Open dbluhm opened 2 weeks ago
The startup function where this provisioning/seed logic takes place is very convoluted. I'll be trying to refactor it in another task.
Definitely think there's improvements to be made here. Possibly a sequence diagram would be helpful as well. The amount of configurations and different paths make this very confusing. There's seed, replace-public-did, auto-provision, recreate, local-did, etc...
that all can affect each other and the wallet state on startup.
When using the
--seed
cli argument, ACA-Py makes the assumption that the generated DID is published on the connected network. This is all well and good; the process of getting your DID onto a mainnet can be complicated so leaving that process out of band and then giving ACA-Py a mechanism to bootstrap into a wallet with that DID that has been meticulously prepared is helpful. However, it can leave the door open to entering some invalid states in many circumstances.One example:
We could implement workarounds for clearing out schemas that didn't actually make it to the ledger. I think it would be more useful to add guards that ensure ACA-Py's DID is public when it thinks it is before committing bad state to its wallet.
At a minimum, I think we should check if the DID generated from the seed is actually present on the network on start up and shut down if it isn't.