Skip to content

Swith to Rust core#70

Open
pgherveou wants to merge 16 commits into
mainfrom
codex/bulletin-preimage-in-core-dotli
Open

Swith to Rust core#70
pgherveou wants to merge 16 commits into
mainfrom
codex/bulletin-preimage-in-core-dotli

Conversation

@pgherveou

@pgherveou pgherveou commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Port the dot.li web host to the shared TrUAPI Rust core

This supersedes #54 and keeps its Rust-runtime port while adding the Bulletin preimage path now owned by the core. dot.li moves off the @novasamatech/host-api stack and onto the shared TrUAPI Rust core. Protocol logic previously maintained in TypeScript now lives once in truapi-server (Rust -> WASM); the web host becomes a byte transport plus typed platform callbacks.

Architecture

A product iframe speaks TrUAPI over a MessageChannel. The host forwards SCALE frames to a Web Worker running truapi-server WASM without decoding the protocol. The core executes protocol logic and calls typed truapi-platform callbacks for browser capabilities.

Product iframe --MessageChannel--> host bridge (byte pipe) --> Web Worker (truapi-server WASM)
                                                                          | typed callbacks
                                                                          v
                                                            dot.li platform capabilities
  • Core owns: wire framing, dispatch, subscriptions, permission gating, auth/SSO state, session interpretation, signing orchestration, Bulletin preimage submission, and the chainHead runtime.
  • Host owns: storage, navigation, confirmation UI, physical chain providers and RPC transport, theme, preimage content lookup, and product identity/pairing configuration.

The same core is embedded by native hosts over UniFFI, keeping protocol behavior and wire formats aligned across platforms.

Changed surface

  • Removes packages/auth, the old Nova container/statement-store adapters, allowance-signer bridge, wallet queue, and related @novasamatech/* dependencies.
  • Adds generated typed host callbacks backed by @parity/truapi-host and @parity/truapi.
  • Rewrites the bridge around the worker-backed Rust core.
  • Keeps chain ownership in dot.li while moving JSON-RPC shaping, chainHead state, transaction construction, signing, dry-run, and Bulletin submission into Rust.
  • Keeps Bulletin available to the core's internal gateway provider without advertising it through the sandboxed dApp chain gate.
  • Keeps preimage content lookup in the host; returned bytes are verified by the core.
  • Preserves in-flight Rust callback requests when granting non-device permissions; browser-policy device grants still reload the product iframe.

Permission grants are core-owned state. The dot.li topbar admin screen projects them into browser-specific iframe permissions and reload behavior rather than maintaining a second protocol policy store.

Packages

This branch depends on the published @parity/truapi@0.4.0 and @parity/truapi-host@0.1.0. bun run link:truapi swaps them for symlinks to a sibling TrUAPI checkout (and unlink:truapi restores the published packages), so the parent truapi repo's make e2e-dotli runs against this branch directly while a direct dotli checkout installs and tests the published packages.

Scope

The primary PR contains only the Nova-stack removal, the typed Rust-runtime host architecture, the Bulletin preimage integration, and the permission-lifecycle behavior required to keep Rust callback requests alive. Everything else is consolidated in the stacked follow-up #77: preimage lookup retries, protocol-broker hardening, login-failure UX copy, permission-prompt rate limiting, allowance-key at-rest encryption, the per-frame wire debug tap, debug-panel fixes, resolver dependency hygiene, and chainSend flush error surfacing.

Deferred architecture work: SharedWorker topology, eliminating the per-CID *.app.dot.li sandbox iframe, and moving content fetching into Rust behind the PreimageHost boundary.

Left before merge

Related

Verification

Primary branch:

  • bun install --frozen-lockfile
  • bun run format:check
  • bunx --bun turbo run lint --force
  • bunx --bun turbo run typecheck --force
  • bunx --bun turbo run test --force
  • bunx --bun turbo run build:prod --force
  • bun audit

make e2e-dotli from the parent truapi checkout against this branch standalone: 42 success, 2 failed. The two failures (Preimage/lookup_subscribe, Preimage/submit) are Account authority request timed out after 45s round-trips to the dev signer-bot and reproduce identically on the pre-slimming baseline, so they are environmental, not introduced by this branch.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bundle Size Report

Chunks over 500 KB:

File Raw Brotli Gzip
host/assets/paseo.smol-DboPaEh1.json 1.84 MB 941.7 KB 1019.4 KB
host/assets/paseo-people-next.smol.json 3.36 MB 1.68 MB 1.82 MB
host/assets/previewnet.smol.json 1.78 MB 137.2 KB 333.5 KB
host/assets/smoldot.js 2.95 MB 2.20 MB 2.21 MB
host/assets/smoldot_worker.js 2.92 MB 2.19 MB 2.20 MB
host/assets/wasm/web/truapi_server_bg.wasm 1.95 MB 614.4 KB 808.7 KB
Total 15.70 MB (+5.05 MB) 8.02 MB (+2.85 MB) (-49%) 8.67 MB (+3.06 MB)
All files
File Raw Brotli Gzip
host/.well-known/apple-app-site-association 738 B 738 B 738 B
host/.well-known/assetlinks.json 1.3 KB 317 B 391 B
host/assets/bridge.js 50.4 KB (+45.1 KB) 14.1 KB (+12.3 KB) 15.9 KB (+13.8 KB)
host/assets/browser.js 22.9 KB (-10 B) 7.6 KB (-8 B) 8.6 KB (-8 B)
host/assets/client.js 100.1 KB (+7.1 KB) 29.5 KB (+2.1 KB) 32.4 KB (+2.3 KB)
host/assets/dist.js 37.5 KB (+12.6 KB) 12.5 KB (+4.8 KB) 14.1 KB (+5.5 KB)
host/assets/dotli-debug-bus.js 646 B (+151 B) 646 B (+151 B) 646 B (+151 B)
host/assets/get-sync-provider.js 2.8 KB 1.1 KB 1.2 KB
host/assets/hex.js 152 B 152 B 152 B
host/assets/index.css 44.8 KB (-3.1 KB) 7.1 KB (-382 B) 7.9 KB (-423 B)
host/assets/index.js 133.4 KB (+26.8 KB) 36.5 KB (+7.4 KB) 42.6 KB (+8.7 KB)
host/assets/manifest.js 22.5 KB (-133 B) 7.2 KB (-105 B) 7.9 KB (-67 B)
host/assets/panel.js 72.5 KB (-12.3 KB) 19.7 KB (-3.3 KB) 22.3 KB (-4.0 KB)
host/assets/paseo.smol-DboPaEh1.json 1.84 MB 941.7 KB 1019.4 KB
host/assets/paseo-people-next.smol.json 3.36 MB 1.68 MB 1.82 MB
host/assets/paseo.smol.json 19.7 KB 4.8 KB 5.4 KB
host/assets/previewnet.smol.json 1.78 MB 137.2 KB 333.5 KB
host/assets/resolve.js 128 B (-24 B) 128 B (-24 B) 128 B (-24 B)
host/assets/rpc-resolve.js 2.4 KB (-71 B) 1.0 KB (-30 B) 1.1 KB (-37 B)
host/assets/shared-mode.js 1.8 KB (-82 B) 749 B (-44 B) 854 B (-43 B)
host/assets/smoldot.js 2.95 MB 2.20 MB 2.21 MB
host/assets/smoldot_worker.js 2.92 MB 2.19 MB 2.20 MB
host/assets/src.js 1.8 KB (-119 B) 848 B (-42 B) 945 B (-54 B)
host/assets/styles.css 15.1 KB 3.2 KB 3.8 KB
host/assets/wasm/web/README.md 10.9 KB 10.9 KB 10.9 KB
host/assets/wasm/web/package.json 371 B 371 B 371 B
host/assets/wasm/web/truapi_server.d.ts 6.9 KB 6.9 KB 6.9 KB
host/assets/wasm/web/truapi_server.js 35.6 KB 6.2 KB 7.2 KB
host/assets/wasm/web/truapi_server_bg.wasm 1.95 MB 614.4 KB 808.7 KB
host/assets/wasm/web/truapi_server_bg.wasm.d.ts 2.5 KB 2.5 KB 2.5 KB
host/assets/web.js 13.2 KB 3.5 KB 4.0 KB
host/assets/worker-runtime.js 6.3 KB 1.6 KB 1.8 KB
host/assets/worker-runtime.js 106 B 106 B 106 B
host/assets/ws.js 23.1 KB (-2.8 KB) 7.5 KB (-850 B) 8.2 KB (-923 B)
host/dotli.png 11.5 KB 11.5 KB 11.5 KB
host/favicon.svg 1.8 KB 1.8 KB 1.8 KB
host/host-sw.js 2.7 KB (-110 B) 1.1 KB (-41 B) 1.3 KB (-10 B)
host/icon-192.png 12.5 KB 12.5 KB 12.5 KB
host/icon-512.png 42.8 KB 42.8 KB 42.8 KB
host/index.html 19.9 KB (-320 B) 4.4 KB (-61 B) 5.4 KB (-71 B)
host/manifest.webmanifest 441 B 441 B 441 B
host/workbox.js 14.8 KB 4.6 KB 5.1 KB
sandbox/app-sw.js 9.6 KB 3.1 KB (+6 B) 3.5 KB (+2 B)
sandbox/assets/bitswap-bridge.js 840 B 840 B 840 B
sandbox/assets/fetch.js 3.4 KB 1.2 KB (-1 B) 1.4 KB (-1 B)
sandbox/assets/index.js 118.0 KB 33.7 KB (-46 B) 39.6 KB (+2 B)
sandbox/assets/index.css 44.8 KB (-3.1 KB) 7.1 KB (-382 B) 7.9 KB (-423 B)
sandbox/favicon.svg 1.8 KB 1.8 KB 1.8 KB
sandbox/index.html 1.7 KB 579 B (-3 B) 785 B (-2 B)
Total 15.70 MB (+5.05 MB) 8.02 MB (+2.85 MB) (-49%) 8.67 MB (+3.06 MB)

