Canvas v0.10 and federation readiness

[raykyri]

Closes #8918. All tests pass, ready for QA and code review

This PR updates hicommonwealth/commonwealth from Canvas 0.8 to Canvas 0.10, and fully implements a federation node backed by a separate Postgres database.

When creating, editing, or deleting comments, threads, or reactions, it attempts to create the corresponding Canvas action and post it to the database. This may fail if a dependency of the current action wasn't posted to Canvas (e.g. commenting on a thread when the thread was not signed on Canvas); in that case the action will proceed without a signature.

Full Description of Changes

• Upgrades canvas dependencies from v0.8 -> v0.10
  • Removes unused canvas-node package
  • Replaces CAIP-2 address with did around the codebase. The DIDs are unchanged from CAIP-2 identifiers except with did:pkh: prefixed before them; did:pkh is just a wrapper around CAIP-2 but this gives us a better standardized way to refer to user accounts as DIDs.
  • Renames canvas_hash to canvas_msg_id
  • Ensures canvas_msg_id is used when comments depend on threads, reactions depend on comments, etc.
• Removes the ENFORCE_SESSION_KEYS feature flag.
  • A Canvas session is now always required when logging in
  • Interacting on the site now always requires a valid session for the currently active address.
  • The client will attempt to sign actions. This will fail (as mentioned above) if dependent data is missing, in which case it will submit the thread/comment/reaction/etc. to the backend without a signature, which will be accepted. But if a signature is provided, it will be verified by the backend, and an error will be thrown if the Action or Session is invalid.
• Minor upgrades
  • Updates @types/react from ^18.0.26 to ^18.3.3
  • Updates prettier to ^3.3.3, to support some syntax used in the update Canvas contract.ts.
  • Updates typescript to use es2022 module format.
  • Adds verified checkmark to threads, since they were just on comments before.

Note this PR requires a local database called federation, or requires process.env.FEDERATION_POSTGRES_DB_URL to be set. To QA, you can create a local federation database the same way you initialized Postgres while setting up Commonwealth:

$ createdb federation

Or in psql:

CREATE DATABASE federation;

Deployment Plan

• Create a new Heroku database and connect it to the application (it could be the larger Hobby database).
• Provide it as an environment variable: FEDERATION_POSTGRES_DB_URL

Description of Changes

• Upgraded to 0.10.0
• Change everything to use DIDs
• Use ES2022 to fix import
• Actions inserted when creating a comment, thread, and both types of reactions
  • thread
  • comment
  • reactThread
  • reactComment
• app.messageLog.verifySignature and app.messageLog.insert not consistent
• async issue with app.insert()
• Test on different chains
  • Ethereum
  • Evmos (Cosmos Metamask)
  • Evmos (Keplr)
  • Cosmos
  • Solana
  • Substrate
• Fix references to canvas_hash, by using msgid in all canvas actions that reference a different model. Also ensure that server-side verification is implemented and working for all actions.
  • Threads
  • createThread
  • updateThread (limited server-side verification)
  • deleteThread
  • Comments
  • createComment
  • updateComment (limited server-side verification)
  • deleteComment
  • Reactions
  • reactThread
  • reactComment
  • unreactComment
  • unreactThread
• missing fields
  • thread.topic
• client uses the most recent clock number + parents when creating actions/sessions
  • /api/getClock OR just include in app.status
• remove ENFORCE_SESSION_KEYS
• update session revalidation dialog design
• auto-log-out user if all their session keys are logged out (Difficult to do this without either 1) introducing extra latency on page load (bad), 2) refactoring initAppState, or 3) making the code more complicated if the user's session keys are all logged out)
• fix issue where user gets auto-logged when relinking a wallet with a valid cached session key

Todos before deploying:

• Discuss how to provision and maintain the federation database on QA, any staging tiers, and production tiers.

Outside the scope of this PR:

• Turn libp2p on
• Set up explorer - Create a Commonwealth version of the application at packages/network-explorer - a web app for viewing a network's messages  canvasxyz/canvas#290

[raykyri]

Need to fix tests but otherwise this is ready for review/QA.

[jnaviask]

@raykyri what does this PR do? where's the description of the goals of these changes (should be a ticket, ideally), and how we can confirm that these goals were satisfactorily met?

