include candid-extractor. realised we need pullable metadata on dfx.json. us gh action to release wasm on github

rsoury · rsoury · commit 6fce3e7dc134 · 2025-08-13T22:06:09.000+10:00
diff --git a/.github/workflows/release-verifier.yml b/.github/workflows/release-verifier.yml
@@ -0,0 +1,57 @@
+name: Release Verity Managed *General Purpose MPC-TLS* Verifier WASM
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch: {}
+
+jobs:
+  build-and-release:
+    name: Build and publish WASM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Rust (stable) with wasm32-wasip1 target
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: wasm32-wasip1
+
+      - name: Install build dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y binaryen
+          cargo install --locked wasi2ic candid-extractor
+
+      - name: Install DFX
+        run: |
+          DFX_VERSION=0.27.0 sh -ci "$(curl -fsSL https://internetcomputer.org/install.sh)"
+          echo "$HOME/.local/share/dfx/bin" >> $GITHUB_PATH
+          echo "$HOME/bin" >> $GITHUB_PATH
+          dfx --version
+
+      - name: Build verifier canister via dfx
+        working-directory: ic/managed/verifier
+        run: dfx build --skip-assets
+
+      - name: Compute checksum
+        run: |
+          cd target/wasm32-wasip1/release
+          sha256sum verity_ic_verifier_ic.wasm | tee verity_ic_verifier_ic.wasm.sha256
+
+      - name: Create GitHub Release and upload assets
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm
+            target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm.sha256
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
diff --git a/ic/managed/verifier/README.md b/ic/managed/verifier/README.md
@@ -1,32 +1,40 @@
-# Verity Managed `verifier`
+# Verity Managed *General Purpose MPC-TLS* Verifier
 
 To learn about the Verity Verifier in detail, please refer to the [official documentation](https://docs.verity.usher.so/), specifically the [Verity Verifier](https://docs.verity.usher.so/build/verifier) section.
 
-**The following is from the Docs as of *23rd of January 2025*.**
+**The following is from the documentation as of *23 January 2025*.**
 
 ## Local Deployment
 
-**Disclaimer:** Deployment of the canister (ic/managed/verifier) to the Mainnet is not advised. This is to ensure compliance with licensing agreements and to maintain security compatibility with the wider Verity Network. We recommend using our Managed Verifier and interfacing over XNET `async` call or wallet-to-IC update `direct` call for optimal security and performance.
+**Disclaimer:** Deployment of the canister (`ic/managed/verifier`) to mainnet is not recommended. This is to ensure compliance with licence agreements and to maintain compatibility and security with the broader Verity Network. We recommend using our Managed *General Purpose MPC-TLS* Verifier and interfacing via an inter-canister `async` calls or a wallet‑to‑IC `direct` calls for optimal security and performance.
 
 ### Prerequisites
 
-1. **Ensure Rust is configured for for `wasm32-wasip1` target.**
+1. **Ensure Rust is configured for the `wasm32-wasip1` target.**
 
 ```bash
 rustup target add wasm32-wasip1
 ```
 
-2. Install `wasi2ic`
+2. Install `wasi2ic`:
 
 ```bash
 cargo install wasi2ic
 ```
 
-3. Install `binaryen`
+3. Install `binaryen`:
+
+   With Homebrew:
+
+   ```bash
+   brew install binaryen
+   ```
+
+   From the releases page:
    1. Download [Binaryen](https://github.com/WebAssembly/binaryen/releases) from the releases page.
-   2. Extract the files - `tar -xzf binaryen-version.tar.gz`
-   3. Move to a directory - `sudo mv binaryen-version/bin/wasm-opt /usr/local/bin/`
-   4. `wasm-opt --version`
+   2. Extract the files: `tar -xzf binaryen-version.tar.gz`.
+   3. Move the binary to your PATH: `sudo mv binaryen-version/bin/wasm-opt /usr/local/bin/`.
+   4. Verify the installation: `wasm-opt --version`.
 
