Skip to content

Commit

Permalink
Readme overhaul (#224)
Browse files Browse the repository at this point in the history
* chore(github/workflows): rename workflow names for better clarity
docs: add Contributing.md and Security.md for better project guidelines
feat(README.md): enhance project description, add badges, video link, and images for better understanding
feat: add nodeguard.png for visual representation in README.md

* feat: add CONTRIBUTING.md and SECURITY.md

Add CONTRIBUTING.md to provide guidelines for contributing to the project.
Add SECURITY.md to outline the project's security policy and reporting process.


---------

Co-authored-by: Rodrigo <[email protected]>
  • Loading branch information
Jossec101 and RodriFS authored Jul 10, 2023
1 parent 8ba6e84 commit 4863096
Show file tree
Hide file tree
Showing 6 changed files with 119 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build Docker image
name: Docker image build
on:
workflow_dispatch:
push:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dotnet.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: .NET Test on PR to main
name: Unit testing

on:
pull_request:
Expand Down
47 changes: 47 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Contributing

We appreciate your input! We aim to make contributing to this project as straightforward and transparent as possible, whether it's:

- Reporting a bug
- Discussing the current state of the code
- Submitting a fix
- Proposing new features
- Becoming a maintainer

## We Develop with Github
We use Github to host code, to track issues and feature requests, as well as accept pull requests.

## We Use Github Flow, so all code changes happen through pull requests
Pull requests are the best way to propose changes to the codebase. We actively welcome your pull requests:

1. Fork the repo and create your branch from `main`.
2. If you've added code that should be tested, add tests.
3. If you've changed APIs, update the documentation.
4. Ensure the test suite passes.
5. Issue that pull request!

## Any contributions you make will be under the AGPL Software License
In short, when you submit code changes, your submissions are understood to be under the same [AGPL License](http://choosealicense.com/licenses/agpl-3.0/) that covers the project. Feel free to contact the maintainers if that's a concern.

## Report bugs using Github's [issues](https://github.com/elenpay/nodeguard/issues)
We use GitHub issues to track public bugs. Report a bug by [opening a new issue](https://github.com/elenpay/nodeguard/issues); it's that easy!

## Write bug reports with detail, background, and sample code
Here's an example:

> Short and descriptive example bug report title
>
> A summary of the issue and the .NET/C# environment in which it occurs. If suitable, include the steps required to reproduce the bug.
>
> 1. This is the first step
> 2. This is the second step
> 3. Further steps, etc.
>
> `<a link to the reduced test case>`
>
> Any other information you want to share that is relevant to the issue being reported. This might include the lines of code that you have identified as causing the bug, and potential solutions (and your opinions on their merits).
## Use dotnet conventions
[Microsoft's .NET conventions](https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/coding-style/coding-conventions) are used in this project.
## License
By contributing, you agree that your contributions will be licensed under its AGPL License.
34 changes: 29 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,40 @@
# NodeGuard
![GitHub release (release name instead of tag name)](https://img.shields.io/github/v/release/Elenpay/NodeGuard)
![GitHub](https://img.shields.io/github/license/Elenpay/NodeGuard)
[![Unit tests](https://github.com/Elenpay/NodeGuard/actions/workflows/dotnet.yml/badge.svg)](https://github.com/Elenpay/NodeGuard/actions/workflows/dotnet.yml)
[![Docker image build](https://github.com/Elenpay/NodeGuard/actions/workflows/docker.yaml/badge.svg)](https://github.com/Elenpay/NodeGuard/actions/workflows/docker.yaml)

Treasury management is a key component of the operational management of a lightning node. Having a lightning node with a lot of funds can become a cumbersome task when you need to operate at a scale with proper security mechanisms, however, lightning channels need liquidity from a Bitcoin treasury. In this context, a bitcoin treasury is a way of describing the source of funds required to enable the operations of a lightning service provider such as ours. We identified in this process that we would like to reduce the threat surface to the maximum extent possible, remember the mantra, not your keys, not your coins. And this is what we wanted, having a way to open lightning channels without real access to the private keys for node operators. This way, no technical members would have access to the private keys, and the lightning nodes on-chain funds in hot wallets would be the minimum as possible (this is subject to the lightning implementation you might use). In this use case, Node Operators want to sleep at night without having to worry about managing the private keys of a bitcoin treasury with a decent amount of funds. So based on the principle of least privilege (PoLP), we decided to split this responsibility by developing NodeGuard, a treasury management solution for lightning nodes. NodeGuard is a web application written in ASP.NET Core Blazor to provide an easy and intuitive UI for non-technical fellows who manage a Bitcoin treasury in lightning nodes.
<p align="center">
<img src="nodeguard.png">
</p>
NodeGuard is an open-source technology stack developed to simplify treasury operations for lightning nodes, focusing on both Security and UX. It enables the management of lightning treasury funds, adhering to the principles of separation of duties and the principle of least privilege. These principles form the core of NodeGuard's functionality, aiming to eliminate the need for an internal node hot wallet and to separate key management from the actual node operators. At present, NodeGuard supports only LND. For a more detailed understanding, please watch the video below.

