Skip to content

feat: adopt MessageOrigin API and remove ApplicationMessage.app#3538

Merged
iduartgomez merged 4 commits intomainfrom
feat/delegate-message-origin
Mar 12, 2026
Merged

feat: adopt MessageOrigin API and remove ApplicationMessage.app#3538
iduartgomez merged 4 commits intomainfrom
feat/delegate-message-origin

Conversation

@iduartgomez
Copy link
Copy Markdown
Collaborator

@iduartgomez iduartgomez commented Mar 12, 2026

Problem

The delegate runtime passes caller identity as raw bytes (Option<&[u8]>) and every ApplicationMessage carries a redundant app: ContractInstanceId field. Internal naming uses "attested" terminology which is confusing.

Relates to #1500.

Solution

  • Use typed MessageOrigin enum from freenet-stdlib instead of raw bytes
  • Rename throughout: attested_contractorigin_contract, AttestedContractOriginContract, DELEGATE_INHERITED_ATTESTATIONSDELEGATE_INHERITED_ORIGINS
  • Serialize Option<MessageOrigin> via bincode across the WASM boundary
  • Remove app field usage from all ApplicationMessage::new() calls
  • Update all 7 test delegate crates to use the new API (path deps on stdlib branch)
  • Update e2e tests in freenet-ping

Testing

  • 1958 lib tests pass, 0 failures
  • All 7 test delegate crates build and pass unit tests (21 total)
  • cargo fmt && cargo clippy --all-targets clean (zero warnings)

Dependencies

Depends on freenet/freenet-stdlib#61

Fixes

Closes #1500

@iduartgomez
feat: adopt MessageOrigin API and remove ApplicationMessage.app field
782732f 
Update freenet-core to use the new typed MessageOrigin enum from
freenet-stdlib instead of raw attested bytes. Renames throughout:
- attested_contract → origin_contract
- AttestedContract → OriginContract
- DELEGATE_INHERITED_ATTESTATIONS → DELEGATE_INHERITED_ORIGINS

The origin is now serialized via bincode as Option<MessageOrigin>
instead of passed as raw 32-byte slices across the WASM boundary.

All 7 test delegate crates updated to match the new API.

Closes #1500
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 12, 2026
edited by iduartgomez
Loading

Now I have enough information to write the review. Let me compile the findings.

🔍 Rule Review: Rename attested_contract → origin_contract and adopt MessageOrigin API

Rules checked: git-workflow.md, code-style.md, testing.md, contracts.md
Files reviewed: 40 (Rust source + test delegates + macros; Cargo.lock/toml excluded)

Critical

No critical violations found.

Warnings

No warnings found.

Info

  • crates/core/src/wasm_runtime/delegate_api.rs — Test function test_create_delegate_inherits_attestations and its doc comment still use "attestations"/"attested" terminology after the rename to "origins". Doc comment reads "Child delegate inherits parent's attested contracts in DELEGATE_INHERITED_ORIGINS." The function name itself was not updated. Minor cosmetic inconsistency with the PR's rename intent. (rule: code-style.md — naming coherence)

  • tests/test-delegate-attested/src/lib.rs.unwrap() on bincode::serialize in the delegate's process() implementation: origin.map(|o| bincode::serialize(&o).unwrap()). This is test-delegate WASM code (cdylib in tests/), so .unwrap() is arguably acceptable here; however the function is called from a live delegate context, not exclusively from #[test]. Using map_err(|e| DelegateError::Other(...)) would be more consistent with how other serialization errors are handled in the same file. (rule: code-style.md — .unwrap() in production paths)

To acknowledge findings: Check each box above once addressed (or a tracking issue opened),
or post /ack to dismiss all findings for this revision.
Merge is not blocked by this check (no Critical or Warning findings).

Automated review against .claude/rules/. Critical and Warning findings block merge — check boxes or post /ack to acknowledge.

@iduartgomez
fix: deserialize MessageOrigin in attested contract integration test
d689f2f 
The test_attested_contract_passed_to_delegate test was comparing raw
serialized bytes against ContractInstanceId bytes, but the delegate now
returns a bincode-serialized MessageOrigin (4-byte discriminant + 32-byte
ID). Updated to properly deserialize MessageOrigin::WebApp and compare
the extracted ContractInstanceId.

