MystenLabs
diff --git a/‎AGENTS.md‎
Lines changed: 171 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 171 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 9 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎chat-app/AGENTS.md‎
Lines changed: 71 additions & 0 deletions b/‎chat-app/AGENTS.md‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎chat-app/CLAUDE.md‎
Lines changed: 1 addition & 0 deletions b/‎chat-app/CLAUDE.md‎
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,171 @@
+# AGENTS.md
+
+Guidance for AI coding agents (Claude Code, Cursor, Copilot, Codex, Aider, etc.) working in this repository. This is the canonical source. `CLAUDE.md` at the repo root imports this file via `@AGENTS.md`; per-subproject `AGENTS.md` / `CLAUDE.md` pairs cover commands and gotchas specific to each component.
+
+## What this repo is
+
+Sui Stack Messaging — encrypted messaging tooling for Web3 apps, built on Sui, Seal, and Walrus. Multi-component repo: canonical Move contracts and TypeScript SDK, plus reference implementations of a relayer, indexer, and demo chat UI that downstream projects will fork.
+
+## Repo layout
+
+```
+move/                                       CANONICAL  Move smart contracts
+  packages/sui_stack_messaging/               canonical messaging package (published mainnet+testnet)
+  packages/example_app/                       reference extension examples (custom seal policy, paid join rule)
+  design_docs/                                Move-side design docs
+
+ts-sdks/packages/sui-stack-messaging/        CANONICAL  TypeScript SDK (@mysten/sui-stack-messaging on npm)
+
+relayer/                                    REFERENCE  Rust axum relayer (fork-and-extend)
+walrus-discovery-indexer/                   REFERENCE  TS indexer for Walrus blobs (fork-and-extend)
+chat-app/                                   REFERENCE  Vite + React 19 demo (fork-and-extend)
+
+publish/                                    INTERNAL   maintainer-only helper for publishing the canonical Move package
+docs/sui-stack-messaging/                   Authoritative dev documentation
+```
+
+External canonical dependency: [`sui-groups`](https://github.com/MystenLabs/sui-groups). Treat as published infrastructure; do not vendor.
+
+## Canonical vs reference — the mental model
+
+**Canonical** (`move/packages/sui_stack_messaging/`, `ts-sdks/packages/sui-stack-messaging/`): consume; do not fork.
+
+- Move contracts are already published to mainnet and testnet (see "Canonical package addresses" below).
+- The SDK is on npm as `@mysten/sui-stack-messaging`. Pin the version, don't vendor the source.
+- To extend: write your own Move package depending on `sui_stack_messaging` (see `move/packages/example_app/` for two worked examples), or implement the SDK's transport/storage/recovery interfaces.
+
+**Reference** (`relayer/`, `walrus-discovery-indexer/`, `chat-app/`): fork as a starting point and modify freely.
+
+- Intentionally minimal. Real deployments will replace storage backends, auth strategies, observability, deployment topology.
+- The SDK talks to the relayer through the `RelayerTransport` TS interface — implement your own transport without forking the Rust code, or fork the Rust code.
+
+## Build / test / lint commands
+
+Each subproject has its own `AGENTS.md` with the commands and invariants specific to that component. When working inside a subproject, read its `AGENTS.md` first:
+
+- [`move/AGENTS.md`](./move/AGENTS.md) — Move builds, tests, edition, Sui CLI version
+- [`ts-sdks/AGENTS.md`](./ts-sdks/AGENTS.md) — pnpm, turbo, codegen, changesets, lint
+- [`relayer/AGENTS.md`](./relayer/AGENTS.md) — cargo, clippy, docker compose, `.env` setup
+- [`walrus-discovery-indexer/AGENTS.md`](./walrus-discovery-indexer/AGENTS.md) — TS indexer dev loop, filter pipeline
+- [`chat-app/AGENTS.md`](./chat-app/AGENTS.md) — Vite, locally-linked SDK, demo-app constraints
+- [`publish/AGENTS.md`](./publish/AGENTS.md) — maintainer-only Move publish helper
+
+When you `cd` into one of these directories, Claude Code auto-loads the relevant `CLAUDE.md` (which imports the subproject's `AGENTS.md`). Other agents should open the file by hand.
+
+## Repo invariants
+
+- **Do not edit `ts-sdks/packages/sui-stack-messaging/src/contracts/sui_stack_messaging/`** — auto-generated by `pnpm codegen`. (Also enforced as a path-scoped rule under `.claude/rules/`.)
+- **Do not edit `move/packages/sui_stack_messaging/Published.toml`** — committed source of truth for deployed package IDs.
+- **Do not fork the canonical Move package** — to extend, write your own package depending on `sui_stack_messaging`.
