document

Author: conorpp

README.md

@@ -1,18 +1,135 @@
 # Offchain
 
-Like crosschain, but offchain.
+Offchain is a server that consolidates API keys in a central, secure location, and presents
+a universal API that can be used to manage funds. This is intended for making withdrawals,
+sub-account transfers, and deposits. Trading is out of scope.
 
-## Addresses
+Being able to withdraw funds directly from an exchange is a very sensitive operation. If you
+withdraw to the wrong address, those funds could be lost forever. This necessitates a separate
+application to take 'custody' of withdrawal-permissioned API keys.
 
-For our testing, we want addresses to add the following "crosschain" addresses
-to exchange allowlists. If there is a universal address option, we should use that.
+### Features
 
-API keys should either be read only, or have full read + trade + withdraw permissions.
+- Simple configuration
+- Single binary
+- Rich exchange support and incredibly lightweight framework to easily add more
+- Strong authentication using ed25519 based [http-signatures](https://datatracker.ietf.org/doc/html/rfc9421).
+- Stateless
+- Universal asset symbology (based on Cordial Systems asset registry)
+- Can store exchange API keys in popular secret managers (vault, gcp, aws, etc).
+- Ability exchange exchange operations on CLI.
+- [Stable OpenAPI API](https://cordialapis.stoplight.io/docs/Exchange/2gnp0107q21eh-exchange)
 
+# Usage
+
+First, configure API keys for supported exchanges.
+
+```yaml
+# config.yaml
+offchain:
+  # setup API keys for the exchanges
+  exchanges:
+    binance:
+      # load from your favorite secret manager
+      api_key: "gcp:your_gcp_project,API_KEY_NAME"
+      secret_key: "gcp:your_gcp_project,API_SECRET_NAME"
+      # include any sub-accounts
+      subaccounts:
+        - id: "offchain1@example.com"
+          api_key: "gcp:your_gcp_project,SUB1_API_KEY_NAME"
+          secret_key: "gcp:your_gcp_project,SUB1_API_KEY_SECRET_NAME"
+        # ...
+```
+
+API keys can be loaded from env, file, or from you favorite secret manager (see `oc secret --help`).
+
+Second, generate a ed25519 key to authenticate to the `offchain` server. [HTTP Signatures](https://datatracker.ietf.org/doc/html/rfc9421)
+are used.
+
+You can generate a client-side key like so (private key will be written to disk).
+
+```bash
+oc keys generate mykey
+# client-keys/mykey
+# e7a205bbe21184f4f6cd72e7ba659566d96b8aea00e49b9967328b0109f9c706
+```
+
+Now update your server configuration again with the public key.
+
+```yaml
+offchain:
+  server:
+    public_keys:
+      - id: "mykey"
+        key: "abf9649d7a0a7534cde49f12de47effd601e60a2258e51b5a257af9ef78e901f"
 ```
-SOL 8Rub84DA2L6BH2FVKzVBxD7jp1i6o1BtrCunm51hQcg2
-EVM 0x3fa26f0dc74cfa8a56cb9d5f94245524d0888277
-APTOS 0x5249a0f1ccb427e6595343ef001ec18765fd325beb70fbea0a9c25807167e60d
+
+Start the server.
+
+```bash
+oc start --config ./config.yaml -v
 ```
 
-Ideally tokens like USDC and USDT should be able to be used on the addresses above.
+Now make requests against it.
+
+```bash
+# Lookup main account balances
+oc api balances --exchange binance --sign-with mykey
+
+# Lookup balance of a sub-account
+oc api balances --subaccount offchain1@example.com --exchange binance --sign-with mykey
+
+# Make sub-account transfer from main to sub-account
+oc api --exchange binance transfer --to offchain1@example.com  --symbol USDC --amount 3 --sign-with mykey
+# From sub-account to main
+oc api --exchange binance transfer --from offchain1@example.com  --symbol USDC --amount 2 --sign-with mykey
+
+# Make a withdrawal from main account
+oc api --exchange binance withdraw --to "<your-solana-address>" --network SOL --symbol USDC --sign-with mykey
+
+# Look at withdrawal history
+oc api --exchange binance history --sign-with mykey
+```
+
+# Policy
+
+To further enhance the security, policies should be built on top of `offchain`. For example, you should check that
+a withdrawal address is approved before signing a request to `offchain`.
+
+[Cordial Treasury](https://cordialsystems.com/) integrates with `offchain` and includes rich Transfer policies. It is default deny,
+and allows you to easily build allow-lists, notional transfer limits, and approval/quorom conditions.
+
+![](./docs/treasury-example.png)
+
+Cordial Treasury will enforce policies, then sign requests to offchain using an MPC key. Both Cordial Treasury and offchain are non-custodial, self-hosted products.
+
+# Supported Exchanges
+
+Exchange clients are lightweight, pure go implementations. It's very easy to add support for new exchanges.
+
+- Backpack
+- Binance
+- Binance US
+- Bybit
+- Okx
+
+# API Reference
+
+See the [API reference](https://cordialapis.stoplight.io/docs/Exchange/2gnp0107q21eh-exchange).
+
+For http-authorization, you can look at or use the simple [http-signature package](./pkg/httpsignature/).
+
+# Crosschain
+
+We maintain a similar library, [crosschain](https://github.com/cordialsys/crosschain). It's like offchain,
+but solely for blockchains. You can locally generate addresses and make transfers on many different blockchains (as well as manage staking).
+
+You could use both `oc` and `xc` to fully rebalance and/or take custody of your portfolio across all different exchanges
+and blockchain networks.
+
+# Roadmap
+
+### Universal asset symbols
+
+We are still building out the universal asset integration. If you have interest in this, reach out to us at https://cordialsystems.com/contact
+and we can escalate.