 ### Deployment
 
@@ -35,50 +43,51 @@ To deploy the canister locally, follow these steps:
 1. `dfx start --clean`
 2. `dfx deploy`
 
-### Test
+### Testing
 
 1. `pnpm prep`
 2. `pnpm test --run`
 
-### Performance Benchmarks
+### Performance benchmarks
 
 We have benchmarked the following functions to provide insight into their performance:
 
-#### verify_proof_async and verify_proof_async_batch
+#### `verify_proof_async` and `verify_proof_async_batch`
 
-- **Execution Time:** Constant time, regardless of input size(~2100ms).   
-- **DFX Cycle Cost:** Ranges between 550-720 per TLS data bytes/length.
+- **Execution time:** Constant, regardless of input size (~2100 ms).
+- **DFX cycle cost:** Approximately 550–720 cycles per byte of TLS data.
 
-#### verify_proof_direct and verify_proof_direct_batch
+#### `verify_proof_direct` and `verify_proof_direct_batch`
 
-- **Execution Time:** Linear time, calculated as 3x the execution time of `verify_proof_async` plus Signing Time (L).
-- **DFX Cycle Cost:** Almost the same as `verify_proof_async` and `verify_proof_async_batch`.
+- **Execution time:** Linear; approximately 3× the execution time of `verify_proof_async` plus signing time (L).
+- **DFX cycle cost:** Roughly the same as `verify_proof_async` and `verify_proof_async_batch`.
 
 ### Caveats
 
 #### `clang` dependency
 
-**On macOS:** If you are experiencing issues during `cargo build` where the `ring` library fails to compile, this is typically due to `clang` not being found.
+**On macOS:** If you experience issues during `cargo build` where the `ring` library fails to compile, this is typically because `clang` is not found.
+
+To resolve this:
 
-To resolve this, you can install `clang` using Homebrew. 
+1. Install `clang` using Homebrew.
 
 ```bash
-brew install clang llvm
+brew install llvm
 ```
 
-Alternatively, you can set the following environment variables:
+2. Ensure `clang` is on your `PATH`:
 
 ```bash
-export WASI_SDK_PATH=/usr/local/wasi-sdk-25.0
-export CC_wasm32_wasip1="${WASI_SDK_PATH}/bin/clang"
+echo 'PATH="$(brew --prefix llvm)/bin${PATH:+:${PATH}}"; export PATH;' >> ~/.zshrc
 ```
 
 #### `etherum_pk`
 
-The `etherum_pk` field in the `PublicKeyReply` struct is the Ethereum address derived from the Sec1 public key. This is done using the `get_address_from_public_key` function in the `ethereum` module.
+The `etherum_pk` field in the `PublicKeyReply` struct is the Ethereum address derived from the SEC1 public key. This is obtained using the `get_address_from_public_key` function in the `ethereum` module.
 
 ```rust
 let address = ethereum::get_address_from_public_key(res.public_key.clone()).expect("INVALID_PUBLIC_KEY");
 ```
 
-*It should be spelled `ethereum_pk` and not `etherum_pk`.*
+*It should be spelled `ethereum_pk`, not `etherum_pk`.*
diff --git a/ic/managed/verifier/dfx.json b/ic/managed/verifier/dfx.json
@@ -13,7 +13,14 @@
 			},
 			"type": "custom",
 			"wasm": "../../../target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm",
-			"build": ["bash -c ./scripts/build.sh"]
+			"build": ["bash -c ./scripts/build.sh"],
+			"pullable": {
+				"wasm_url": "https://github.com/usherlabs/verity-dp/releases/latest/download/verity_ic_verifier_ic.wasm",
+        "init_guide": "If running in production, call: `dfx canister call verity_verifier reinitialize '(opt variant { Production })' --ic` ",
+        "dependencies": [],
+        "init_arg": null,
+        "wasm_hash": null
+			}
 		}
 	},
 	"output_env_file": ".env",
diff --git a/ic/managed/verifier/scripts/build.sh b/ic/managed/verifier/scripts/build.sh
@@ -4,13 +4,18 @@ set -ex
 # sudo apt-get install binaryen
 # cargo install wasi2ic
 