+- **Do not redefine canonical permission types** (`MessagingSender`, `MessagingReader`, `MessagingEditor`, `MessagingDeleter`, `MetadataAdmin`, `SuiNsAdmin`).
+- **Do not break the relayer wire protocol** — SDK and indexer depend on its message and Walrus archive formats. Cross-impact: changes here must update SDK + relayer + indexer + the protocol doc together. (Also enforced as a path-scoped rule under `.claude/rules/`.)
+- **Do not bump SDK versions ad hoc** — coordinate via `pnpm changeset` (see `ts-sdks/RELEASING.md`).
+- **`minimumReleaseAge: 2880`** is enforced by `ts-sdks/pnpm-workspace.yaml` (2-day floor on new dependency releases). Mysten packages are excluded.
+
+## Canonical package addresses
+
+From `move/packages/sui_stack_messaging/Published.toml`:
+
+| Network | sui_stack_messaging                                                  |
+| ------- | -------------------------------------------------------------------- |
+| Mainnet | `0xcbd2f4c25c7f799c45c0c9f221850178b711b2c89916c8e99038aa8ac609a62e` |
+| Testnet | `0x047696be0e98f1b47a99727fecf2955cadb23c56f67c6b872b74e3ad59d51b46` |
+
+Sui Groups (from `relayer/.env.example`):
+
+| Network | sui_groups                                                           |
+| ------- | -------------------------------------------------------------------- |
+| Mainnet | `0x541840ae7df705d1c6329c22415ed61f9140a18b79b13c1c9dc7415b115c1ba8` |
+| Testnet | `0xba8a26d42bc8b5e5caf4dac2a0f7544128d5dd9b4614af88eec1311ade11de79` |
+
+The SDK auto-detects testnet/mainnet via constants in `ts-sdks/packages/sui-stack-messaging/src/constants.ts`.
+
+## Where to find documentation
+
+Authoritative docs live in `docs/sui-stack-messaging/`:
+
+- `Installation.md`, `Setup.md`, `Examples.md` — getting started.
+- `APIRef.md` — full SDK API reference.
+- `Encryption.md`, `Security.md` — crypto + trust model. Read before changing auth or transport.
+- `Relayer.md` — protocol the relayer implements (required reading before forking it).
+- `Attachments.md`, `ArchiveRecovery.md`, `GroupDiscovery.md` — feature deep dives.
+- `Extending.md` — custom seal policies, transports, storage adapters, recovery transports.
+- `Testing.md` — test strategy across SDK / relayer / Move.
+
+Per-component:
+
+- `relayer/README.md` — relayer reference (auth pipeline, API, storage, sync).
+- `walrus-discovery-indexer/README.md` + `walrus-discovery-indexer/docs/README.md` — indexer reference.
+- `chat-app/README.md` + `chat-app/docs/SYSTEM_DESIGN.md` — demo app reference.
+- `move/design_docs/REQUIREMENTS.md` + `move/design_docs/sui_stack_messaging/*.md` — Move package design.
+- `ts-sdks/RELEASING.md` — release/changeset workflow.
+
+## Skills for repo-specific tasks
+
+`.claude/skills/` contains skill files used by Claude Code. Other agents can read them as plain Markdown — each `SKILL.md` is a focused, command-first runbook for one task.
+
+**Fork-and-extend skills** (used by anyone who consumes or modifies the reference implementations):
+
+- `develop-on-sui-stack-messaging/SKILL.md` — orientation; canonical vs reference.
+- `spin-up-relayer/SKILL.md` — run the reference relayer locally.
+- `spin-up-e2e-stack/SKILL.md` — relayer + indexer + chat-app together.
+- `develop-relayer/SKILL.md` — fork-and-extend the Rust relayer.
+- `develop-walrus-indexer/SKILL.md` — fork-and-extend the TS indexer.
+- `extend-smart-contracts/SKILL.md` — add custom Move modules on top of `sui_stack_messaging`.
+
+**Builder-as-SDK-consumer skills** (consuming the canonical npm SDK in your own app):
+
+- `integrate-sui-stack-messaging/SKILL.md` — bootstrap the SDK into an existing dapp.
+- `configure-walrus-storage-via-sdk/SKILL.md` — programmatic Walrus storage (no publisher/aggregator dependency).
+- `configure-custom-relayer-transport/SKILL.md` — customize the relayer transport layer
+- `configure-session-keys/SKILL.md` — managed vs externally-provided Seal session keys.
+- `debug-encryption-flow/SKILL.md` — diagnose decryption failures end-to-end.
