Closed rvolosatovs closed 5 months ago
The TSC has reviewed this proposal during today's meeting, and I am happy to report that it was approved! Thank you for all the details.
(Side note: the Wasmtime plugin related bit is really more of an RFC kind of thing that should rope in more Wasmtime maintainers and stakeholders than those that happen to be on the TSC for discussion. That said, it is certainly an exciting possibility!)
Please initiate the transfer to the Bytecode Alliance github org and myself and/or @ricochet can work with you from there as needed.
Thanks!
Proposing the adoption of wRPC as a Bytecode Alliance hosted project.
Repository URL: https://github.com/wrpc/wrpc
wRPC
wRPC
is a component-native transport-agnostic RPC protocol and framework based on WIT. It facilitates execution of arbitrary functionality defined in WIT over network or other means of communication.Requirements
Alignment with the Bytecode Alliance Mission
I believe wRPC project aligns with the Bytecode Alliance Mission, it directly improves modularity of an existing Bytecode Alliance project, Wasmtime, by allowing a modular, out-of-tree plugin architecture (see https://github.com/bytecodealliance/wasmtime/pull/8737 for the proposal in Wasmtime)
wRPC project itself is highly modular. For example,
wrpc-transport
crate provides the core transport abstractions, which are then implemented in e.g.wrpc-transport-nats
. The intention is to further addwrpc-transport-ipc
,wrpc-transport-quic
etc.wRPC officially supports the following platforms:
Support for these platforms is continously tested on each pull request, the CI platform matrix can be seen here: https://github.com/wrpc/wrpc/blob/86d06a487f3ab3ad71c476c0038dbb759282388a/.github/workflows/wrpc.yml#L29-L64
Given the (potentially) networked use cases, wRPC protects e.g. from malicious peers by utilizing component model value definition encoding, defined at https://github.com/WebAssembly/component-model/blob/8ba643f3a17eced576d8d7d4b3f6c76b4e4347d7/design/mvp/Binary.md#-value-definitions, in which length of each dynamically-sized buffer is always known upfront and therefore the receiver peer can protect itself from e.g. buffer overflow attacks.
Code Review
Description
Code owner reviews are required, but currently there's only one code owner: @rvolosatovs, so his pull requests do not require review for merge. Once there are more active contributors to the project, that will change.
Example PR from an outside contributor: https://github.com/wrpc/wrpc/pull/108
CODEOWNERS
: https://github.com/wrpc/wrpc/blob/86d06a487f3ab3ad71c476c0038dbb759282388a/.github/CODEOWNERSCode of Conduct
A pull request for adding Bytecode Alliance CoC is open https://github.com/wrpc/wrpc/pull/104 and will be merged once the repository is approved for transfer
Continuous Integration Testing
wRPC, as a primarily Rust project, uses
cargo audit
,cargo clippy
,cargo fmt
andcargo nextest
in CI, as well as builds the codebase for a variety of platforms and architectures on each pull request.cargo publish
is run indry-run
mode for contained crates, but only failure in publishing of self-contained crates triggers a CI failure.cargo doc
is built on each pull request and each merge tomain
branch triggers publishing the latest documentation to https://wrpc.github.io/wrpc/wrpc/index.html, which is occasionally verified manually.wRPC contains Go code, which is tested using
go test
, however that is made part of thecargo
test suite, meaning thatgo test
is run as part ofcargo test
wRPC contains a subtree-merged
wit-bindgen
source tree, which is heavily modified. wRPC uses the same test suite aswit-bindgen
to testwit-bindgen-wrpc
Pull requests are merged using merge queue to ensure that CI is always being run on the latest HEAD state
Example PR https://github.com/wrpc/wrpc/pull/108 Example main CI run: https://github.com/wrpc/wrpc/actions/runs/9349494244
See https://github.com/wrpc/wrpc/tree/86d06a487f3ab3ad71c476c0038dbb759282388a/.github/workflows for current GitHub Actions setup
Contributor Documentation
Project contains a
CONTRIBUTING.md
at the root: https://github.com/wrpc/wrpc/blob/main/CONTRIBUTING.mdFollowing the Bytecode Alliance Operational Principles
wRPC project is committed to be interoperable with other projects and follows a standards-first approach. For example, the encoding format originating within wRPC was contributed to component model specification (and, eventually, modified using received feedback) to ensure standard compliance and consistency https://github.com/WebAssembly/component-model/pull/336
Licensing Compatible with the Bytecode Alliance
The project uses "Apache-2.0 WITH LLVM-exception" license: https://github.com/wrpc/wrpc/blob/86d06a487f3ab3ad71c476c0038dbb759282388a/LICENSE
README
README can be found at https://github.com/wrpc/wrpc/blob/main/README.md
PR for indentifying as Bytecode Alliance project is open and will be merged once it's approved: https://github.com/wrpc/wrpc/pull/112
Release Process
Crate release automation is set up using GitHub Actions and
cargo
https://github.com/wrpc/wrpc/blob/c7bb1ebbd553c4557dbdb07f161435f168b98402/.github/workflows/wrpc.yml#L309-L350, however a token is not provisioned for CI due to logistical issues. Once the repository has been transferred to Bytecode Alliance, a CI user will be provisioned and used for releasing cratesSecurity Process
Project contains
SECURITY.md
https://github.com/wrpc/wrpc/blob/main/SECURITY.mdDependabot is used for both security patches and regular dependency updates, however Dependabot PRs require all the same CI checks as other PRs and are always manually verified before merge
Semantic Versioning
The project strictly follows semantic versioning as defined at https://semver.org/.
Secrets Management
The project utilizes repository-wide GitHub secrets for e.g. Nix cache token and Cargo publish token
Supply Chain Security
Project uses
cargo audit
to vet dependencies on each pull request TODO: argument that this requirement is fulfilled and supporting evidence (such as links to code, documentation, issues, and pull requests)Sustainable Contributor Base
Some examples:
Version Control
The project will be transferred once approved
Recommendations
Changelog
The project will follow keepachangelog.com once it's feature-complete and 1.0 version is released (tracked at https://github.com/orgs/wrpc/projects/1)
Continuous Fuzzing
no fuzzing is currently performed, but an issue is filed to do that https://github.com/wrpc/wrpc/issues/114
End-User Documentation
The project includes code examples for Go and Rust at https://github.com/wrpc/wrpc/tree/9de79f690b04ec30b3820449bbfe28261e36275e/examples
Most of the documentation from another Bytecode Alliance project -
wit-bindgen
is reused.Rust API is documented on e.g. https://docs.rs/wrpc-transport/latest/wrpc_transport/ Go API is documented at https://pkg.go.dev/github.com/wrpc/wrpc/go
Issue Triage Process
The project uses GitHub to track issues and manage pull requests. GitHub projects, labels and milestones are also utilized to categorize and prioritize work.
Leverage the Bytecode Alliance RFC Process
wRPC does not leverage RFC process yet, mostly due to being a new project, which is not feature-complete yet, but once it is - Bytecode Alliance RFC process will be adopted
Production Use
The project includes
ADOPTERS.md
file in the root of the repository based on the one used in Wasmtime https://github.com/wrpc/wrpc/blob/2a758470c4bd3472f58e8c5b769a04a9a30a40da/ADOPTERS.mdPublic Project Meetings and Notes
Currently, no public meetings are taking place for wRPC, but there is intention to setup such at regular cadence after approval as hosted project
Sanitizers and Code Analysis
The project does not use unsafe code and does not utilize such tools at this time, but an issue to run
miri
is CI is filed at https://github.com/wrpc/wrpc/issues/116