[raykyri]

Good point.. I was going to work on this on Sunday but lost track of time. Let me move this into a draft PR until I can fix that up (hopefully later today).

[raykyri]

✅ @rjwebb Can you take a look at the unit tests/integration tests to fix the remaining failing tests? I've updated the seeders to use DIDs, but:

• I think there are some places where the API expects signed Canvas messages to be passed, but they aren't being passed right now
• The action/session clock encoding isn't working properly inside tests (all the failing integration tests are throwing an exception because of the clock being wrong)
• There are a couple of weird type errors showing up on pnpm check-types, which are probably because of a React version bump or incompatibility between conflicting versions of React; this might be caused by some dependency updates that we made. We might have to try to backtrack in history to figure out what caused this, but fwiw it wasn't showing up until I rebased this branch onto master today. (This is lower priority)

You can run a smaller subset of tests from packages/commonwealth using:

INIT_TEST_DB=true NODE_ENV=test pnpm exec vitest --config ../../vite.config.ts --fileParallelism=false --coverage run ./test/integration/api/subscriptions.spec.ts "--allowOnly=false"

[raykyri]

QA matrix:

• Create and edit thread (from working session key)
• Create and edit comment (from working session key, on signed thread)
• Create and edit comment (from working session key, on unsigned thread)
• Create and delete reaction (from working session key, on signed thread)
• Create and delete reaction (from working session key, on unsigned thread)
• Create and delete reaction (from working session key, on signed comment)
• Create and delete reaction (from working session key, on unsigned comment)

Session re-auth test:

• Create thread (from cleared session key)
• Edit thread (from cleared session key)
• Create comment (from cleared session key)
• Edit comment (from cleared session key)
• Create reaction (on thread, from cleared session key)
• Delete reaction (on thread, from cleared session key)
• Create reaction (on comment, from cleared session key)
• Delete reaction (on comment, from cleared session key)

Multichain test:

• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Solana)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Evmos - Keplr)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Evmos - Metamask)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Injective)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Terra - WalletConnect)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Terra - Station)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Substrate, e.g. Edgeware)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Cosmos, e.g. Stargaze)
• Create thread, comment, react thread, react comment, edit comment, edit thread, delete all (Ethereum, e.g. Aave)

Other issues not for this PR:

• Login breaks when the user has a chain with a bad RPC

[mzparacha]

Facing the same issue as earlier #8537 (comment)

Clicked around, Not able to create thread with active session address
Screen.Recording.2024-09-06.at.7.27.39.PM.mov
other actions with existing thread/comments/reactions worked for me.

Also got some auth issues with metamask/keplr (but they are also on master branch).

[raykyri]

This should have fixed both the createThread and auth issues. If you're a super admin, you should disable that flag before testing this PR, or otherwise Roger has a PR that will be merged into master soon to fix a potential issue with super admin tRPC requests.

[mzparacha]

Update:

Retested, Now all wallet logins work both inside and outside the community.

But I am still facing this thread creation issue with all wallets.

Also the API build was failing for me (and per @raykyri it might be the cause of the create thread issue)

pnpm -r build
Scope: 15 of 16 workspace projects
libs/api-client build$ tsc -b ./tsconfig.build.json
└─ Done in 869ms
libs/chains build$ tsc -b tsconfig.build.json
│ src/cosmos-ts/src/codegen/helpers.ts(25,24): error TS2339: Property 'Buffer' does not exist on type 'typeof globalThis'.
│ src/cosmos-ts/src/codegen/helpers.ts(38,24): error TS2339: Property 'Buffer' does not exist on type 'typeof globalThis'.
└─ Failed in 2.7s at /commonwealth/libs/chains

will be attempting to fix that and update.

Update:

The build works for me now but still getting the thread creation issue

Screen.Recording.2024-09-13.at.9.11.39.PM.mov

[mzparacha]

Only found 1 issue, the other things I tried were auth with all wallets both with/without community scope, thread/comment/reply/reaction creation/deletion/updation and all of those things worked.

1. Join community with address A -> Create thread -> localStorage.clear() -> try vote/comment/ -> login with address B that wasn't linked before -> notice error.

Screen.Recording.2024-09-13.at.11.49.37.PM.mov

Thanks for all the changes.

cc: @raykyri