A service providing threshold signature scheme (TSS) operations for vaults. Works with Vultisig Plugins to process and sign blockchain transactions.

• Vault management (create, retrieve, manage)
• TSS operations with DKLS
• Transaction processing
• Policy enforcement
• Asynchronous processing

• Core Components: API server, Worker service, PostgreSQL/Redis storage
• Integration: Receives transactions from Plugins, processes them securely
• Security Model: Plugins handle business logic; Verifier manages cryptographic operations

• Go 1.24.2+, PostgreSQL 14+, Redis 6+, Docker

# create a shared network for docker containers
docker network create shared_network
# start verifier and worker in docker compose
make up

# seed the postgres database with initial data
make seed-db

To debug Docker containers in GoLand with breakpoints, refer to this article.

For convenient usage of debug breakpoints in GoLand, you can start only infra/db with Docker, and backend services outside Docker. Configs shared in .run directory, all envs already configured correctly. It will run:

• Verifier Server (don't forget to set http://localhost:8081 instead of http://payroll-server:8080 in plugins table);
• Verifier Worker;
• Tx Indexer Worker;
• Plugins Frontend;

How to install dev version of Chrome extension from desired branch:

• Clone vultisig-windows repo and checkout to desired branch;
• yarn install to install deps;
• yarn run build:extension to build Chrome extension files;
• Open Chrome and load extension there:
  • Open chrome://extensions;
  • Click Developer mode toggle at top-right;
  • Click Load unpacked;
  • Select vultisig-windows/clients/extension/dist folder;
  • Now you'll see Vultisig Extension at the extensions list;

To switch branch or update it: rebuild code and click Reload button near Vultisig Extension at the extensions list — Chrome would reload files from the same path;

You can configure the verifier and worker by modifying the following files:

• verifier.example.json
• worker.example.json
• tx_indexer.example

These files define settings for:

• Server (port, host)
• Database connection
• Redis connection
• Storage options (S3 or local)
• TSS parameters

Each service uses its corresponding example file as the default config.json in both production and development Docker configurations..

Authentication: /auth (POST), /auth/refresh (POST), /auth/me (GET, vault JWT)

Vault Management:

• Reshare: /vault/reshare (POST)
• Get: /vault/get/:pluginId/:publicKeyECDSA (GET, vault JWT)
• Check: /vault/exist/:pluginId/:publicKeyECDSA (GET)

Plugins:

• List available: /plugins (GET), /plugins/available (GET)
• Installed (for vault): /plugins/installed (GET, vault JWT)
• Recipe schema: /plugins/:pluginId/recipe-specification (GET)
• Policy suggest: /plugins/:pluginId/recipe-specification/suggest (POST)

User Fees:

• Status: /fee/status (GET, vault JWT)

Service-to-Service (X-Service-Key header, configured via service.key):

• Fee status by public key: /service/fee/status?public_key= (GET)
• Installed plugins by public key: /service/plugins/installed?public_key= (GET)

Signing:

• Sign: /plugin-signer/sign (POST, plugin API key)
• Get results: /plugin-signer/sign/response/:taskId (GET, plugin API key)

Key directories:

• /cmd - Entry points (verifier, worker)
• /internal - Core implementation (API, services, storage)
• /types - Data structures
• /vault - Vault storage implementations

Testing:

# Unit tests
go test ./[path]/...

# Plugin integration tests
make test-integration                      # Run all tests

See LICENSE file for terms.