chore(vetkeys): migrate basic_timelock_ibe to icp-cli and @icp-sdk/vetkeys#1350
Merged
Conversation
…tkeys - Replace dfx.json (root-level) with icp.yaml - Use @icp-sdk/vetkeys@0.5.0-beta.0 instead of @dfinity/vetkeys - Use @icp-sdk/auth@7.1.0 and @icp-sdk/core@5.4.0 - Bump ic-vetkeys Rust crate to 0.7.0 - Replace dfx generate with @icp-sdk/bindgen in gen_bindings.sh - Add CI workflow (Rust-only, icp.yaml at example root) - Drop icp.ninja support Closes #1343 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…@7.1.0 API - Remove rust-toolchain channel pin and profile - Bump ic-cdk to 0.20.1 and add ic-cdk-management-canister 0.1.1 - Update ic_cdk::management_canister imports to ic_cdk_management_canister - Replace custom cookie parser with safeGetCanisterEnv, IC_ROOT_KEY - Update AuthClient: constructor, signIn/signOut, async getIdentity Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use pwd -P to compute EXAMPLE_ROOT from the physical script location, so the .did file and declaration output paths resolve correctly from the example root regardless of symlink traversal depth. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ic-cdk-timers 0.12.x requires ic-cdk ^0.18.x which conflicts with ic-cdk 0.20.1 via the ic-cdk-executor links constraint. Bump to 0.13.0 which is compatible with ic-cdk 0.20.x. Also bump ic-stable-structures to 0.7.2 to match ic-vetkeys 0.7.0's requirement. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ic-cdk-timers version numbering jumped from 0.12.x to 1.0.0 — there is no 0.13.x release. Use 1.0.0 which is compatible with ic-cdk 0.20.1. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The 0.7.2 bump introduced breaking API changes (Storable::into_bytes, LazyEntry pattern). basic_timelock_ibe only uses ic-vetkeys for IBE crypto operations — it never passes ic-stable-structures types across the ic-vetkeys boundary, so 0.6.8 works fine alongside ic-vetkeys 0.7.0. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… prefix Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…1.0.0 ic-cdk-timers 1.0.0 changed set_timer_interval to accept a closure that returns a Future directly, instead of a closure that calls ic_cdk::futures::spawn(). Remove the spawn wrapper. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
bindgen generates output named after the DID file (backend.did), not after the canister (basic_timelock_ibe.did). Update imports to use backend.did path, matching the pattern used by other examples. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Change test_key_1 → key_1 in all icp.yaml: icp-cli 0.2.7 only provisions vetkd:Bls12_381_G2:key_1 (TestThresholdKeys subnet with test_key_1 is not yet supported by icp-cli). The vetkeys library itself uses key_1 in its own icp.yaml files. - Add --yes flag to npx @icp-sdk/bindgen to suppress the install confirmation prompt during local builds - basic_ibe: wrap event listeners in try-catch so errors are caught and shown (not silent unhandled rejections); add console.error() alongside alert() so errors are visible and copyable in DevTools Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…vetkeys Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace manual Actor.createActor(idlFactory, ...) with the generated
createActor(canisterId, { agent }) function and typed Backend wrapper
class from the bindgen-generated declarations. Removes direct imports
of idlFactory, Actor, and ActorSubclass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Folder Structure section explaining rust/, motoko/, frontend/ layout and why backends are in subdirectories (shared frontend via symlinks) - Replace vague "from the X folder" wording with explicit `cd X` commands - Fix `npm run dev` → `npm run dev:rust` / `npm run dev:motoko` (bare `dev` script intentionally errors with a "specify a backend" message) - Add `cd frontend` before all dev commands (package.json is in frontend/, not at the example root) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…d.ai - rootKey: pass rootKey: canisterEnv?.IC_ROOT_KEY directly; undefined is fine when on mainnet (HttpAgent ignores it) - identityProvider local: use /authorize path instead of /#authorize hash - identityProvider production: use https://id.ai instead of undefined Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…work-launcher) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace provision scripts + macOS + Linux dual-platform setup with single Ubuntu job using icp-dev-env Docker images: - ghcr.io/dfinity/icp-dev-env-rust:0.1.0 for Rust backends - ghcr.io/dfinity/icp-dev-env-motoko:0.1.0 for Motoko backends Eliminates: provision-darwin/linux.sh, pre-download-launcher.sh, actions/setup-node, cargo install candid-extractor, ICP_CLI_GITHUB_TOKEN, and macOS runners. Consistent with hello_world and who_am_i examples. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Follows hello_world/who_am_i naming (no language prefix, no -example suffix), keeping vetkeys- namespace prefix for grouping. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Workflow name: vetkeys-{example} (no rust- prefix)
Job IDs: rust and motoko (example name not needed in job context)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The icp-dev-env container downloads the network launcher from GitHub on first run. Without authentication this hits the 60 req/hr unauthenticated API limit. Pass GITHUB_TOKEN so downloads use the authenticated 5000 req/hr limit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The default IdbStorage can throw 'The database connection is closing' when the II popup returns and the auth client tries to persist the delegation, due to an IDB connection lifecycle race condition on localhost dev servers. LocalStorage avoids IDB entirely; Ed25519 key type is required as localStorage cannot store CryptoKey objects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ndition The default IdbStorage has a race condition on localhost dev servers (dfinity/icp-js-auth#120): the AuthClient constructor fires #init() without await, so session hydration races with signIn() if the user clicks Login before hydration completes. Both open concurrent IDB connections; one closes while the other is mid-transaction → 'The database connection is closing'. Workaround: use LocalStorage + Ed25519 on localhost only. Production deployments keep the secure default (IdbStorage + non-extractable ECDSA CryptoKey). Ed25519 is required since localStorage cannot store CryptoKey objects. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Single Rust-only backend — no need to distinguish between backends, so dev can alias dev:rust instead of erroring with a usage hint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
raymondk
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates the
basic_timelock_ibevetkeys example as part of #1343:dfx.jsonwithicp.yaml(Rust-only example, no Motoko backend)@dfinity/vetkeys@0.3.0with@icp-sdk/vetkeys@0.5.0-beta.0@dfinity/auth-client/@dfinity/principal/@dfinity/agentwith@icp-sdk/auth@7.1.0/@icp-sdk/core@5.4.0ic-vetkeysto0.7.0dfx generatewith@icp-sdk/bindgeningen_bindings.shvite.config.tsto useicpCLI for dev server configwindow.globalpolyfill, updates actor creation to use generatedcreateActorandBackendtype from bindgen declarations (async agent viaHttpAgent.create())--yesflag tonpx @icp-sdk/bindgeningen_bindings.shto suppress install promptvetkeys-{example}.ymlworkflow naming (consistent withhello_world.yml/who_am_i.ymlconvention); jobs named{language}-{example}vetkeys-basic-timelock-ibe.yml) using icp-dev-env container image on UbuntuTest plan
npm installresolves without errors infrontend/icp network start -d && icp deploysucceeds fromrust/vetkeys/basic_timelock_ibe/@dfinity/vetkeysordfxreferences🤖 Generated with Claude Code