+
+## Tooling baseline
+
+- Node: pnpm `>=10.17.0` — **use pnpm 10.x.** pnpm v11 no longer reads this repo's `package.json` `pnpm` config (build approvals + `overrides`), so a fresh install fails with `ERR_PNPM_IGNORED_BUILDS` / `ERR_PNPM_LOCKFILE_CONFIG_MISMATCH`. See [`docs/pnpm-v11-troubleshooting.md`](docs/pnpm-v11-troubleshooting.md).
+- Rust: stable + clippy + rustfmt.
+- Sui CLI: required for Move build/test/publish
+- Move edition: 2024.
+
+## Code style
+
+- **TypeScript** (`ts-sdks/`): formatted by Prettier, linted by oxlint. Both configured at `ts-sdks/` root. Don't introduce ESLint or other linters — oxlint is the chosen linter here.
+- **Rust** (`relayer/`): formatted by `rustfmt`, linted by `clippy` (toolchain pinned in `relayer/rust-toolchain.toml`).
+- **Move** (`move/`): edition `2024`. No formatter shipped in-repo.
+- **Imports**: TS uses `@ianvs/prettier-plugin-sort-imports`; don't reorder by hand.
+- **No emojis** in committed code, comments, or docs unless explicitly requested.
+- **Comments**: write only when the _why_ is non-obvious. Don't restate what the code does or reference the current task / PR / issue number.
+
+## Security considerations
+
+- **Encryption invariants are load-bearing.** The envelope encryption format and Seal identity-bytes layout (`[group_id (32)][key_version (8 LE u64)]`) are shared across SDK + Move + relayer. Don't redefine them in a fork. See `docs/sui-stack-messaging/Encryption.md`.
+- **Sender verification is independent of the relayer.** Every group member can independently verify a message's sender by re-running `verifyMessageSender` (`ts-sdks/packages/sui-stack-messaging/src/verification.ts`). Changing the canonical-message format means all canonical-SDK clients in the same group stop being able to verify your relayer's clients. See `docs/sui-stack-messaging/Security.md`.
+- **The relayer never sees plaintext.** If you fork it, preserve this invariant — don't add endpoints that take or return plaintext message content.
+- **Don't commit secrets.** `.env` files are ignored; `.env.example` is the only checked-in form. Never commit a `TEST_WALLET_PRIVATE_KEY`, `ADMIN_SECRET_KEY`, or sponsor-key value.
+- **Don't disable signing or hooks** (`--no-verify`, `--no-gpg-sign`, etc.) when committing. If a hook fails, fix the underlying issue.
+- **Don't bump dependency versions to bypass `minimumReleaseAge: 2880`** in `ts-sdks/pnpm-workspace.yaml` (designed to reduce supply-chain attack surface). Mysten packages are excluded.
+
+## Testing strategy (cross-cutting)
+
+- **Unit tests** are network-free and should pass on every change.
+- **Integration tests** (`ts-sdks/packages/sui-stack-messaging/test/integration/localnet/`) run against a localnet docker stack via testcontainers. They double as living usage examples.
+- **E2E tests** (`test/e2e/`) build the relayer + indexer Docker images via testcontainers and run against real Sui testnet. Require `TEST_WALLET_PRIVATE_KEY`.
+- **Move tests** live next to sources (`move/packages/*/tests/`). Use `sui move test --path` per package.
+- When fixing a bug, add a failing test first and verify the fix flips it.
+
+See `docs/sui-stack-messaging/Testing.md` for the full strategy.
+
+## Commit and PR conventions
+
+- **Conventional Commits** style (`feat:`, `fix:`, `docs:`, `chore:`, `refactor:` …)
+- **Changesets** govern SDK version bumps. If your change affects the public API of any TS package under `ts-sdks/packages/`, run `pnpm changeset` and commit the generated `.changeset/*.md` along with your code change. See `ts-sdks/RELEASING.md`.
+- **One logical change per PR.** Don't bundle a refactor with a feature.
+- **Don't push to `main` directly.** Open a PR. Don't force-push to shared branches.
+- **Don't amend or rewrite commits** that have already been pushed and reviewed unless explicitly asked.
+
+## Working pattern recommendations
+
+- For multi-step tasks, prefer parallel exploration / read-only investigation before editing. The repo is large; the `docs/sui-stack-messaging/` index and the per-subproject `AGENTS.md` get you oriented fastest.
+- Verify any command in subproject `AGENTS.md` against `package.json` / `Cargo.toml` / `Move.toml` before reporting "done" — those are the source of truth.
+- For Move language fundamentals, defer to general Sui Move documentation; this file only covers what's specific to this repo.
@@ -0,0 +1,9 @@
+# CLAUDE.md
+
+@AGENTS.md
+
+## Claude Code specifics
+
+- **Per-subproject guidance auto-loads.** When you `cd` into `move/`, `ts-sdks/`, `relayer/`, `walrus-discovery-indexer/`, `chat-app/`, or `publish/`, the subproject's `CLAUDE.md` is loaded automatically and pulls in its `AGENTS.md`. Don't re-derive subproject conventions — read what's already loaded.
