chore(deps): patch cowprotocol to bleu/cow-rs main (post-alpha.3)#10
Closed
brunota20 wants to merge 4 commits into
Closed
chore(deps): patch cowprotocol to bleu/cow-rs main (post-alpha.3)#10brunota20 wants to merge 4 commits into
brunota20 wants to merge 4 commits into
Conversation
Adds the dependencies the 0.2 host backends need: - cowprotocol (1.0.0-alpha) for the cow-api submission path (OrderBookApi, OrderCreation, OrderUid, Chain). - alloy-provider / -rpc-client / -transport-ws / -primitives (1.5) for the chain JSON-RPC dispatch. The reqwest feature on alloy-provider engages connect_http; the pubsub/ws features back eth_subscribe-class methods. - redb (2) for local-store. Same crate cowprotocol's own watch-tower picked, so the dep tree does not bifurcate when both are used in the same workspace. - reqwest (0.12, rustls-tls) — direct, so the import survives any future cowprotocol feature rearrangement. - tracing + tracing-subscriber (env-filter + fmt) — replaces the 0.1 eprintln! debug log so the engine can drop into a structured log pipeline without re-instrumenting every host call. - thiserror (2) — typed error enums in each backend. - tempfile + wiremock as dev-deps for the host backend tests. Adds engine.example.toml documenting the [engine] state_dir + per- chain RPC URLs the chain backend reads at boot; data/ is now ignored so a local run does not leave the redb file in tree.
Replaces the 0.2 Unsupported stubs with working backends. Each
capability lives in its own host submodule so the trait impls in
main.rs stay thin (dispatch + project the backend's typed error
onto HostError).
cow_api::submit_order
- Parses the guest's bytes as JSON cowprotocol::OrderCreation.
- Dispatches via cowprotocol::OrderBookApi::post_order.
- Returns the assigned OrderUid as a 0x-prefixed hex string.
cow_api::request
- REST passthrough. The base URL is whichever URL the pool's
OrderBookApi client carries — so OrderBookApi::new_with_base_url
overrides (staging, wiremock) flow through transparently.
- Method/path validated host-side; orderbook 4xx/5xx bodies are
surfaced verbatim so the guest can decode {errorType,description}.
chain::request
- Raw JSON-RPC dispatch over an alloy DynProvider opened from
engine.toml at boot. WebSocket URLs engage pubsub (eth_subscribe);
HTTP URLs use the HTTP transport. Params are passed as
serde_json::RawValue so alloy does not re-encode.
- request-batch falls back to per-call dispatch (same shape as the
earlier stub but now backed by real RPC).
local_store
- redb file under engine_config.engine.state_dir.
- Single shared table. Per-module namespacing is enforced
host-side via [len:u8][module_name][raw_key] prefix on every
key. list_keys strips the prefix before returning to the guest.
logging
- Routes through tracing::event! tagged with module=<namespace>.
- Engine boot installs an EnvFilter-based subscriber; RUST_LOG
overrides the engine.toml log_level.
identity / remote-store / messaging / http stay at Unsupported per
the 0.2 roadmap (keystore / Swarm / Waku land in 0.3).
Tests (14, all green):
- cow_orderbook: pool default chains, unknown-chain typing, REST
GET passthrough, relative-path resolution, unknown-method
rejection, submit_order round-trip — last three under wiremock
so the full HTTP path is exercised without hitting api.cow.fi.
- provider_pool: empty pool surfaces UnknownChain.
- local_store: roundtrip, namespace isolation, delete, list_keys
prefix-stripping, empty-namespace rejection.
End-to-end against modules/example: example.wasm loads under the
new wiring, logs init + on_event through the tracing pipeline.
