host_extensions/

executor_contract.rs

//! Executor contract — canonical response types and error constants for
//! `window.host.*` bridge calls.
//!
//! Host implementations (host-rs, dotli) use these definitions to ensure SPAs
//! receive identical promise resolution values regardless of which host they
//! run on.
//!
//! ## Response value conventions
//!
//! Most bridge calls resolve with **bare values** — a string, an integer, a
//! boolean, or `null`.  Only `mediaGetUserMedia` resolves with a structured
//! JSON object.  The types below document the exact JS-level value the
//! promise resolves with.
//!
//! See also `docs/executor-contract.md` for behavioral rules that types cannot
//! express (listener lifecycle, error semantics, identity rules).

use serde::{Deserialize, Serialize};

// ── Structured response types ───────────────────────────────────────────
//
// These are the only bridge calls that resolve with a JSON object.

/// `mediaGetUserMedia({ audio, video })` — resolves with a JSON object
/// containing the allocated local track IDs *before* the corresponding
/// `mediaTrackReady` events fire.
///
/// A field is **absent** (not `null`) when the caller did not request that
/// track kind.  Hosts MUST use `skip_serializing_if` (or equivalent) to
/// omit unrequested fields rather than setting them to `null`.
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct GetUserMediaResult {
    #[serde(skip_serializing_if = "Option::is_none")]
    pub audio_track_id: Option<u64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub video_track_id: Option<u64>,
}

/// `mediaGetDisplayMedia()` — resolves with the allocated screen track ID.
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct GetDisplayMediaResult {
    pub screen_track_id: u64,
}

/// `meshStatus()` — resolves with the current mesh backend health and queue state.
#[derive(Debug, Serialize, serde::Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct MeshStatusResult {
    pub health: String,
    pub transport: String,
    pub pending_publishes: u64,
    pub pending_queries: u64,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub last_error: Option<String>,
}

/// `mesh.objects.put(path, dataBase64, policy?)` retention and preview policy.
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "camelCase")]
pub struct MeshObjectPolicy {
    /// Absolute expiry in host time. Hosts may internally derive this from TTL
    /// before persistence, but app-facing behavior is always expressed as an
    /// absolute host-clock deadline.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub expires_at_ms: Option<u64>,
    /// Hint for host-managed previews, notifications, and restored plaintext
    /// derivatives on compliant hosts.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub suppress_previews: Option<bool>,
}

#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum MeshObjectReadReason {
    Expired,
    NotFound,
    PolicyDenied,
}

/// `mesh.objects.getResult(path)` and structured negative `meshReply` model.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "camelCase")]
pub struct MeshObjectResult {
    pub data_base64: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub reason: Option<MeshObjectReadReason>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub expires_at_ms: Option<u64>,
}

impl MeshObjectResult {
    pub fn found(data_base64: String, expires_at_ms: Option<u64>) -> Self {
        Self {
            data_base64: Some(data_base64),
            reason: None,
            expires_at_ms,
        }
    }

    pub fn unavailable(reason: MeshObjectReadReason, expires_at_ms: Option<u64>) -> Self {
        Self {
            data_base64: None,
            reason: Some(reason),
            expires_at_ms,
        }
    }

    pub fn compat_data(self) -> Option<String> {
        self.data_base64
    }
}

#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum MeshControlMode {
    Visible,
    Encrypted,
}

/// Capability-scoped control envelope for mesh 1.2 private channels.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "camelCase")]
pub struct MeshControlEnvelope {
    pub mode: MeshControlMode,
    pub data_base64: String,
}

/// `mesh.private.objects.put(dataBase64, policy?)` opaque object reference.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "camelCase")]
pub struct MeshPrivateObjectRef {
    pub handle: String,
    pub capability: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub expires_at_ms: Option<u64>,
}

// ── Bare-value response documentation ───────────────────────────────────
//
// The following bridge calls resolve with bare (non-object) values.
// No Rust struct is needed — the host serializes the value directly.
//
// | Method                  | Resolves with                | JS type   |
// |-------------------------|------------------------------|-----------|
// | `getAddress`            | SS58 address                 | `string`  |
// | `sign`                  | `0x`-prefixed hex signature  | `string`  |
// | `chainQuery`            | raw JSON-RPC result          | `any`     |
// | `chainSubmit`           | transaction hash             | `string`  |
// | `dataConnect`           | connection ID                | `number`  |
// | `dataGetPeerId`         | wallet SS58 address          | `string`  |
// | `mediaConnect`          | session ID                   | `number`  |
// | `mediaAccept`           | session ID                   | `number`  |
// |   (with `{ peer }`)    | session ID (group path)      | `number`  |
// | `mediaGetPeerId`        | wallet SS58 address          | `string`  |
// | `storageGet`            | stored value or `null`       | `string?` |
// | `dataSend`              | `true`                       | `boolean` |
// | `dataSendBytes`         | `true`                       | `boolean` |
// | `dataClose`             | `true`                       | `boolean` |
// | `dataStartListening`    | `true`                       | `boolean` |
// | `storageSet`            | `true`                       | `boolean` |
// | `storageRemove`         | `true`                       | `boolean` |
// | `statementsWrite`       | `true`                       | `boolean` |
// | `statementsSubscribe`   | `true`                       | `boolean` |
// | `filesSave`             | `true`                       | `boolean` |
// | `meshPublish`           | `true`                       | `boolean` |
// | `meshSubscribe`         | `true`                       | `boolean` |
// | `meshPutObject`         | `true`                       | `boolean` |
// | `meshGetObject`         | stored object or `null`      | `string?` |
// | `meshGetObjectResult`   | retention-aware read result  | `object`  |
// | `meshRequest`           | request ID                   | `string`  |
// | `meshRespond`           | `true`                       | `boolean` |
// | `meshStatus`            | queue + health object        | `object`  |
// | `meshPrivatePutObject`  | opaque ref + capability      | `object`  |
// | `meshPrivateGetObject`  | capability-scoped read       | `object`  |
// | `meshPrivateRequest`    | request ID                   | `string`  |
// | `meshPrivateControlPublish` | `true`                  | `boolean` |
// | `meshPrivateControlSubscribe` | `true`                | `boolean` |
// | `meshPrivateReceiptPublish` | `true`                  | `boolean` |
// | `meshPrivateReceiptSubscribe` | `true`                | `boolean` |
// | `mediaClose`            | `true`                       | `boolean` |
// | `mediaStartListening`   | `true`                       | `boolean` |
// | `mediaAttachTrack`      | `true`                       | `boolean` |
// | `mediaSetTrackEnabled`  | `true`                       | `boolean` |
// | `mediaSignal`           | `true`                       | `boolean` |
// | `requestWssPermission`  | `true`                       | `boolean` |
// | `requestHttpPermission` | `true`                       | `boolean` |
// | `mediaAddTrack`       | `true`                    | `boolean` |
// | `mediaRemoveTrack`    | `true`                    | `boolean` |
// | `mediaGroupConnect`   | group session ID (string) | `string`  |
// | `mediaGroupAccept`    | session ID                | `number`  |
// | `mediaGroupReject`    | `true`                    | `boolean` |
// | `crdtJoin`            | room handle object        | `object`  |
// | `crdtApplyUpdate`     | `true`                    | `boolean` |
// | `crdtGetStateVector`  | base64-encoded vector     | `string`  |
// | `crdtGetFullState`    | base64-encoded state      | `string`  |
// | `crdtSetAwareness`    | `true`                    | `boolean` |
// | `crdtDestroy`         | `true`                    | `boolean` |

/// `crdtJoin(roomId, opts?)` — resolves with room metadata.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct CrdtJoinResult {
    pub room_id: String,
    pub transport: String,
}

// ── Error message constants ──────────────────────────────────────────────
// Hosts MUST use these exact strings so SPAs can match on error text.

pub const ERR_WALLET_NOT_CONNECTED: &str = "wallet not connected";
pub const ERR_WALLET_NOT_ENABLED: &str = "wallet not enabled";
pub const ERR_DATA_PERMISSION: &str = "data permission not granted";
pub const ERR_MEDIA_PERMISSION: &str = "media permission not granted";
pub const ERR_CAMERA_PERMISSION: &str = "camera permission not granted";
pub const ERR_AUDIO_PERMISSION: &str = "audio permission not granted";
pub const ERR_CHAIN_PERMISSION: &str = "chain permission not granted";
pub const ERR_STATEMENTS_PERMISSION: &str = "statements permission not granted";
pub const ERR_PENDING_SIGN: &str = "another signing request is pending";
pub const ERR_PENDING_SUBMIT: &str = "another submit request is pending";
pub const ERR_PENDING_CONNECT: &str = "another connect request is pending";
pub const ERR_ADDRESS_REQUIRED: &str = "address is required";
pub const ERR_PEER_ADDRESS_EMPTY: &str = "peer address cannot be empty";
pub const ERR_FILENAME_REQUIRED: &str = "filename is required";
pub const ERR_INVALID_ELEMENT_ID: &str = "invalid elementId";
pub const ERR_SCREEN_PERMISSION: &str = "screen capture permission not granted";
pub const ERR_SCREEN_DENIED_BY_OS: &str = "screen capture denied by operating system";
pub const ERR_GROUP_TOO_LARGE: &str = "group exceeds maximum peer limit";
pub const ERR_NO_PENDING_CALL_FOR_PEER: &str = "no pending incoming call from that peer";
pub const ERR_GROUP_ID_REQUIRED: &str = "groupId is required for group calls";
pub const ERR_CRDT_ROOM_NOT_FOUND: &str = "crdt room not found";
pub const ERR_CRDT_ROOM_ID_REQUIRED: &str = "roomId is required";