+- **Path-scoped rules under `.claude/rules/`** trigger when you read matching files: `no-edit-generated-codegen.md` fires inside `ts-sdks/packages/sui-stack-messaging/src/contracts/`; `wire-protocol-cross-impact.md` fires when you touch protocol-shared files.
+- **Skills are listed in `AGENTS.md` above** — invoke with `/<skill-name>`. Each `SKILL.md` is a focused, single-task runbook.
@@ -0,0 +1,71 @@
+# AGENTS.md — chat-app
+
+This is the **reference** Vite + React 19 demo app for `sui-stack-messaging`, intended to be forked as a starting point for a production UI. It is *not* a production-hardened chat app. Root-level guidance in [`../AGENTS.md`](../AGENTS.md) still applies; this file adds chat-app-specific commands and invariants.
+
+## Repo layout (this subtree)
+
+```
+chat-app/
+  src/                          React app source
+  docs/                         system design doc
+  index.html                    Vite entry
+  package.json                  scripts + locally-linked SDK
+  pnpm-workspace.yaml           (own workspace, not part of ts-sdks/)
+  vite.config.ts                Vite config
+  .env.example                  required env
+  README.md                     ~190 lines: setup, system overview
+```
+
+## Commands
+
+```bash
+pnpm install
+pnpm build:deps                # builds the linked SDK from ../ts-sdks/
+pnpm dev                       # vite :5173
+pnpm build                     # runs build:deps + tsc -b + vite build
+pnpm preview
+```
+
+## The locally-linked SDK
+
+`package.json` declares: `"@mysten/sui-stack-messaging": "link:../ts-sdks/packages/sui-stack-messaging"`.
+
+This means:
+
+- Changes to the SDK in `../ts-sdks/packages/sui-stack-messaging/src/` are picked up after re-running **`pnpm build:deps`** from this directory (which builds the linked SDK so its `dist/` reflects current source).
+- A clean `pnpm install` here will fail if `../ts-sdks/` hasn't been installed first.
+- `pnpm build` already chains `build:deps`; the manual step matters mostly during `pnpm dev`.
+- This is fine for local dev. A fork that goes to production should change this dependency to a pinned `@mysten/sui-stack-messaging` version from npm.
+
+## Toolchain
+
+- pnpm (matches root constraint of `>=10.17.0`) — **use pnpm 10.x.** On pnpm v11 a fresh `pnpm install` trips the esbuild build-script gate (`ERR_PNPM_IGNORED_BUILDS`, esbuild arrives via vite); clear it with `pnpm install --ignore-scripts`. See [`../docs/pnpm-v11-troubleshooting.md`](../docs/pnpm-v11-troubleshooting.md).
+- React 19
+- Vite 6 (no webpack/CRA)
+- TypeScript via `tsc -b` (project references)
+- Tailwind v4 (`@tailwindcss/vite`)
+
+## Hard invariants
+
+- **This is a reference / demo app, not production code.** Don't treat its choices (auth flow, error handling, UX patterns) as canonical. Fork it as a *starting point* and replace whatever doesn't fit your needs.
+- **After any SDK change, run `pnpm build:deps`** — otherwise this app picks up stale SDK output and you get confusing behavior.
+- **`.env` is gitignored; `.env.example` is the only checked-in form.** Never commit a private key, RPC token, or other secret. All app env vars are `VITE_*` prefixed and bundled into the client — treat them as public.
+- **Don't introduce production hardening** (rate limits, multi-region failover, complex error UI) into this reference app. If you want to ship that, fork the repo into your own project.
+- **No test runner is wired up here.** Don't add one in passing; if tests are needed, propose the choice first.
+
+## Documentation pointers
+
+- `README.md` (this directory) — setup + feature overview.
+- `docs/SYSTEM_DESIGN.md` (this directory) — architecture deep-dive (read before making structural changes).
+- `../docs/sui-stack-messaging/Setup.md` and `../docs/sui-stack-messaging/Examples.md` — generic SDK setup/usage that this app demonstrates.
+
+## Skills
+
+- `.claude/skills/spin-up-e2e-stack/SKILL.md` — full local stack with this app on top.
+- `.claude/skills/integrate-sui-stack-messaging/SKILL.md` (builder-facing) — describes the SDK integration patterns this app exemplifies.
+
+## Pre-commit checks
+
+```bash
+pnpm build                     # build:deps + tsc -b + vite build (catches type errors)
+```
@@ -0,0 +1 @@
+@AGENTS.md