cmd/oc/exchange/cmd.go

@@ -29,26 +29,8 @@ func printJson(data interface{}) {
 
 type contextKey string
 
-// const exchangeConfigKey contextKey = "exchange_config"
-
-// const exchangeAccountSecretsKey contextKey = "exchange_account_secrets"
-// const configContextKey contextKey = "config"
 const exchangeClientKey contextKey = "exchange_client"
 
-// func unwrapExchangeConfig(ctx context.Context) *oc.ExchangeConfig {
-// 	return ctx.Value(exchangeConfigKey).(*oc.ExchangeConfig)
-// }
-
-// func unwrapAccountSecrets(ctx context.Context) *oc.Account {
-// 	return ctx.Value(exchangeAccountSecretsKey).(*oc.Account)
-// }
-
-// func unwrapAccountConfig(ctx context.Context) (*oc.ExchangeConfig, *oc.Account) {
-// 	exchangeConfig := unwrapExchangeConfig(ctx)
-// 	secrets := unwrapAccountSecrets(ctx)
-// 	return exchangeConfig, secrets
-// }
-
 func unwrapClient(ctx context.Context) loader.Client {
 	return ctx.Value(exchangeClientKey).(loader.Client)
 }
@@ -197,7 +179,7 @@ func NewExchangeCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:               "exchange",
 		Short:             "Execute command directly using exchange APIs and local secrets configuration",
-		Aliases:           []string{"e", "ex"},
+		Aliases:           []string{"x", "ex"},
 		SilenceUsage:      true,
 		PersistentPreRunE: exchangePreRun,
 	}

cmd/oc/exchange/list_subaccounts.go

@@ -10,6 +10,7 @@ func NewListSubaccountsCmd() *cobra.Command {
 		SilenceUsage: true,
 		Use:          "subaccounts",
 		Short:        "List all configured subaccounts on an exchange",
+		Aliases:      []string{"sub-accounts"},
 
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cli := unwrapClient(cmd.Context())

cmd/oc/secret.go

@@ -10,10 +10,15 @@ import (
 
 func NewSecretCmd() *cobra.Command {
 	multi := false
+	help := ""
+	for _, t := range secret.Types {
+		help += fmt.Sprintf("%s: %s\n", t, t.Usage())
+	}
 	cmd := &cobra.Command{
 		SilenceUsage: true,
 		Use:          "secret <reference>",
 		Short:        "Print out a secret given a reference",
+		Long:         help,
 		Args:         cobra.ExactArgs(1),
 		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
 			return nil

docs/treasury-example.png

@@ -1,4 +1,14 @@
 offchain:
+    # set httpsignature public keys for the endpoints
+    public_keys:
+      - id: "key1"
+        key: "abf9649d7a0a7534cde49f12de47effd601e60a2258e51b5a257af9ef78e901f"
+    # optionally, set bearer tokens for the read endpoints (not relevant for write endpoints)
+    bearer_tokens:
+      - id: "token1"
+        token: "raw:1234567890"
+
+  # setup API keys for the exchanges
   exchanges:
     okx:
       # load from env

examples/example-config.yaml

@@ -0,0 +1,4 @@
+# Http Signature
+
+This implements both signing and verification for HTTP signatures in go.
+It is standalone and can be used as a library.

pkg/httpsignature/README.md

@@ -80,7 +80,7 @@ func New(ocConf *oc.Config, args ServerArgs) *Server {
 
 		// read subaccount if used in header or query
 		subaccount := c.Get("sub-account")
-		if subaccount != "" {
+		if subaccount == "" {
 			subaccount = c.Query("sub-account")
 		}
 		c.Locals("sub-account", subaccount)