[CRE] Add confidential relay gateway handler#21356
Open
[CRE] Add confidential relay gateway handler#21356
Conversation
Contributor
|
👋 nadahalli, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
Contributor
|
I see you updated files related to
|
Contributor
|
✅ No conflicts with other open PRs targeting |
nadahalli
changed the title
nadahalli
changed the title
Gateway-side handler that receives JSON-RPC requests from the enclave, fans them out to relay DON nodes, and aggregates 2F+1 quorum responses. Follows the vault handler pattern but simplified: no authorization, no caching, no OCR3 signatures, no owner-prefixed request IDs.
…ror/LimitExceededError
|
|
|
This was referenced Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
handlers.Handlerconfidential-compute-relayhandler type inhandler_factory.goPairs with #265 (node-side relay handler in confidential-compute).
Changes
core/services/gateway/handlers/confidentialrelay/handler.go:Handlerinterface implementation. Fan-out to relay DON nodes, response aggregation, timeout cleanup. Single code path for all methods.core/services/gateway/handlers/confidentialrelay/aggregator.go: 2F+1 quorum by response digest. No signature validation tier (relay responses have no OCR3 signatures).core/services/gateway/handlers/confidentialrelay/handler_test.go: 13 tests covering quorum success (mock + real aggregator), divergent responses, quorum unobtainable, timeout, duplicate request IDs, rate limiting, late responses, fan-out failure, legacy message rejection, and both JSON-RPC methods.core/services/gateway/handler_factory.go: NewConfidentialRelayHandlerTypeconstant and switch case.Key simplifications vs vault handler
capabilitiesRegistrydependencywriteMethodsEnabledgate limiterNote: shared handler infrastructure
~400 of the ~430 lines here are generic fan-out/aggregate boilerplate copied from the vault handler (
activeRequestlifecycle,HandleNodeMessage,fanOutToNodes,removeExpiredRequests,sendResponse,errorResponse, metrics). The actual method-specific logic is ~5 lines inHandleJSONRPCUserMessage.The same pattern is independently re-implemented in at least three handlers:
A generic base handler in
handlers/common/could extract the shared ~400 lines. Relay would shrink to ~50 lines. Vault would wrap the base with its auth/caching/routing layer. Didn't do this here because it's a refactor of existing gateway handler internals that should be its own PR.