phase 5: wasm core, GalaxyClient skeleton, Connect-Web stubs
Compile `ui/core` to WebAssembly via TinyGo (903 KB) and expose four canonical-bytes / signature-verification functions on `globalThis.galaxyCore` from `ui/wasm/main.go`. The TypeScript-side `Core` interface plus a `WasmCore` adapter (browser + JSDOM loader) bridge those into a typed shape, and a `GalaxyClient` skeleton wires `Core.signRequest` → injected `Signer` → typed Connect client → `Core.verifyPayloadHash` / `verifyResponse`. Wire `ui/buf.gen.yaml` against the local `@bufbuild/protoc-gen-es` v2 binary (devDependency) so the codegen step does not depend on the buf.build BSR. Vitest covers the bridge end-to-end: per-method WasmCore tests under JSDOM, byte-for-byte canon parity against the gateway fixtures committed in Phase 3, and a `GalaxyClient` orchestration test using `createRouterTransport`. The committed `core.wasm` snapshot tracks TinyGo output so contributors run `make wasm` only when `ui/core/` changes; CI consumes the snapshot directly. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,20 @@
|
||||
// `createEdgeGatewayClient` builds a typed Connect-Web client for the
|
||||
// gateway's authenticated edge surface. It speaks the Connect protocol
|
||||
// over HTTP/1.1 (or HTTP/2 if the host upgrades the connection) — the
|
||||
// gateway listener built in Phase 4 natively serves Connect, gRPC, and
|
||||
// gRPC-Web on the same h2c port.
|
||||
//
|
||||
// The factory is intentionally thin: callers provide the gateway base
|
||||
// URL (e.g. https://api.galaxy.test), and receive a typed
|
||||
// `EdgeGatewayClient`. Authentication, signing, and response
|
||||
// verification live one layer up, in `GalaxyClient`.
|
||||
|
||||
import { createClient, type Client } from "@connectrpc/connect";
|
||||
import { createConnectTransport } from "@connectrpc/connect-web";
|
||||
import { EdgeGateway } from "../proto/galaxy/gateway/v1/edge_gateway_pb";
|
||||
|
||||
export type EdgeGatewayClient = Client<typeof EdgeGateway>;
|
||||
|
||||
export function createEdgeGatewayClient(baseUrl: string): EdgeGatewayClient {
|
||||
return createClient(EdgeGateway, createConnectTransport({ baseUrl }));
|
||||
}
|
||||
@@ -0,0 +1,149 @@
|
||||
// `GalaxyClient` orchestrates one authenticated unary round-trip:
|
||||
// build canonical request bytes via `Core.signRequest`, sign them
|
||||
// through an injected `Signer`, post the envelope through the typed
|
||||
// Connect client, then verify the response signature and payload hash
|
||||
// before returning the decoded payload.
|
||||
//
|
||||
// Phase 5 ships the orchestration only — Phase 6 plugs the WebCrypto
|
||||
// `Signer` and `KeyStore`, and Phase 7 wires the auth flow that
|
||||
// actually creates the device session. Tests pass an exportable
|
||||
// fixture key wrapped as a `Signer` so the flow can be exercised
|
||||
// end-to-end without a live gateway.
|
||||
|
||||
import { create } from "@bufbuild/protobuf";
|
||||
import type { Core } from "../platform/core/index";
|
||||
import {
|
||||
ExecuteCommandRequestSchema,
|
||||
type ExecuteCommandResponse,
|
||||
} from "../proto/galaxy/gateway/v1/edge_gateway_pb";
|
||||
import type { EdgeGatewayClient } from "./connect";
|
||||
|
||||
/**
|
||||
* Signer produces a raw 64-byte Ed25519 signature over canonicalBytes.
|
||||
* Phase 6 backs this with WebCrypto + a non-exportable IDB key handle.
|
||||
* Phase 5 tests pass a function that closes over `crypto.sign(...)`
|
||||
* with an exportable fixture key.
|
||||
*/
|
||||
export type Signer = (canonicalBytes: Uint8Array) => Promise<Uint8Array>;
|
||||
|
||||
/**
|
||||
* Sha256 computes the raw 32-byte SHA-256 digest of payload. The
|
||||
* GalaxyClient receives this as a dependency so JSDOM tests can pass
|
||||
* Node's `crypto` and the browser path can use `crypto.subtle`.