Commit: 926eca7

@socket-security

socket-security Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​parity/​truapi@​0.4.08110010096100
Added@​parity/​truapi-host@​0.1.0100100100100100

View full report

@github-actions

Copy link
Copy Markdown
Contributor

⚡ Performance Report

⚠️ No baseline found on main. This PR's results are recorded but cannot be compared.
Merge to main to establish a baseline.

Replace the Nova host-container, auth, and signing path with the worker-backed Rust core. Keep dotli responsible only for browser policy, persistence, UI, and physical chain transports.
Notification grants do not alter iframe Permissions Policy. Reloading disposed the in-flight Rust request before its response reached the product.
@pgherveou pgherveou force-pushed the codex/bulletin-preimage-in-core-dotli branch from ff8115e to 95b810c Compare July 15, 2026 09:03
The pending-message flush drops send failures silently, matching the
pre-port behavior. Surfacing them as JSON-RPC errors moves to a
follow-up PR with test coverage.
…follow-up

Keep @polkadot-api/signer and @polkadot-labs/hdkd{,-helpers} declared
(unused since before the port) and limit rpc-chain tests to the new
core gateway provider surface. Removing the dead deps and adding
coverage for pre-existing chain checks moves to a follow-up PR.
Keep the base panel top offset and suffix-based terminator matching
(minus the removed host-papp events). The offset correction, the
exact-match terminator set, and the @dotli/config dependency
declaration move to a follow-up PR.
Prompts always reach the modal, matching the pre-port behavior. The
sliding-window limiter returns in a follow-up PR together with the
denied-path semantics and a test that trips the window.
AllowanceKeys persist as plain hex through the same path as every
other core storage key. The at-rest cipher moves to a follow-up PR
where the scheme (per-write nonce, plain-hex read fallback) can get a
focused security review.
The bridge emits only the first_inbound/first_outbound lifecycle
events. The per-frame TrUAPI tap that feeds the debug panel timeline
returns in a follow-up PR; the panel's truapi event handling stays in
place and receives no events until then.
… follow-up

Login failures fall back to the raw reason except for the base
OriginPersonProviderError mapping, and the permissions popover renders
last-write-wins without a staleness guard or unavailable-state hint.
The failure-message pack and popover hardening move to a follow-up PR.
…i-host 0.1.0

The published packages replace the temporary personal-scope npm
aliases used while the port was in review.
@pgherveou pgherveou changed the title Drive Bulletin preimages through Rust core Swith to Rust core Jul 15, 2026
bun run link:truapi replaces the two installed TrUAPI npm packages with
symlinks to a sibling TrUAPI checkout, and bun run unlink:truapi runs a
forced frozen install to restore the declared packages. Package
resolution is validated after linking so local E2E cannot silently
exercise a stale npm build. The parent truapi repo's make e2e-dotli
target depends on this script via make dotli-link.
getActiveGatewayChains and its doc comment match the pre-port source;
only the core gateway set is new.
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

E2E Product suite failed on 95e8bacc9dc87c86d7dfabf7b819a64c1af31853 — 40 passed, 5 failed, 17 skipped.

Failed tests:

  • Query Balance
  • Query Stored Value
  • Query Data Length
  • Query Balance
  • Query Total Deposits

Logs: https://github.com/paritytech/dotli-community/actions/runs/29425720555
Artifacts: e2e-product-results (uploaded above) — open the failed test's trace.zip with npx playwright show-trace.

@leonardocustodio

Copy link
Copy Markdown
Member

Seems unable to connect? https://host-playground.dotli.dev/?chainBackend=smoldot-direct
Is Smoldot using WSS endpoints with valid SSL certificates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants