samehabouelsaad/sal-modular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add WASM support and browser extension infrastructure

Browse Source 
- Add WASM build target and dependencies for all crates.
- Implement IndexedDB-based persistent storage for WASM.
- Create browser extension infrastructure (UI, scripting, etc.).
- Integrate Rhai scripting engine for secure automation.
- Implement user stories and documentation for the extension.
This commit is contained in:
Sameh Abouelsaad
2025-05-16 15:31:53 +03:00
parent 19f46d6edb
commit 13945a8725
25 changed files with 672 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs/extension_architecture.md Normal file
View File

@@ -0,0 +1,52 @@
# Browser Extension Architecture & Workflow
## Overview
The browser extension is the main user interface for interacting with the modular Rust cryptographic stack (vault, EVM client, key-value store) and for executing Rhai scripts securely. It is designed for both local (user-driven) scripting and remote (server-driven) workflows.
---
## Features & Phases
### Phase 1: Local Session & Script Execution
- **Session Management**: User creates/unlocks a keyspace and selects/creates a keypair. Session state is required for all cryptographic operations.
- **Keypair Actions**:
- Sign, verify
- Asymmetric encrypt/decrypt
- Symmetric encrypt/decrypt (arbitrary messages/files, using password-derived key)
- Send transaction, check balance (with selected provider)
- Execute user-provided Rhai scripts (from extension input box)
- Scripts have access to the session manager's signer; explicit per-script approval is required.
### Phase 2: WebSocket Server Integration
- **Connection**: User connects to a websocket server using the selected keypair's public key. Connection persists as long as the extension is loaded (i.e., its background logic/service worker is active), regardless of whether the popup/UI is open.
- **Script Delivery & Approval**:
- Server can send Rhai scripts (with title, description, tags: `local`/`remote`).
- Extension notifies user of incoming scripts, displays metadata, allows viewing and approval.
- User must unlock keyspace and select the correct keypair to approve/execute.
- For `remote` scripts: user signs the script hash and sends signature to server (for consent/authorization; server may execute script).
- For `local` scripts: script executes locally, and the extension logs and reports the result back to the server.
- For user-pasted scripts: logs only; server connection not required.
---
## Script Permissions & Security
- **Session Password Handling**: The extension stores the keyspace password (or a derived key) securely in memory only for the duration of an unlocked session. The password is never persisted or written to disk/storage, and is zeroized from memory immediately upon session lock/logout, following cryptographic best practices (see also Developer Notes below).
- **Signer Access**: Scripts can access the session's signer only after explicit user approval per execution.
- **Approval Model**: Every script execution (local or remote) requires user approval.
- **No global permissions**: Permissions are not granted globally or permanently.
---
## UI/UX Guidelines
- Use any robust, modern, and fast UI framework (React, Svelte, etc.).
- Dark mode is recommended.
- UI should be responsive, intuitive, and secure.
- All cryptographic operations and script executions must be clearly auditable and user-approved.
---
## Developer Notes
- Extension is the canonical interface for scripting and secure automation.
- CLI and additional server features are planned for future phases.
- For vault and scripting details, see [rhai_architecture_plan.md].
- For EVM client integration, see [evm_client_architecture_plan.md].

58
docs/rhai_architecture_plan.md
View File

@@ -1,4 +1,60 @@
# Rhai Scripting System Architecture & Implementation Plan
# Rhai Scripting Architecture Plan
## Overview
This document describes the architecture and integration plan for Rhai scripting within the modular Rust cryptographic system. The goal is to enable secure, extensible scripting for both browser and (future) CLI environments, with the browser extension as the main user interface.
## Interfaces
- **Browser Extension**: The primary and recommended user interface for all modules, scripting, and automation.
- **CLI**: Planned as a future feature; not a primary interface.
## Vault & Scripting Capabilities
- All cryptographic operations (sign, verify, encrypt, decrypt) are exposed to Rhai scripts via the extension.
- Symmetric encryption/decryption of arbitrary messages/files is supported using a key derived from the keyspace password (see `Vault::encrypt`/`Vault::decrypt`).
- User-provided Rhai scripts can access the current session's signer (with explicit approval).
## Extension UI/UX & Workflow
### Phase 1: Local Session & Script Execution
1. **Session Management**
- User is prompted to create/unlock a keyspace and select/create a keypair.
- The session (unlocked keyspace + selected keypair) is required for all cryptographic actions and script execution.
2. **Per-Keypair Actions**
- Sign, verify
- Asymmetric encrypt/decrypt
- Symmetric encrypt/decrypt (using password-derived key)
- Send transaction, check balance (with selected provider)
- Execute user-provided Rhai script (from input box)
- Scripts have access to the session manager's current signer and can send transactions on behalf of the user, but require explicit approval per script execution.
### Phase 2: WebSocket Server Integration
1. **Connection**
- User must have an active session to connect to the server (connects using selected keypair's public key).
- Connection is persistent while the extension is open; user may lock keyspace but remain connected.
2. **Script Delivery & Approval**
- Server can send Rhai scripts to the extension, each with a title, description, and tags (e.g., `local`, `remote`).
- Extension notifies user of incoming script, displays metadata, and allows user to view the script.
- User must unlock their keyspace and select the correct keypair to approve/execute the script.
- For `remote` scripts: user signs the script hash (consent/authorization) and sends the signature to the server. The server may then execute the script.
- For `local` scripts: script executes locally, and the extension logs and reports the result back to the server.
- For user-pasted scripts (from input box): logs only; server connection not required.
## Script Permissions & Security
- **Session Password Handling**: The session password (or a derived key) is kept in memory only for the duration of the unlocked session, never persisted, and is zeroized from memory on session lock/logout. This follows best practices for cryptographic applications and browser extensions.
- **Signer Access**: Scripts can access the session's signer only after explicit user approval per execution.
- **Approval Model**: Every script execution (local or remote) requires user approval.
- **No global permissions**: Permissions are not granted globally or permanently.
## UI Framework & UX
- Any robust, modern, and fast UI framework may be used (React, Svelte, etc.).
- Dark mode is recommended.
- UI should be responsive, intuitive, and secure.
## Developer Notes
- The extension is the canonical interface for scripting and secure automation.
- CLI support and additional server features are planned for future phases.
- See also: [EVM Client Plan](evm_client_architecture_plan.md) and [README.md] for architecture overview.
## Project Goal

48
docs/user_stories.md Normal file
View File

@@ -0,0 +1,48 @@
# User Stories: Modular Cryptographic Extension & Scripting
## As a User, I want to...
### Session & Key Management
- Create a new encrypted keyspace with a password so that only I can access my secrets.
- Unlock an existing keyspace by entering my password.
- Create, select, and manage multiple keypairs within a keyspace.
- Clearly see which keyspace and keypair are currently active in my session.
### Cryptographic Operations
- Sign and verify messages using my selected keypair.
- Encrypt and decrypt messages or files using asymmetric cryptography (public/private keypair).
- Encrypt and decrypt messages or files using symmetric encryption (derived from my keyspace password).
- Export or back up my keypairs securely.
### EVM Client Actions
- Connect to an Ethereum provider and check my account balance.
- Send transactions using my selected keypair.
### Scripting (Rhai)
- Paste or write a Rhai script into the extension UI and execute it securely.
- Approve or deny each script execution, with a clear understanding of what the script will access (e.g., signing, sending transactions).
- See script logs/output in the extension UI.
### Security & Permissions
- Be prompted for approval before any script can access my keypair or perform sensitive operations.
- See a clear audit trail/log of all cryptographic and scripting actions performed in my session.
### WebSocket Integration (Future)
- Connect to a server using my keypair's public key and receive Rhai scripts from the server.
- Review and approve/reject incoming scripts, with clear metadata (title, description, tags).
- For remote scripts, sign the script hash and send my signature to the server as consent.
- For local scripts, execute them in the extension and have the results reported back to the server.
### UI/UX
- Use a fast, modern, and intuitive extension interface, with dark mode support.
- Always know the current security state (locked/unlocked, connected/disconnected, etc.).
---
## As a Developer, I want to...
- Expose all vault and EVM client APIs to WASM so they are callable from JavaScript/TypeScript.
- Provide ergonomic Rust-to-Rhai bindings for all key cryptographic and EVM actions.
- Ensure clear error reporting and logging for all extension and scripting operations.
- Write tests for both WASM and native environments.
- Easily add new cryptographic algorithms, providers, or scripting APIs as the system evolves.