Also updated Docker test runner to mount freenet-stdlib path dependencies
so integration tests can resolve local path deps inside the container.
@iduartgomez iduartgomez mentioned this pull request Mar 12, 2026
Merged
5 tasks
@iduartgomez
build: use published freenet-stdlib 0.3.1 (with updated macros)
bb07f05 
freenet-stdlib 0.3.0 pulled the old freenet-macros 0.1.3 which still
generated attested: Option<&[u8]> in the #[delegate] FFI wrapper.
Updated to 0.3.1 which requires freenet-macros 0.1.4 with the
MessageOrigin codegen fix.
@iduartgomez iduartgomez enabled auto-merge March 12, 2026 15:57
@iduartgomez
fix: address PR review findings
eeb7638 
- Replace unwrap_or_default() with ? for origin serialization error
- Fix stale "attested" label in Display impl for DelegateRequest
- Rename attested_var binding to origin_contracts_var in codegen
@iduartgomez iduartgomez added this pull request to the merge queue Mar 12, 2026
@iduartgomez
Copy link
Copy Markdown
Collaborator Author

iduartgomez commented Mar 12, 2026

Independent Review (4-perspective)

No Blocking Issues

All four review perspectives (code-first, testing, skeptical, big-picture) agree the core change is correct and well-tested. WASM boundary serialization works, rename is consistent, no tests removed.

Should fix (follow-up PR)

  1. Dead _app_id variables (~20 instances) — Variables that only existed to pass to ApplicationMessage::new(app_id, payload) are now unused and underscore-prefixed. Should delete outright rather than keeping as dead code.

    • crates/core/src/wasm_runtime/delegate.rs tests (~lines 819, 902, 981, 1116, 1241, etc.)
    • crates/core/tests/operations.rs (~lines 2243, 2410, 3781, 4064)

  2. Stale doc example in freenet-stdlib delegate_host.rs:16 — Still shows _attested: Option<&'static [u8]>. Needs fix in stdlib since 0.3.1 is published.

  3. Silent origin deserialization failure in WASM macrorust-macros/src/delegate_impl.rs lines 50-54: if bincode deserialization fails on the WASM side, it silently returns None. A delegate making auth decisions on origin could fail open on version skew. Consider logging a warning or returning an error.

  4. Dead code in test-delegate-capabilities — The app_id extraction from origin and operation_context storage is now unused since ApplicationMessage::new no longer takes app_id. Should clean up.

Nice to have

  1. Bincode serialization stability test — A unit test asserting bincode::serialize(&MessageOrigin::WebApp(known_id)) produces known bytes would catch future breakage from serde changes.

  2. PR scope vs Clean up InboundDelegateMsg #1500 — This PR addresses Remove ApplicationMessage::app field and modify attested parameter #1498 fully. It relates to Clean up InboundDelegateMsg #1500 but doesn't close it (GetSecretRequest removal and ApplicationMessage struct separation not done). Verify PR metadata doesn't claim "Closes Clean up InboundDelegateMsg #1500".

  3. Docker test-runner changes — Useful but tangential; could be a separate commit/PR for cleaner history.

Verified safe

  • WASM boundary protocol correct (host serialize ↔ WASM deserialize match)
  • Token cleanup, unregister, inherited origins all correct
  • No concurrency issues introduced
  • No tests removed or weakened
  • test_attested_contract_passed_to_delegate was strengthened (now deserializes MessageOrigin instead of comparing raw bytes)

@iduartgomez iduartgomez removed this pull request from the merge queue due to a manual request Mar 12, 2026
@iduartgomez iduartgomez added this pull request to the merge queue Mar 12, 2026
@iduartgomez iduartgomez removed this pull request from the merge queue due to a manual request Mar 12, 2026
@iduartgomez iduartgomez merged commit 931f3ff into main Mar 12, 2026
11 checks passed
@iduartgomez iduartgomez deleted the feat/delegate-message-origin branch March 12, 2026 16:46
sanity added a commit that referenced this pull request Mar 12, 2026
@sanity
Revert "feat: adopt MessageOrigin API and remove ApplicationMessage.a…
3d481af 
…pp (#3538)"

This reverts commit 931f3ff.
sanity added a commit that referenced this pull request Mar 12, 2026
@sanity
Reapply "feat: adopt MessageOrigin API and remove ApplicationMessage.…
3eea008 
…app (#3538)"

This reverts commit 3d481af.
@sanity sanity mentioned this pull request Mar 12, 2026
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Clean up InboundDelegateMsg

1 participant

@iduartgomez