[![Watch the video](https://img.youtube.com/vi/qIQ5J0npj0c/maxresdefault.jpg)](https://youtu.be/qIQ5J0npj0c)

Current features of NodeGuard are the following:

- Funding and opening of a lightning channel through read-only(no private key access) multisig wallets
- Asynchronous approval process based on Role-based Access Control (RBAC) and multisig wallets.
- Asynchronous channel funding leveraging cold multisig wallets and hot wallets
- Multisig wallet creation and import (BIP39), only segwit for now
- Liquidity automation by settings rules in tandem with [NodeGuard liquidator](https://github.com/Elenpay/liquidator)
- Optional remote signing through [NodeGuard Remote Signer](https://github.com/Elenpay/Nodeguard-Remote-Signer) functions for channel funding transactions, separating the NodeGuard keys from the actual software
- Automatic sweeping of funds in lightning nodes to avoid having funds on the node hot wallets
- Channel management
- Channel creation interception with returning address to multisig wallets to avoid having funds on hot wallets
- Support for hardware wallets to sign the PSBTs for channel funding transactions
- Minimalistic in-browser wallet with [NodeGuard Companion](https://github.com/Elenpay/Nodeguards-Companion) to ease signing of transactions and wallet creation
- In-browser notification systems for channel approvals
- Optional remote signing through AWS Lambda functions for channel funding transactions, separating the NodeGuard keys from the actual software
- Two-factor authentication

# Contributing
Check [Contributing.md](CONTRIBUTING.md)

# Roadmap

TODO

# Dev environment quickstart

1. Run polar regtest network with Polar, import devnetwork.polar.zip (in the root of this repo) and start it
1. Run polar regtest network with Polar, import devnetwork.zip (in the root of this repo) and start it
2. Open FundsManager.sln with Visual Studio or your favourite IDE/EDITOR
3. Set startup project to docker-compose
4. Run
Expand Down Expand Up @@ -74,4 +94,8 @@ cd docker
docker-compose -f docker-compose.dev-novs.yml up -d
```

# Security
Check [Security.md](SECURITY.md)

# LICENSE
This project is licensed under AGPLv3.0. Check [LICENSE](LICENSE) for more information.
41 changes: 41 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Security Policy

## Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

| Version | Supported |
|---------|-----------|
| 0.X.X | Yes |

## Reporting a Vulnerability

We take the security of our software products seriously. If you believe you have found a security vulnerability in our product, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

To ensure the security of our systems and adhere to our Security Policy, we request that you send us your findings encrypted using our OpenPGP public key.

Our OpenPGP public key is:

```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZKNbhxYJKwYBBAHaRw8BAQdArdwZ+sX9NIKUDYjLOtEBMKtJvmah3e+nv9+n
kENrzyi0GGluZm8gPGluZm9AZWxlbnBheS50ZWNoPoiZBBMWCgBBFiEEyPJQpxHl
EEQfizPVWhx558FkhycFAmSjW4cCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYC
AwECHgcCF4AACgkQWhx558FkhydgJAD8CFROZ4LkVqHATcJxJXG9m/4kmPDCqkhQ
i1N7gjreBT4BALPEJ14DC73GMuk2lD2xdgFnIS0LVdjKRdO9SVJqC+oFuDgEZKNb
hxIKKwYBBAGXVQEFAQEHQGv+vnXOegvqEKf+Ka5xKUd8Mz7syGYyxsYj3hAuKAEA
AwEIB4h+BBgWCgAmFiEEyPJQpxHlEEQfizPVWhx558FkhycFAmSjW4cCGwwFCQPC
ZwAACgkQWhx558Fkhye8RgEA4UoUziqD6+6sFtW4N2tht1dphcnT/1fmO0K9Zeuo
ziEBAJFzQyJdThxlNoPaiHJDNDmkqjtEnJcZQ+u8xnmmPK4H
=PJJ2
-----END PGP PUBLIC KEY BLOCK-----
```


Please email us directly at [[email protected]](mailto:[email protected]) with your encrypted findings. Do not disclose the issue in our public issue tracker.

After the initial reply to your report, our team will keep you informed about the progress towards a fix and full announcement, and may ask for additional information or guidance.

We appreciate your effort to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
Binary file added nodeguard.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 4863096

Please sign in to comment.