|
||||
*/
|
||||
export type Sha256 = (payload: Uint8Array) => Promise<Uint8Array>;
|
||||
|
||||
export interface GalaxyClientOptions {
|
||||
core: Core;
|
||||
edge: EdgeGatewayClient;
|
||||
signer: Signer;
|
||||
sha256: Sha256;
|
||||
deviceSessionId: string;
|
||||
gatewayResponsePublicKey: Uint8Array;
|
||||
clock?: () => bigint;
|
||||
requestIdFactory?: () => string;
|
||||
}
|
||||
|
||||
const PROTOCOL_VERSION = "v1";
|
||||
|
||||
export class GalaxyClient {
|
||||
private readonly core: Core;
|
||||
private readonly edge: EdgeGatewayClient;
|
||||
private readonly signer: Signer;
|
||||
private readonly sha256: Sha256;
|
||||
private readonly deviceSessionId: string;
|
||||
private readonly gatewayResponsePublicKey: Uint8Array;
|
||||
private readonly clock: () => bigint;
|
||||
private readonly requestIdFactory: () => string;
|
||||
|
||||
constructor(options: GalaxyClientOptions) {
|
||||
this.core = options.core;
|
||||
this.edge = options.edge;
|
||||
this.signer = options.signer;
|
||||
this.sha256 = options.sha256;
|
||||
this.deviceSessionId = options.deviceSessionId;
|
||||
this.gatewayResponsePublicKey = options.gatewayResponsePublicKey;
|
||||
this.clock = options.clock ?? defaultClock;
|
||||
this.requestIdFactory =
|
||||
options.requestIdFactory ?? defaultRequestIdFactory;
|
||||
}
|
||||
|
||||
async executeCommand(
|
||||
messageType: string,
|
||||
payload: Uint8Array,
|
||||
traceId = "",
|
||||
): Promise<Uint8Array> {
|
||||
const requestId = this.requestIdFactory();
|
||||
const timestampMs = this.clock();
|
||||
const payloadHash = await this.sha256(payload);
|
||||
|
||||
const canonicalBytes = this.core.signRequest({
|
||||
protocolVersion: PROTOCOL_VERSION,
|
||||
deviceSessionId: this.deviceSessionId,
|
||||
messageType,
|
||||
timestampMs,
|
||||
requestId,
|
||||
payloadHash,
|
||||
});
|
||||
|
||||
const signature = await this.signer(canonicalBytes);
|
||||
|
||||
const response = await this.edge.executeCommand(
|
||||
create(ExecuteCommandRequestSchema, {
|
||||
protocolVersion: PROTOCOL_VERSION,
|
||||
deviceSessionId: this.deviceSessionId,
|
||||
messageType,
|
||||
timestampMs,
|
||||
requestId,
|
||||
payloadBytes: payload,
|
||||
payloadHash,
|
||||
signature,
|
||||
traceId,
|
||||
}),
|
||||
);
|
||||
|
||||
this.verifyResponse(response, requestId);
|
||||
return response.payloadBytes;
|
||||
}
|
||||
|
||||
private verifyResponse(
|
||||
response: ExecuteCommandResponse,
|
||||
requestId: string,
|
||||
): void {
|
||||
if (response.requestId !== requestId) {
|
||||
throw new Error(
|
||||
`galaxy-client: response request_id ${response.requestId} does not match ${requestId}`,
|
||||
);
|
||||
}
|
||||
if (
|
||||
!this.core.verifyPayloadHash(
|
||||
response.payloadBytes,
|
||||
response.payloadHash,
|
||||
)
|
||||
) {
|
||||
throw new Error("galaxy-client: response payload_hash mismatch");
|
||||
}
|
||||
const ok = this.core.verifyResponse(
|
||||
this.gatewayResponsePublicKey,
|
||||
response.signature,
|
||||
{
|
||||
protocolVersion: response.protocolVersion,
|
||||
requestId: response.requestId,
|
||||
timestampMs: response.timestampMs,
|
||||
resultCode: response.resultCode,
|
||||
payloadHash: response.payloadHash,
|
||||
},
|
||||
);
|
||||
if (!ok) {
|
||||
throw new Error("galaxy-client: invalid response signature");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function defaultClock(): bigint {
|
||||
return BigInt(Date.now());
|
||||
}
|
||||
|
||||
function defaultRequestIdFactory(): string {
|
||||
return crypto.randomUUID();
|
||||
}
|
||||
Reference in New Issue
Block a user