Secure, advanced, and flexible access management stack for web3.
The Armory Stack is an open-source access management system tailored for uses-case that need strong authentication and fine-grained authorization. It is designed to secure the usage of private keys, wallets, and web3 applications.
It's a web3-native policy engine combined with a highly customizable next-gen auth system, able to be deployed in a variety of secure configurations.
Node.js 21+
Docker
OPA CLI (if not running in Docker) link
To setup the project, run the following command:
git clone git@github.com:narval-xyz/narval.git
cd narval
make setup
At the end, you must have a working environment ready to run any application.
Alternatively, if you want to set up each application individually, you can check Armory, Policy Engine, and Vault "Getting started" sections.
We use Docker & docker-compose
to run the application's dependencies.
make docker/up
make docker/stop
Alternatively, you can run the entire development stack in Docker containers.
Important
This builds a local dev image that mounts your filesystem into the container. Only db schema, dependency, or config changes require re-building. Do not use this build for production.
# Build the application's image.
make docker/stack/build
make docker/stack/up
make docker/stop
To run tests across all existing projects, you can use the following commands:
# Run all tests
make test
make test/type
make test/unit
make test/integration
make test/e2e
These commands utilize the NX CLI's run-many feature to execute the specified targets (test or test:type) across all projects in the monorepo.
We use Prettier and ESLint to ensure code consistency. You can run the following commands to format and lint the whole code base.
# Format and lint all the code.
make format
make lint
# Check for formatting and linting errors without fixing them.
make format/check
make lint/check
The .npmrc
file is needed to access a private registry for the optional
dependency @narval-xyz/armory-mpc-module
.
Important
This file is NOT in git, but it's necessary for the build if you're using MPC to sign decisions in the Policy Engine.
- Create a
.npmrc
file in the root of this project. - Get the values from someone who has them.
- Now
make install
should work.
NX provides two types of projects: applications and libraries. Run the commands below to generate a project of your choice.
# Generate an standard JavaScript library.
npx nx g @nrwl/js:lib
# Generate an NestJS library.
npx nx g @nx/nest:library
# Generate an NestJS application.
npx nx g @nx/nest:application --tags type:application
For more information about code generation, please refer to the NX documentation.
This section describes the process to release a new version of publishable packages to NPM.
- Run
make packages/release
and follow the prompts to bump the projects' versions. - Run
make install
to updatepackage-lock.json
. - Commit and push the changes to your branch.
- After your branch is merged, manually trigger the packages pipeline to publish the new version to NPM.
You can find the publishable packages listed in the release.projects
value in
the nx.json
.
The Armory Stack uses OpenTelemetry (OTEL) for observability through traces and metrics.
For details on how OTEL is instrumented, head over @narval/open-telemetry.
- Start local dependencies:
make docker/otel/up
- Set environment variables:
OTEL_SDK_DISABLED=false
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
Note
OTEL is disabled by default in development.
-
Restart the application.
-
Access Jaeger UI: http://localhost:16686
- Traces:
operation.entity.action
(e.g.,policyStore.policies.update
) - Metrics:
system_entity_unit_state
(e.g.,policy_store_updates_total
)
See Metric Naming and Trace/Span Name adopted conventions.
If you want to debug traces, the best way is to run make docker/otel/up
and
check the Jaeger UI at http://localhost:16686.
In contrast, if you want to debug application instrumentation, open the .env
file and set OTEL_LOG_LEVEL=debug
to have a better view of what the SDK is
doing.
If using docker run --env-file .env ...
, the env file cannot include quotes
around values. The quotes will be included in the value.
Inside docker, localhost
points to the container not your computer (host).
Change localhost
to host.docker.internal
to reference to the host IP
address in the local network.
Armory is MPL 2.0 licensed.
You can find an exhaustive list of licenses of third-party software dependencies used by the Armory at LICENSES_DISCLOSURE.md.
To generate the list, run
./tools/licenses-disclosure/main.sh > LICENSES_DISCLOSURE.md
.