+# Install candid-extractor to generating Candid files for Rust canisters
+# https://internetcomputer.org/docs/building-apps/developer-tools/cdks/rust/generating-candid
+# cargo install candid-extractor
+
 # cargo build --target wasm32-unknown-unknown --release -p ic_af --locked
 # wasi2ic ./target/wasm32-unknown-unknown/release/ic_af.wasm ./target/wasm32-unknown-unknown/release/ic_af-ic.wasm
 # wasm-opt -Os -o ./target/wasm32-unknown-unknown/release/ic_af-ic.wasm \
 #         ./target/wasm32-unknown-unknown/release/ic_af-ic.wasm
 
 # export RUSTFLAGS=$RUSTFLAGS' -C target-feature=+simd128'
 cargo build --target wasm32-wasip1 --release -p verity-ic-verifier
+candid-extractor ../../../target/wasm32-wasip1/release/verity_ic_verifier.wasm > verity_verifier.did
 wasi2ic ../../../target/wasm32-wasip1/release/verity_ic_verifier.wasm ../../../target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm
 wasm-opt -Os -o ../../../target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm \
         ../../../target/wasm32-wasip1/release/verity_ic_verifier_ic.wasm
diff --git a/ic/managed/verifier/src/lib.rs b/ic/managed/verifier/src/lib.rs
@@ -139,3 +139,6 @@ async fn post_upgrade() {
     init_canister(env_opt);
 }
 // --------------------------- upgrade hooks ------------------------- //
+
+// Enable Candid export
+ic_cdk::export_candid!();
diff --git a/ic/managed/verifier/verity_verifier.did b/ic/managed/verifier/verity_verifier.did
@@ -1,38 +1,19 @@
-type ProofVerificationResponse = vec ProofResponse;
-
-type ProofResponse = variant {
-	SessionProof : text;
-	FullProof : text;
-};
-
-type MerkleTree = record {
-	nodes : vec text;
-	num_leaves : nat64;
-	root : text;
-};
-
 type DirectVerificationResponse = record {
-	results : ProofVerificationResponse;
-	root : text;
-	signature : text;
-};
-
-type DirectVerificationResult = variant {
-	Ok : DirectVerificationResponse;
-	Err : text;
-};
-
-type ProofBatch = record {
-  proof_requests : vec text;
-  notary_pub_key : text;
+  signature : text;
+  root : text;
+  results : vec ProofResponse;
 };
-
-
-service : {
-	"ping" : () -> (text) query;
-	"verify_proof_direct" : (proof_requests : vec text, notary_pub_key : text) -> (DirectVerificationResult);
-	"verify_proof_async" : (proof_requests : vec text, notary_pub_key : text) -> (ProofVerificationResponse);
-	"verify_proof_direct_batch": (batches: vec ProofBatch) -> (DirectVerificationResult);
-	"verify_proof_async_batch" : (batches: vec ProofBatch) -> (ProofVerificationResponse);
-	"public_key" : () -> (record { sec1_pk : text; etherum_pk : text });
-};
+type Environment = variant { Production; Development; Staging };
+type ProofBatch = record { proof_requests : vec text; notary_pub_key : text };
+type ProofResponse = variant { SessionProof : text; FullProof : text };
+type PublicKeyReply = record { sec1_pk : text; etherum_pk : text };
+type Result = variant { Ok : DirectVerificationResponse; Err : text };
+service : (opt Environment) -> {
+  ping : () -> (text) query;
+  public_key : () -> (PublicKeyReply);
+  reinitialize : (opt Environment) -> ();
+  verify_proof_async : (vec text, text) -> (vec ProofResponse) query;
+  verify_proof_async_batch : (vec ProofBatch) -> (vec ProofResponse) query;
+  verify_proof_direct : (vec text, text) -> (Result);
+  verify_proof_direct_batch : (vec ProofBatch) -> (Result);
+}

Original file line number	Diff line number	Diff line change
`@@ -139,3 +139,6 @@ async fn post_upgrade() {`
`139`	`139`	`init_canister(env_opt);`
`140`	`140`	`}`
`141`	`141`	`// --------------------------- upgrade hooks ------------------------- //`
	`142`	`+`
	`143`	`+// Enable Candid export`
	`144`	`+ic_cdk::export_candid!();`