* feat(backend): refactor partial payment middleware, add handler for partial payments to mock ASE

* fix(backend): fix build errors in CI

* fix(backend): formatting

* fix(backend): formatting

* fix(backend): partial payment decision middleware tests

* fix(backend): formatting

* feat(backend): address review comments

* feat(backend): address PR comments

* fix(backend): fix failing CI tests

* chore: align open-payments-specifications with feature/encrypted-data-exchange

* fix: webhooks tests

* fix: delete flaky test

* fix: backend build

* chore: address review comments
@sanducb sanducb force-pushed the feature/encrypted-data-exchange branch from e8c8822 to fa44fe8 Compare April 7, 2026 07:18
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 7, 2026
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 45.72
  • Iterations/s: 15.25
  • Failed Requests: 0.00% (0 of 2750)
📜 Logs 

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test -k -q --vus 4 --duration 1m

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 993 kB 17 kB/s
     data_sent......................: 2.1 MB 35 kB/s
     http_req_blocked...............: avg=6.52µs   min=2.16µs   med=5.45µs   max=372.67µs p(90)=6.67µs   p(95)=7.34µs  
     http_req_connecting............: avg=238ns    min=0s       med=0s       max=184.25µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=86.83ms  min=7.18ms   med=70.14ms  max=390.55ms p(90)=153.04ms p(95)=175.25ms
       { expected_response:true }...: avg=86.83ms  min=7.18ms   med=70.14ms  max=390.55ms p(90)=153.04ms p(95)=175.25ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2750
     http_req_receiving.............: avg=91.73µs  min=26.22µs  med=81.24µs  max=1.97ms   p(90)=118.19µs p(95)=140.34µs
     http_req_sending...............: avg=37.04µs  min=9.88µs   med=28.92µs  max=4.3ms    p(90)=42.45µs  p(95)=55.74µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=86.7ms   min=7.04ms   med=70.04ms  max=390.15ms p(90)=152.81ms p(95)=175.14ms
     http_reqs......................: 2750   45.72187/s
     iteration_duration.............: avg=262.09ms min=167.41ms med=248.68ms max=814.7ms  p(90)=319.93ms p(95)=351.44ms
     iterations.....................: 917    15.246165/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

njlie
njlie previously approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@njlie njlie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM just needs the merge conflicts fixed, of course

@sanducb sanducb requested a review from BlairCurrey April 14, 2026 14:22
@sanducb sanducb force-pushed the feature/encrypted-data-exchange branch from ab50e18 to bdc1dfa Compare April 14, 2026 19:30
@sanducb sanducb requested review from BlairCurrey and njlie April 17, 2026 15:08
@sanducb
Copy link
Copy Markdown
Contributor Author

sanducb commented Apr 17, 2026
edited
Loading

Seems like backend build is failing because of some failing Tigerbeetle tests, but all the other (build) jobs are successful. Currently looking into this issue, might be related to the new lockfile or overrides that I added on this branch. Nothing related to the data exchange logic, though.

@BlairCurrey
Copy link
Copy Markdown
Contributor

BlairCurrey commented Apr 17, 2026
edited
Loading

I looked at the failing backend tests and why testcontainer couldnt find docker. No resolution yet. Here is what I found:

Last working commit: 683096a.

After that the lockfile is broken - once its fixed and the tests can be run we see the error. See this on install: Broken lockfile: no entry for '/regenerator-runtime/0.14.0' in pnpm-lock.yaml

I pinned testcontainers to 10.16 (previous version before lockfile fix upraded it) locally and dont see the errors. Not sure about the root cause though. I thought maybe it was how an internal test container dependency (docker-modem: apocas/docker-modem#156, apocas/docker-modem#157) resolves the docker socket when not provided one but i couldnt confirm. I tried to set the DOCKER_HOST env var explicitly. Saw the same error.

The failure we are seeing, for reference:

FAIL packages/backend/src/accounting/tigerbeetle/service.test.ts
  ● Test suite failed to run

    Could not find a working container runtime strategy

      27 |     ])
      28 |     .withAddedCapabilities('IPC_LOCK')
    > 29 |     .withCommand([
         |                          ^
      30 |       'format',
      31 |       '--cluster=' + tigerBeetleClusterId,
      32 |       '--replica=0',

      at getContainerRuntimeClient (node_modules/.pnpm/testcontainers@10.28.0/node_modules/testcontainers/src/container-runtime/clients/client.ts:63:9)
      at GenericContainer.start (node_modules/.pnpm/testcontainers@10.28.0/node_modules/testcontainers/src/generic-container/generic-container.ts:86:20)
      at startTigerBeetleContainer (packages/backend/src/tests/tigerbeetle.ts:29:26)
      at TigerBeetleEnvironment.setup (packages/backend/jest.tigerbeetle-environment.ts:22:29)

@BlairCurrey
Copy link
Copy Markdown
Contributor

BlairCurrey commented Apr 20, 2026

I looked at the failing backend tests and why testcontainer couldnt find docker. No resolution yet. Here is what I found:

Last working commit: 683096a.