This was referenced Jun 2, 2026
lgahdl
reviewed
Jun 11, 2026
Comment on lines
+112
to
+133
| fn namespace_prefix(namespace: &str) -> Result<Vec<u8>, StorageError> { | ||
| if namespace.is_empty() { | ||
| return Err(StorageError::InvalidNamespace( | ||
| "module namespace must not be empty".into(), | ||
| )); | ||
| } | ||
| let bytes = namespace.as_bytes(); | ||
| if bytes.len() > MAX_NAMESPACE_LEN { | ||
| return Err(StorageError::InvalidNamespace(format!( | ||
| "namespace `{namespace}` is {} bytes; max is {MAX_NAMESPACE_LEN}", | ||
| bytes.len() | ||
| ))); | ||
| } | ||
| let mut out = Vec::with_capacity(1 + bytes.len()); | ||
| out.push(bytes.len() as u8); | ||
| out.extend_from_slice(bytes); | ||
| Ok(out) | ||
| } | ||
|
|
||
| fn build_key(namespace: &str, key: &str) -> Result<Vec<u8>, StorageError> { | ||
| let mut out = namespace_prefix(namespace)?; | ||
| out.extend_from_slice(key.as_bytes()); |
There was a problem hiding this comment.
This [len:u8][name][key] scheme is forgeable: a module whose name starts with a byte equal to another module's name length can craft keys that collide with that module's range (e.g. a module named "\x04twap" shares a prefix with "twap"). PR #8 replaces this with keccak256(name) — a fixed-width 32-byte prefix that eliminates the collision entirely. This branch should be rebased onto PR #8 to inherit that fix.
| let txn = self.db.begin_read().map_err(StorageError::Txn)?; | ||
| let table = txn.open_table(TABLE).map_err(StorageError::Table)?; | ||
| let mut out = Vec::new(); | ||
| for entry in table.iter().map_err(StorageError::Storage)? { |
There was a problem hiding this comment.
table.iter() scans every entry across all modules — O(total DB entries) instead of O(entries in this namespace). Use table.range(full_prefix.as_slice()..) and break on the first non-matching key; redb's B-tree ordering makes this O(matching entries) with no upper-bound calculation needed.
Suggested change
| for entry in table.iter().map_err(StorageError::Storage)? { | |
| for entry in table.range(full_prefix.as_slice()..).map_err(StorageError::Storage)? { | |
| let (k, _v) = entry.map_err(StorageError::Storage)?; | |
| let key_bytes = k.value(); | |
| if !key_bytes.starts_with(&full_prefix) { | |
| break; | |
| } | |
| if key_bytes.starts_with(&full_prefix) | |
| && let Ok(s) = std::str::from_utf8(&key_bytes[ns_prefix.len()..]) | |
| { | |
| out.push(s.to_owned()); | |
| } | |
| } |
Comment on lines
+31
to
+49
| impl OrderBookPool { | ||
| /// Build a pool covering every `cowprotocol::Chain` variant. The | ||
| /// default `OrderBookApi::new(chain)` constructor uses the canonical | ||
| /// `api.cow.fi/{slug}/api/v1` base URL from the SDK; callers that | ||
| /// need barn or a custom staging URL override per chain. | ||
| pub fn with_default_chains() -> Self { | ||
| let http = reqwest::Client::new(); | ||
| let chains = [ | ||
| Chain::Mainnet, | ||
| Chain::Gnosis, | ||
| Chain::Sepolia, | ||
| Chain::ArbitrumOne, | ||
| Chain::Base, | ||
| ]; | ||
| let clients = chains | ||
| .iter() | ||
| .map(|c| (c.id(), OrderBookApi::new(*c))) | ||
| .collect(); | ||
| Self { clients, http } |
There was a problem hiding this comment.
mfw requested a Default impl in his ADR-0005 review comment (applied in PR #8) so the pool can be instantiated with OrderBookPool::default() — a named constructor like this is non-idiomatic when all it does is populate a standard set of values.