#[cfg(test)]
mod tests {
    use super::*;

    fn json(v: &impl serde::Serialize) -> String {
        serde_json::to_string(v).unwrap()
    }

    #[test]
    fn get_user_media_result_both_tracks_json_shape() {
        let r = GetUserMediaResult {
            audio_track_id: Some(1),
            video_track_id: Some(2),
        };
        assert_eq!(json(&r), r#"{"audioTrackId":1,"videoTrackId":2}"#);
    }

    #[test]
    fn get_user_media_result_audio_only_omits_video() {
        let r = GetUserMediaResult {
            audio_track_id: Some(1),
            video_track_id: None,
        };
        assert_eq!(json(&r), r#"{"audioTrackId":1}"#);
    }

    #[test]
    fn get_user_media_result_video_only_omits_audio() {
        let r = GetUserMediaResult {
            audio_track_id: None,
            video_track_id: Some(3),
        };
        assert_eq!(json(&r), r#"{"videoTrackId":3}"#);
    }

    #[test]
    fn get_display_media_result_json_shape() {
        let r = GetDisplayMediaResult {
            screen_track_id: 42,
        };
        assert_eq!(json(&r), r#"{"screenTrackId":42}"#);
    }

    #[test]
    fn mesh_status_result_json_shape() {
        let result = MeshStatusResult {
            health: "healthy".into(),
            transport: "statement-store".into(),
            pending_publishes: 1,
            pending_queries: 2,
            last_error: None,
        };
        assert_eq!(
            json(&result),
            r#"{"health":"healthy","transport":"statement-store","pendingPublishes":1,"pendingQueries":2}"#
        );
    }

    #[test]
    fn mesh_object_policy_json_shape() {
        let policy = MeshObjectPolicy {
            expires_at_ms: Some(1710000000000),
            suppress_previews: Some(true),
        };
        assert_eq!(
            json(&policy),
            r#"{"expiresAtMs":1710000000000,"suppressPreviews":true}"#
        );
    }

    #[test]
    fn mesh_object_result_positive_json_shape() {
        let result = MeshObjectResult::found("AQID".into(), Some(1710000000000));
        assert_eq!(
            json(&result),
            r#"{"dataBase64":"AQID","expiresAtMs":1710000000000}"#
        );
    }

    #[test]
    fn mesh_object_result_negative_json_shape() {
        let result =
            MeshObjectResult::unavailable(MeshObjectReadReason::Expired, Some(1710000000000));
        assert_eq!(
            json(&result),
            r#"{"dataBase64":null,"reason":"expired","expiresAtMs":1710000000000}"#
        );
    }

    #[test]
    fn mesh_control_envelope_json_shape() {
        let envelope = MeshControlEnvelope {
            mode: MeshControlMode::Encrypted,
            data_base64: "AQID".into(),
        };
        assert_eq!(
            json(&envelope),
            r#"{"mode":"encrypted","dataBase64":"AQID"}"#
        );
    }

    #[test]
    fn mesh_private_object_ref_json_shape() {
        let reference = MeshPrivateObjectRef {
            handle: "mesh-private-handle-1".into(),
            capability: "mesh-private-capability-1".into(),
            expires_at_ms: Some(1710000000000),
        };
        assert_eq!(
            json(&reference),
            r#"{"handle":"mesh-private-handle-1","capability":"mesh-private-capability-1","expiresAtMs":1710000000000}"#
        );
    }

    #[test]
    fn crdt_join_result_json_shape() {
        let r = CrdtJoinResult {
            room_id: "doc-abc".into(),
            transport: "relay".into(),
        };
        assert_eq!(json(&r), r#"{"roomId":"doc-abc","transport":"relay"}"#);
    }

    #[test]
    fn error_constants_are_non_empty() {
        let constants = [
            ERR_WALLET_NOT_CONNECTED,
            ERR_WALLET_NOT_ENABLED,
            ERR_DATA_PERMISSION,
            ERR_MEDIA_PERMISSION,
            ERR_CAMERA_PERMISSION,
            ERR_AUDIO_PERMISSION,
            ERR_CHAIN_PERMISSION,
            ERR_STATEMENTS_PERMISSION,
            ERR_PENDING_SIGN,
            ERR_PENDING_SUBMIT,
            ERR_PENDING_CONNECT,
            ERR_ADDRESS_REQUIRED,
            ERR_PEER_ADDRESS_EMPTY,
            ERR_FILENAME_REQUIRED,
            ERR_INVALID_ELEMENT_ID,
            ERR_SCREEN_PERMISSION,
            ERR_SCREEN_DENIED_BY_OS,
            ERR_GROUP_TOO_LARGE,
            ERR_NO_PENDING_CALL_FOR_PEER,
            ERR_GROUP_ID_REQUIRED,
            ERR_CRDT_ROOM_NOT_FOUND,
            ERR_CRDT_ROOM_ID_REQUIRED,
        ];
        for c in &constants {
            assert!(!c.is_empty());
        }
    }
}