feat: Tor hidden service management and outbound .onion peer connections

[sat-engineer]

Summary

• Add Go-native Tor hidden service management via control port (tor/ package)
• Wire up SOCKS5 proxy support for outbound .onion peer connections via LDK-node
• Add Tor settings page and onion URI display in frontend

Details

Depends on: getAlby/ldk-node-go#33

Backend

New tor/ package (274 lines + 86 lines tests):

• Manages Tor hidden service via control port using cretz/bine library
• Connects to Tor control port, authenticates, loads/creates ed25519 onion key (persisted to disk)
• Registers hidden service via ADD_ONION — forwards .onion:9735 to LDK's listener
• Retry logic for Tor bootstrap (30 retries, 2s interval)
• Unit tests for key persistence, service lifecycle, config defaults

LDK integration (lnclient/ldk/ldk.go):

• Calls builder.SetTorProxyAddress() when LDK_TOR_SOCKS_HOST is set
• Resolves Docker hostnames to IPs via net.LookupHost() (Rust FFI needs numeric IP:port)
• Starts/stops tor.Service for inbound hidden service lifecycle
• Exposes .onion address in GetNodeConnectionInfo()

New env vars (config/models.go):

• LDK_TOR_ENABLED — enable Tor integration (default: false)
• LDK_TOR_CONTROL_HOST/PORT — Tor control port address
• LDK_TOR_CONTROL_PASSWORD — Tor control port auth
• LDK_TOR_TARGET_HOST — container hostname for hidden service forwarding
• LDK_TOR_SOCKS_HOST/PORT — SOCKS5 proxy for outbound .onion connections

Frontend

• Tor settings page (TorSettings.tsx) — shows hidden service status and onion address with copy button
• Channels page — Tor URI dropdown item with copy-to-clipboard
• Settings sidebar — "Tor" nav item (LDK backend only)
• Types — torAddress, torPort, torEnabled fields

Architecture

The tor/ Go package handles inbound (hidden service registration via control port), while the Rust-side SOCKS5 proxy handles outbound (connecting to .onion peers). This separation gives Go-side access to the onion address for the API/UI while keeping the performance-critical peer connection logic in Rust.

Test plan

• go build ./... passes
• go test ./tor/ passes (4 tests)
• Built Docker image and deployed on Umbrel
• Two Alby Hub instances connected over Tor (.onion to .onion)
• Lightning channel opened over Tor
• Lightning payments settled over Tor (1k sats, 2k sats — 0 fees, ~2s settlement)
• Verify frontend Tor settings page renders correctly
• Test with Tor disabled (graceful fallback)

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@sat-engineer has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 45 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sat-engineer]

Author issue