Suggested change
| impl OrderBookPool { | |
| /// Build a pool covering every `cowprotocol::Chain` variant. The | |
| /// default `OrderBookApi::new(chain)` constructor uses the canonical | |
| /// `api.cow.fi/{slug}/api/v1` base URL from the SDK; callers that | |
| /// need barn or a custom staging URL override per chain. | |
| pub fn with_default_chains() -> Self { | |
| let http = reqwest::Client::new(); | |
| let chains = [ | |
| Chain::Mainnet, | |
| Chain::Gnosis, | |
| Chain::Sepolia, | |
| Chain::ArbitrumOne, | |
| Chain::Base, | |
| ]; | |
| let clients = chains | |
| .iter() | |
| .map(|c| (c.id(), OrderBookApi::new(*c))) | |
| .collect(); | |
| Self { clients, http } | |
| impl Default for OrderBookPool { | |
| /// Build a pool covering every `cowprotocol::Chain` variant. The | |
| /// default `OrderBookApi::new(chain)` constructor uses the canonical | |
| /// `api.cow.fi/{slug}/api/v1` base URL from the SDK; callers that | |
| /// need barn or a custom staging URL override per chain. | |
| fn default() -> Self { | |
| let http = reqwest::Client::new(); | |
| let chains = [ | |
| Chain::Mainnet, | |
| Chain::Gnosis, | |
| Chain::Sepolia, | |
| Chain::ArbitrumOne, | |
| Chain::Base, | |
| ]; | |
| let clients = chains | |
| .iter() | |
| .map(|c| (c.id(), OrderBookApi::new(*c))) | |
| .collect(); | |
| Self { clients, http } | |
| } | |
| } |
| #[serde(default)] | ||
| pub chains: BTreeMap<u64, ChainConfig>, | ||
| /// Modules the supervisor should boot. Each entry resolves a | ||
| /// `(component.wasm, nexum.toml)` pair on the local filesystem |
There was a problem hiding this comment.
ADR-0001 (applied in PR #8 following mfw's review) renamed the manifest file from nexum.toml to module.toml throughout. These doc strings still reference the old name and will be misleading once the rename lands — rebasing onto PR #8 fixes this automatically.
Suggested change
| /// `(component.wasm, nexum.toml)` pair on the local filesystem | |
| /// `(component.wasm, module.toml)` pair on the local filesystem |
| /// One `[[modules]]` table from `engine.toml`. | ||
| /// | ||
| /// Both fields are filesystem paths in 0.2. `manifest` defaults to | ||
| /// `nexum.toml` next to `path` if omitted, matching the bundle layout |
There was a problem hiding this comment.
Same nexum.toml → module.toml rename needed here (ADR-0001).
Suggested change
| /// `nexum.toml` next to `path` if omitted, matching the bundle layout | |
| /// `module.toml` next to `path` if omitted, matching the bundle layout |
| pub struct ModuleEntry { | ||
| /// Path to the compiled `.wasm` component. | ||
| pub path: std::path::PathBuf, | ||
| /// Path to the module's `nexum.toml`. Defaults to `<path-parent>/nexum.toml`. |
There was a problem hiding this comment.
And here.
Suggested change
| /// Path to the module's `nexum.toml`. Defaults to `<path-parent>/nexum.toml`. | |
| /// Path to the module's `module.toml`. Defaults to `<path-parent>/module.toml`. |
Author
|
Superseded by a follow-up — that PR rebases this branch on top of the latest #9 (which already contains lgahdl's keccak256 fix from #8 and the Default impl from ADR-0005), so the three review comments here (forgeable len-prefix, O(N) list_keys, named constructor) are resolved automatically. Reopening as a new PR with the cleaner base. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft, stacked on top of #8 + #9 — the diff includes those PRs' commits until they land.
`cowprotocol` v1.0.0-alpha.3 (the crates.io release the engine depends on after #8) was cut from `cowdao-grants/cow-rs` PR #5 at commit `1742ffa`. `bleu/cow-rs` main has 18 commits since, and several are directly relevant to the cow-api backend in #8:
How
Workspace-level `[patch.crates-io]` pinned to a specific bleu/cow-rs commit for determinism:
```toml
[patch.crates-io]
cowprotocol = { git = "https://github.com/bleu/cow-rs\", rev = "c012404ffefc411bff543d2290e19ba7fbef2516" }
```
When José publishes the next alpha (likely `1.0.0-alpha.4`) the patch line goes away in one commit.
Verified
Trade-off note
Patching to a git rev shifts dep resolution from a stable crates.io artifact to a moving branch tip (we pin a rev, so the tip stays put until we bump it). Anyone consuming this PR needs the bleu/cow-rs commit accessible, which it is — public repo, public branch. Reverting to alpha.3 is a one-line undo if the patch ever causes friction.