After that the lockfile is broken - once its fixed and the tests can be run we see the error. See this on install: Broken lockfile: no entry for '/regenerator-runtime/0.14.0' in pnpm-lock.yaml

I pinned testcontainers to 10.16 (previous version before lockfile fix upraded it) locally and dont see the errors. Not sure about the root cause though. I thought maybe it was how an internal test container dependency (docker-modem: apocas/docker-modem#156, apocas/docker-modem#157) resolves the docker socket when not provided one but i couldnt confirm. I tried to set the DOCKER_HOST env var explicitly. Saw the same error.

The failure we are seeing, for reference:

FAIL packages/backend/src/accounting/tigerbeetle/service.test.ts
  ● Test suite failed to run

    Could not find a working container runtime strategy

      27 |     ])
      28 |     .withAddedCapabilities('IPC_LOCK')
    > 29 |     .withCommand([
         |                          ^
      30 |       'format',
      31 |       '--cluster=' + tigerBeetleClusterId,
      32 |       '--replica=0',

      at getContainerRuntimeClient (node_modules/.pnpm/testcontainers@10.28.0/node_modules/testcontainers/src/container-runtime/clients/client.ts:63:9)
      at GenericContainer.start (node_modules/.pnpm/testcontainers@10.28.0/node_modules/testcontainers/src/generic-container/generic-container.ts:86:20)
      at startTigerBeetleContainer (packages/backend/src/tests/tigerbeetle.ts:29:26)
      at TigerBeetleEnvironment.setup (packages/backend/jest.tigerbeetle-environment.ts:22:29)

As mentioned in Slack I think it would be best to revert the testcontainer upgrade and handle that in our normal renovate package updating process. The update was just incidental to fixing the lockfile. Should make an issue for it though.

@github-actions github-actions Bot added the pkg: auth Changes in the GNAP auth package. label Apr 20, 2026
@github-actions github-actions Bot added the type: ci Changes to the CI label Apr 21, 2026
@github-actions github-actions Bot removed type: ci Changes to the CI pkg: auth Changes in the GNAP auth package. labels Apr 23, 2026
@mkurapov mkurapov mentioned this pull request Apr 23, 2026
Merged
6 tasks
mkurapov and others added 2 commits May 4, 2026 12:16
@mkurapov
chore: minor updates for encrypted data exchange feature (#3911)
26b01aa 
* doc: update encrypted data exchange doc

* chore: rename dataToTransmit to dataFromSender on recipient side

* chore: rename updatePartialPaymentDecision args

* test: add test for updatePartialPaymentDecision and for processPartialPayment

* chore: make the partial payment decision success case more explicit

* test: rename dataToTransmit to dataFromSender

* test(backend): updates partial payment decision middleware tests

* chore: update pay library version

* chore: update pay library to alpha 12
@sanducb
fix: use dataFromSender instead dataToTransmit when decrypting webhoo…
1bc8c74 
…k data
BlairCurrey
BlairCurrey previously approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@BlairCurrey BlairCurrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 small thing in the docs but looks good overall. ping me if you make any changes and need a re-review

Comment thread localenv/docs/encrypted-data-exchange.md Outdated

In the `happy-life-bank-mock-ase` logs:

- `incoming_payment.partial_payment_received` webhook was received, with `partialIncomingPaymentId` and the `dataToTransmit` defined in the payload
Copy link
Copy Markdown
Contributor

@BlairCurrey BlairCurrey May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small thing but shouldn't dataToTransmit here be dataFromSender? I know there was a partial replacement of these terms but I think this one should be from sender. judging by the incomingPaymentEvent in the webhook.yaml open api spec, mock ase handleIncomingPartialPaymentReceived webhook handler, etc.

@sanducb sanducb requested a review from BlairCurrey May 6, 2026 07:11
mkurapov
mkurapov reviewed May 6, 2026
View reviewed changes
Comment thread packages/backend/src/graphql/schema.graphql Outdated
@sanducb sanducb requested a review from mkurapov May 6, 2026 10:41
@sanducb sanducb merged commit b2aefbe into main May 6, 2026
39 of 58 checks passed
@sanducb sanducb deleted the feature/encrypted-data-exchange branch May 6, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkurapov mkurapov mkurapov approved these changes

@njlie njlie Awaiting requested review from njlie

@BlairCurrey BlairCurrey Awaiting requested review from BlairCurrey

Assignees

No one assigned

Labels

pkg: backend Changes in the backend package. pkg: documentation Changes in the documentation package. pkg: frontend Changes in the frontend package. pkg: mock-account-service-lib pkg: mock-ase type: source Changes business logic type: tests Testing related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sanducb @BlairCurrey @mkurapov @njlie