OpenPool is a custodial, verifiable Lightning raffle platform. OPENPOOL-1 fixes the entry
ledger, Bitcoin-block draw, payout arithmetic, and public proof protocol; it does not make
Lightning custody trustless or eliminate regulatory obligations.
cp .env.example .env
docker compose up -d postgres minio
cargo test --workspace
APP_ENV=development API_BIND_ADDR=127.0.0.1:8080 WORKER_BIND_ADDR=127.0.0.1:8081 \
ADDRESS_ENCRYPTION_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= \
cargo run -p openpool-apiThe Axum process serves /v1 plus the Dioxus SSR shell. Start the worker with
cargo run -p openpool-worker and the same required environment variables.
cargo fmt --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspaceGolden valid proof fixtures live under crates/openpool-verifier/tests/fixtures. The verifier
tests load those files directly and reject corrupted entries, roots, draws, payouts, and hashes.
Public entries include participant_public_id, a deterministic SHA-256 hash of the trimmed
Lightning Address. It gives observers a stable pseudonym for proof verification, but it is not an
anonymity guarantee: common or known Lightning Addresses can be checked by hashing candidates.
The Mavapay adapter is implemented against the staging quote/transaction contract, but the
configured account currently receives 401 for both documented authentication forms. Local and
CI invoice-flow work must use FakePaymentProvider; no staging collection is considered verified
until Mavapay enables a working staging key. This is an explicit release gate, not a fallback to
production credentials.