Skip to content

Headless pairing + signing hosts for local e2e (signing-bot replacement)#264

Draft
pgherveou wants to merge 4 commits into
worktree-issue-96-rust-core-portfrom
headless-host
Draft

Headless pairing + signing hosts for local e2e (signing-bot replacement)#264
pgherveou wants to merge 4 commits into
worktree-issue-96-rust-core-portfrom
headless-host

Conversation

@pgherveou

Copy link
Copy Markdown
Collaborator

Adds a truapi-host CLI with three roles that stand in for the external
signing-bot in local end-to-end tests, plus the truapi-server work they need.

Roles (one truapi-host binary)

  • relay — in-memory statement-store the two hosts pair over.
  • pairing-host — seedless PairingHostRuntime; presents the pairing
    deeplink and bridges product byte-frames over WebSocket.
  • signing-host — wallet-local SigningHostRuntime; answers the handshake
    and auto-signs via the new SSO responder.

truapi-server additions

  • §B responder half: encode-side handshake helpers + responder codecs in
    host_logic/sso/, runtime/signing_host/sso_responder.rs.
  • sign_payload and create_transaction on the signing host, with v4
    extrinsic assembly (host_logic/transaction.rs).
  • Product accounts + rootUserAccountId now derive from //wallet
    (host-spec C.0/C.5) via a new sr25519 hard-junction helper.
  • Bandersnatch ring-VRF aliases (get_account_alias) via the verifiable
    crate (native-only; wasm unaffected).
  • Lite-username attestation (host_logic/attestation.rs + CLI) and a decoupled
    identity-lookup chain (PairingHostConfig::identity_chain_genesis_hash) so
    get_user_id resolves a real People-chain username while SSO stays hermetic.

E2E

rust/crates/truapi-host-cli/e2e/ runs the playground's own generated example
sources against the pairing host and writes explorer/diagnosis-reports/ headless.md (same shape as web.md). With E2E_LIVE_CHAIN=1 and a registered
signer account it matches the browser host on every method it passes — 43/44
non-skipped; the lone failure (Chain/stop_transaction) is a playground example
that sends a deliberately-invalid operation id, which the real RPC node rejects
(the browser host only passes it because smoldot tolerates unknown ids).

Verification: cargo build/clippy -D warnings/test workspace-wide, cargo +nightly fmt --check, and cargo check --target wasm32 all green.

Notes for reviewers

  • The base branch worktree-issue-96-rust-core-port on origin is a couple
    commits behind this branch's fork point, so this PR currently shows two
    parent-stack commits (firs batch, wip) in addition to the headless-host
    commit; they drop out once the base is updated on origin.
  • The e2e signer mnemonic (a paseo-next-v2 account with a registered username,
    needed only for get_user_id) is read from a gitignored e2e/.env; it is
    not committed. Ring-onboarding makes first-time attestation slow, so the e2e
    uses an already-registered account.
  • Not yet wired into make e2e-dotli.

Draft: implementation + local e2e are complete and green; opening for review.

pgherveou added 3 commits July 4, 2026 15:56
Add a `truapi-host` binary with three roles that replace the external
signing-bot for local end-to-end testing:

- `relay`: an in-memory statement-store the two hosts pair over.
- `pairing-host`: a seedless host (PairingHostRuntime) that presents a
  pairing deeplink and bridges product byte-frames over WebSocket.
- `signing-host`: a wallet-local host (SigningHostRuntime) that answers the
  handshake and auto-signs, driven by the new SSO responder.

truapi-server gains the §B responder half and the signing-host operations it
needs: encode-side handshake helpers and responder codecs in
`host_logic/sso/`, v4 extrinsic assembly (`host_logic/transaction.rs`),
`runtime/signing_host/sso_responder.rs`, and `sign_payload` /
`create_transaction` on the signing host. Product accounts and
`rootUserAccountId` derive from `//wallet` (host-spec C.0/C.5) via a new
sr25519 hard-junction helper. Bandersnatch ring-VRF product-account aliases
(`get_account_alias`) use the `verifiable` crate, and lite-username
attestation (`host_logic/attestation.rs` + CLI) registers a People-chain
username so `get_user_id` resolves; the pairing host can resolve usernames
from the real People chain while SSO stays on the relay
(`identity_chain_genesis_hash`).

The bun e2e driver (`e2e/`) runs the playground's own generated example
sources against the pairing host and writes `explorer/diagnosis-reports/
headless.md`. With `E2E_LIVE_CHAIN=1` and a registered signer account it
matches the browser host on every method it passes (43/44; the lone failure
is a chain example that sends a deliberately-invalid operation id).
@socket-security

socket-security Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedcargo/​reqwest@​0.12.287910094100100
Addedcargo/​tokio-tungstenite@​0.24.09910093100100

View full report

The stop_transaction playground example used a hardcoded placeholder
operationId; it now broadcasts a transaction and stops it with the returned
id, the correct usage. Also emit captured example output for passing methods
in the headless diagnosis report and load the e2e signer mnemonic from a
gitignored e2e/.env.

Note: against the public paseo Asset Hub RPC, transaction_v1_stop rejects
broadcast operation ids (-32602), so this method stays red there; it passes
on hosts whose transaction API honors stop (e.g. smoldot in the browser host).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant