From c358648bc7a730e2eb9149e3c26caf3e350f5010 Mon Sep 17 00:00:00 2001 From: karczu Date: Thu, 21 Mar 2024 09:47:45 +0100 Subject: [PATCH 1/4] feat: rfc tapplet first draft --- src/RFC-ABCD_Tapplet.md | 122 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 src/RFC-ABCD_Tapplet.md diff --git a/src/RFC-ABCD_Tapplet.md b/src/RFC-ABCD_Tapplet.md new file mode 100644 index 0000000..a2781b7 --- /dev/null +++ b/src/RFC-ABCD_Tapplet.md @@ -0,0 +1,122 @@ +# - + +## + +![status: raw](theme/images/status-raw.svg) + +Tracking issue: [assigned during WIP phase]() + +**Maintainer(s)**: + +# Licence + +[ The 3-Clause BSD Licence](https://opensource.org/licenses/BSD-3-Clause). + +Copyright + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the +following conditions are met: + +1. Redistributions of this document must retain the above copyright notice, this list of conditions and the following + disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided with the distribution. +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS DOCUMENT IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS", AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +## Language + +The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", +"NOT RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in +[BCP 14](https://tools.ietf.org/html/bcp14) (covering RFC2119 and RFC8174) when, and only when, they appear in all capitals, as +shown here. + +## Disclaimer + +This document and its content are intended for information purposes only and may be subject to change or update +without notice. + +This document may include preliminary concepts that may or may not be in the process of being developed by the Tari +community. The release of this document is intended solely for review and discussion by the community regarding the +technological merits of the potential system outlined herein. + +## Goals + +The aim of this Request for Comment (RFC) is to propose the Tapplet concept. Tapplets are dedicated Tari's applets registered on the L1 to ensure a superior level of security for network users. + +## Related Requests for Comment + +## Description + +### Motivation + +The idea behind registered Tapplets is to solve the class of vulnerabilities of the Dapp model known as supply chain attacks. This covers a wide range of attacks like: injecting malware code, XSS, stealing domains, social engineering attacks, etc. The common mode of these attacks is that an attacker convinces the user that he/she is interacting with different smart contracts than the user thinks. The attacker steals funds by causing the user to sign a transaction that calls to a different, fraudulent smart contract. +The solution proposed by Tari uses the Tapplets Registry (another RFC will describe it) to register hashes of zip bundles of applications and sign them using the private key associated with Yat. The actual zip bundle can be hosted by https, but thanks to the registry commitment, the client can verify that the bundle hasn’t been tampered with. +Additionally the idea is to create an on-chain and association between smart contracts and their front end tapplets. This way, when a smart contract gets reused for a different purpose, it already comes with a ready tapplet that can be nested into other tapplets. + +### Tapplets + +At first, it is proposed that Tapplets are npm packages published to the public npm registry, but in the future it may be extended also to other package managers. Npm is the first choice because it is widely used, so publishing a new Tapplet is as simple as publishing an npm package. + +Tapplets are separate packages and the file structure depends on its authors, however every package should contain a helpful readme file and must contain a manifest json file with Tapplet data. +The following details are specific to Tapplets: +* The version in package.json and tapplet.manifest.json should match. +* The repository.url field in package.json should match the correct repository for the Tapplet. +* The source.location.npm.packageName in tapplet.manifest.json should match the name in package.json. +* The displayedName in tapplet.manifest.json should be a human-readable name +* The image specified in logoPath in the manifest file is used as the logo displayed in Tapplets market. This logo should be a valid SVG. + +After publishing the Tapplet, it is possible to connect to the Tapplet by using the Tapplet ID npm:[packageName]. + +### Manifest + +The Tapplet Manifest file specifies the most significant Tapplet’s data, which includes: package name, version, source and content hash. In the future manifest files may also contain references to other applets that get nested within. +Before displaying the tapplet, its integrity will be verified against the hash stored in the Tapplet Registry. + +Proposed `tapplet.manifest.json` file: + +``` +{ + "packageName": "@company-name/tapplet-name", + "version": "1.2.3", + "displayedName": "Tapplet human readable name", + "status": "latest / verified / deprecated / vulnerable - anything like this", + "about": { + "summary": "Short (a few words) summary.", + "description": "Longer (a few sentences) project description." + }, + "design": { + "logoPath": "./assets/logo.png", + "backgroundPath": "./assets/background.png" + }, + "repository": { + "type": "git", + "url": "https://github.com/CompanyName/example-tapplet.git" + }, + "source": { + "shasum": "shasumexample", + "location": { + "npm": { + "packageName": "@company-name/tapplet-name", + "registry": "https://registry.npmjs.org/" + } + } + }, + "manifestVersion": "1.2.3" +} + +``` + +# Change Log + +| Date | Change | Author | +| :---------- | :---------- | :----- | +| 21 Mar 2024 | First draft | karczu | From 0c5eda409892bd1eeae70cdc6ad96827addd4677 Mon Sep 17 00:00:00 2001 From: karczu Date: Thu, 21 Mar 2024 15:05:00 +0100 Subject: [PATCH 2/4] rfc-1101 tapplet draft --- ...FC-ABCD_Tapplet.md => RFC-1101_Tapplet.md} | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) rename src/{RFC-ABCD_Tapplet.md => RFC-1101_Tapplet.md} (82%) diff --git a/src/RFC-ABCD_Tapplet.md b/src/RFC-1101_Tapplet.md similarity index 82% rename from src/RFC-ABCD_Tapplet.md rename to src/RFC-1101_Tapplet.md index a2781b7..1a4a567 100644 --- a/src/RFC-ABCD_Tapplet.md +++ b/src/RFC-1101_Tapplet.md @@ -1,18 +1,16 @@ -# - +# RFC-1101/Tapplet -## +## Tapplet -![status: raw](theme/images/status-raw.svg) +![status: draft](theme/images/status-draft.svg) -Tracking issue: [assigned during WIP phase]() - -**Maintainer(s)**: +**Maintainer(s)**: [karczuRF](https://github.com/karczuRF) # Licence [ The 3-Clause BSD Licence](https://opensource.org/licenses/BSD-3-Clause). -Copyright +Copyright 2024 The Tari Development Community Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -54,11 +52,13 @@ The aim of this Request for Comment (RFC) is to propose the Tapplet concept. Tap ## Related Requests for Comment +[RFC-1100](https://github.com/tari-project/rfcs/pull/134) + ## Description ### Motivation -The idea behind registered Tapplets is to solve the class of vulnerabilities of the Dapp model known as supply chain attacks. This covers a wide range of attacks like: injecting malware code, XSS, stealing domains, social engineering attacks, etc. The common mode of these attacks is that an attacker convinces the user that he/she is interacting with different smart contracts than the user thinks. The attacker steals funds by causing the user to sign a transaction that calls to a different, fraudulent smart contract. +The **Tapplet** is dedicated type of applet for the Tari blockchain and the fundamental part of the Tari Universe described in [RFC-1100](https://github.com/tari-project/rfcs/pull/134). The idea behind registered Tapplets is to solve the class of vulnerabilities of the Dapp model known as supply chain attacks. This covers a wide range of attacks like: injecting malware code, XSS, stealing domains, social engineering attacks, etc. The solution proposed by Tari uses the Tapplets Registry (another RFC will describe it) to register hashes of zip bundles of applications and sign them using the private key associated with Yat. The actual zip bundle can be hosted by https, but thanks to the registry commitment, the client can verify that the bundle hasn’t been tampered with. Additionally the idea is to create an on-chain and association between smart contracts and their front end tapplets. This way, when a smart contract gets reused for a different purpose, it already comes with a ready tapplet that can be nested into other tapplets. @@ -68,13 +68,14 @@ At first, it is proposed that Tapplets are npm packages published to the public Tapplets are separate packages and the file structure depends on its authors, however every package should contain a helpful readme file and must contain a manifest json file with Tapplet data. The following details are specific to Tapplets: -* The version in package.json and tapplet.manifest.json should match. -* The repository.url field in package.json should match the correct repository for the Tapplet. -* The source.location.npm.packageName in tapplet.manifest.json should match the name in package.json. -* The displayedName in tapplet.manifest.json should be a human-readable name -* The image specified in logoPath in the manifest file is used as the logo displayed in Tapplets market. This logo should be a valid SVG. -After publishing the Tapplet, it is possible to connect to the Tapplet by using the Tapplet ID npm:[packageName]. +- The version in package.json and tapplet.manifest.json should match. +- The repository.url field in package.json should match the correct repository for the Tapplet. +- The source.location.npm.packageName in tapplet.manifest.json should match the name in package.json. +- The displayedName in tapplet.manifest.json should be a human-readable name +- The image specified in logoPath in the manifest file is used as the logo displayed in Tapplets market. This logo should be a valid SVG. + +After publishing the Tapplet, it is possible to connect to the Tapplet by using the Tapplet ID `npm:[packageName]`. ### Manifest From 8479704858e216c2e64fd7e379e257118ec02c9d Mon Sep 17 00:00:00 2001 From: karczu Date: Thu, 21 Mar 2024 16:23:12 +0100 Subject: [PATCH 3/4] rfc-1101/tapplet draft typos fixed --- src/RFC-1101_Tapplet.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/RFC-1101_Tapplet.md b/src/RFC-1101_Tapplet.md index 1a4a567..28bdf32 100644 --- a/src/RFC-1101_Tapplet.md +++ b/src/RFC-1101_Tapplet.md @@ -58,22 +58,22 @@ The aim of this Request for Comment (RFC) is to propose the Tapplet concept. Tap ### Motivation -The **Tapplet** is dedicated type of applet for the Tari blockchain and the fundamental part of the Tari Universe described in [RFC-1100](https://github.com/tari-project/rfcs/pull/134). The idea behind registered Tapplets is to solve the class of vulnerabilities of the Dapp model known as supply chain attacks. This covers a wide range of attacks like: injecting malware code, XSS, stealing domains, social engineering attacks, etc. -The solution proposed by Tari uses the Tapplets Registry (another RFC will describe it) to register hashes of zip bundles of applications and sign them using the private key associated with Yat. The actual zip bundle can be hosted by https, but thanks to the registry commitment, the client can verify that the bundle hasn’t been tampered with. +The **Tapplet** is dedicated type of applet for the Tari blockchain and the fundamental part of the Tari Universe described in [RFC-1100](https://github.com/tari-project/rfcs/pull/134). The idea behind registered tapplets is to solve the class of vulnerabilities of the Dapp model known as supply chain attacks. This covers a wide range of attacks like: injecting malware code, XSS, stealing domains, social engineering attacks, etc. +The solution proposed by Tari uses the tapplets Registry (another RFC will describe it) to register hashes of zip bundles of applications and sign them using the private key associated with Yat. The actual zip bundle can be hosted by https, but thanks to the registry commitment, the client can verify that the bundle hasn’t been tampered with. Additionally the idea is to create an on-chain and association between smart contracts and their front end tapplets. This way, when a smart contract gets reused for a different purpose, it already comes with a ready tapplet that can be nested into other tapplets. ### Tapplets -At first, it is proposed that Tapplets are npm packages published to the public npm registry, but in the future it may be extended also to other package managers. Npm is the first choice because it is widely used, so publishing a new Tapplet is as simple as publishing an npm package. +At first, it is proposed that tapplets are npm packages published to the public npm registry, but in the future it may be extended also to other package managers. Npm is the first choice because it is widely used, so publishing a new Tapplet is as simple as publishing an npm package. Tapplets are separate packages and the file structure depends on its authors, however every package should contain a helpful readme file and must contain a manifest json file with Tapplet data. -The following details are specific to Tapplets: +The following details are specific to tapplets: -- The version in package.json and tapplet.manifest.json should match. -- The repository.url field in package.json should match the correct repository for the Tapplet. -- The source.location.npm.packageName in tapplet.manifest.json should match the name in package.json. -- The displayedName in tapplet.manifest.json should be a human-readable name -- The image specified in logoPath in the manifest file is used as the logo displayed in Tapplets market. This logo should be a valid SVG. +- The *version* string field in `package.json` and `tapplet.manifest.json` should match. +- The *repository.url* field in `package.json` should match the correct repository for the Tapplet. +- The *source.location.npm.packageName* in `tapplet.manifest.json` should match the name in `package.json`. +- The *displayName* in `tapplet.manifest.json` should be a human-readable name +- The image specified in *design.logoPath* in the manifest file is used as the logo displayed in tapplets market. This logo should be a valid SVG. After publishing the Tapplet, it is possible to connect to the Tapplet by using the Tapplet ID `npm:[packageName]`. @@ -88,15 +88,15 @@ Proposed `tapplet.manifest.json` file: { "packageName": "@company-name/tapplet-name", "version": "1.2.3", - "displayedName": "Tapplet human readable name", + "displayName": "Tapplet human readable name", "status": "latest / verified / deprecated / vulnerable - anything like this", "about": { "summary": "Short (a few words) summary.", "description": "Longer (a few sentences) project description." }, "design": { - "logoPath": "./assets/logo.png", - "backgroundPath": "./assets/background.png" + "logoPath": "./assets/logo.svg", + "backgroundPath": "./assets/background.svg" }, "repository": { "type": "git", From b1b362c5952a5bde6fce6464e7942f96de3b688b Mon Sep 17 00:00:00 2001 From: karczu Date: Wed, 27 Mar 2024 18:16:49 +0100 Subject: [PATCH 4/4] rfc-1101/tapplet second draft --- src/RFC-1101_Tapplet.md | 56 ++++++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/src/RFC-1101_Tapplet.md b/src/RFC-1101_Tapplet.md index 28bdf32..2690993 100644 --- a/src/RFC-1101_Tapplet.md +++ b/src/RFC-1101_Tapplet.md @@ -66,17 +66,49 @@ Additionally the idea is to create an on-chain and association between smart con At first, it is proposed that tapplets are npm packages published to the public npm registry, but in the future it may be extended also to other package managers. Npm is the first choice because it is widely used, so publishing a new Tapplet is as simple as publishing an npm package. -Tapplets are separate packages and the file structure depends on its authors, however every package should contain a helpful readme file and must contain a manifest json file with Tapplet data. +#### Security + +Safety considerations are worth mentioning, because as it was rightly pointed out during the discussion, the _npm has such a dismal security record that it might hurt the perceived integrity of the product_. + +One of the options is to implement an additional security layer alongside npm, such as [The Update Framework](https://theupdateframework.com/). + +An alternative of the npm registry may be IPFS, however from the security point of view both options are similar, because they based on checking the checksum of each version. Only the codeowner of the tapplet can register the new version with given checksum and each version is stored separately in the registry. For more details see _Tapplet version management_ section. + +#### Tapplet package structure + +Tapplets are separate packages and the file structure depends on its authors, however every package must contain: + +- `package.json` file +- `tapplet.manifest.json` file with tapplet’s data required for registration to Tari Universe +- entrypoint file: `/dist/index.html` +- (optionally) helpful `README.md`. + +The `package.json` file must adhere to [the requirements of npm](https://docs.npmjs.com/cli/v7/configuring-npm/package-json). + The following details are specific to tapplets: -- The *version* string field in `package.json` and `tapplet.manifest.json` should match. -- The *repository.url* field in `package.json` should match the correct repository for the Tapplet. -- The *source.location.npm.packageName* in `tapplet.manifest.json` should match the name in `package.json`. -- The *displayName* in `tapplet.manifest.json` should be a human-readable name -- The image specified in *design.logoPath* in the manifest file is used as the logo displayed in tapplets market. This logo should be a valid SVG. +- The _packageName_ field in `package.json` and `tapplet.manifest.json` must match. +- The _version_ string field in `package.json` and `tapplet.manifest.json` must match. _version_ must be a valid [SemVer](https://semver.org/) version string. +- The _repository.url_ field in `package.json` must match the correct repository for the Tapplet. +- The _source.location.npm.packageName_ in `tapplet.manifest.json` must match the name in `package.json`. +- The _displayName_ in `tapplet.manifest.json` should be a human-readable string less than or equal to 214 characters to be consistent with the [npm package naming rules](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#name) +- The image specified in _design.logoPath_ in the manifest file is used as the logo displayed in tapplets market. This logo should be a valid SVG. +- The image specified in _design.backgroundPath_ in the manifest file is used as the background image displayed in tapplets market. This logo should be a valid SVG. +- The `publisher` filed is a public key of the tapplet publisher. Publisher may be the author of the tapplet package. After publishing the Tapplet, it is possible to connect to the Tapplet by using the Tapplet ID `npm:[packageName]`. +_Sample package structure. This diagram is non-normative._ + +``` +- example-tapplet/ + ├─ dist/ + │ ├─ index.html + ├─ package.json + ├─ README.md + ├─ tapplet.manifest.json +``` + ### Manifest The Tapplet Manifest file specifies the most significant Tapplet’s data, which includes: package name, version, source and content hash. In the future manifest files may also contain references to other applets that get nested within. @@ -111,13 +143,19 @@ Proposed `tapplet.manifest.json` file: } } }, + "publisher": "publisher-public-key" "manifestVersion": "1.2.3" } ``` +### Tapplet version management + +Step-by-step instructions on how to add, upgrade and remove/deprecate tapplets are precisely described in the [RFC-1102 Tapplets registry](https://github.com/tari-project/rfcs/pull/138) in the “Tapplet version management” section. + # Change Log -| Date | Change | Author | -| :---------- | :---------- | :----- | -| 21 Mar 2024 | First draft | karczu | +| Date | Change | Author | +| :---------- | :----------- | :----- | +| 26 Mar 2024 | Second draft | karczu | +| 21 Mar 2024 | First draft | karczu |