Feat/add x ename header to group and provisioner (#418)

* chore: add platform x-ename header

* chore: fix dreamsync build

* chore: fix native dep issues with CI

* chore: fix build config stuff

* chore: remove optinal dep

* chore: fix build step

* chore: fix eVault X-ENAME caching

* chore: fix blabsy build step for test

* chore: fix blabsy sample env

Author: coodos

.env.example

@@ -1,20 +1,73 @@
-# Pictique Configuration
-PUBLIC_PICTIQUE_BASE_URL=your_public_pictique_base_url_here
+# Neo4j Configuration
+NEO4J_URI=bolt://localhost:7687
+NEO4J_USER=neo4j
+NEO4J_PASSWORD=your-neo4j-password
 
-# Blabsy Configuration
-PUBLIC_BLABSY_BASE_URL=your_public_blabsy_base_url_here
+PUBLIC_EVAULT_SERVER_URI=http://localhost:4000
 
-# Eid Wallet & Pictique Configuration (Svelte)
-PUBLIC_REGISTRY_URL=your_public_registry_url_here
-PUBLIC_PROVISIONER_URL=your_public_provisioner_url_here
+REGISTRY_ENTROPY_KEY_JWK='{"kty":"EC","use":"sig","alg":"ES256","kid":"entropy-key-1","crv":"P-256","x":"your-x-value","y":"your-y-value","d":"your-d-value"}'
+ENCRYPTION_PASSWORD="your-encryption-password"
+W3ID="@your-w3id"
 
-# Next.js Applications Configuration (eVoting, Blabsy, Group Charter Manager)
-NEXT_PUBLIC_REGISTRY_URL=your_public_registry_url_here
+REGISTRY_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/registry
 
-# Neo4j Configuration
-NEO4J_URI=bolt://neo4j:7687
-NEO4J_USER=neo4j
-NEO4J_PASSWORD=your_secure_password_here
+REGISTRY_SHARED_SECRET="your-registry-shared-secret"
+PROVISIONER_DATABASE_URL="postgres://postgres:postgres@localhost:5432/provisioner"
+PUBLIC_VERIFF_KEY="your-veriff-key"
+VERIFF_HMAC_KEY="your-veriff-hmac-key"
+
+# set this to allow or deny
+DUPLICATES_POLICY="DENY"
+IP_ADDR="localhost"
+
+PICTIQUE_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/pictique
+
+PICTIQUE_MAPPING_DB_PATH=/path/to/pictique/mapping/db
+BLABSY_MAPPING_DB_PATH="/path/to/blabsy/mapping/db"
+DREAMSYNC_MAPPING_DB_PATH="/path/to/dreamsync/mapping/db"
+GROUP_CHARTER_MAPPING_DB_PATH=/path/to/charter/mapping/db
+CERBERUS_MAPPING_DB_PATH=/path/to/cerberus/mapping/db
+
+GOOGLE_APPLICATION_CREDENTIALS="/path/to/firebase-secrets.json"
+
+#PUBLIC_REGISTRY_URL="https://registry.w3ds.metastate.foundation"
+#PUBLIC_PROVISIONER_URL="https://provisioner.w3ds.metastate.foundation"
+
+#PUBLIC_REGISTRY_URL="https://registry.staging.metastate.foundation"
+#PUBLIC_PROVISIONER_URL="https://provisioner.staging.metastate.foundation"
+
+PUBLIC_REGISTRY_URL="http://localhost:4321"
+PUBLIC_PROVISIONER_URL="http://localhost:3001"
+
+PUBLIC_PICTIQUE_URL="http://localhost:5173"
+PUBLIC_PICTIQUE_BASE_URL="http://localhost:1111"
+PUBLIC_BLABSY_URL="http://localhost:8080"
+PUBLIC_BLABSY_BASE_URL="http://localhost:4444"
+
+PUBLIC_GROUP_CHARTER_BASE_URL="http://localhost:5555"
+GROUP_CHARTER_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/group_charter_manager
+
+CERBERUS_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/cerberus
+PUBLIC_CERBERUS_BASE_URL="http://localhost:6666"
+
+EVOTING_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/evoting
+
+EVOTING_MAPPING_DB_PATH="/path/to/evoting/mapping/db"
+
+OPENAI_API_KEY=sk-your-openai-api-key
+
+PUBLIC_EVOTING_BASE_URL="http://localhost:7777"
+PUBLIC_EVOTING_URL="http://localhost:3001"
+
+PUBLIC_APP_STORE_EID_WALLET=""
+PUBLIC_PLAY_STORE_EID_WALLET=""
+NOTIFICATION_SHARED_SECRET=your-notification-secret-key
+
+DREAMSYNC_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/dreamsync
+VITE_DREAMSYNC_BASE_URL="http://localhost:8888"
+
+EREPUTATION_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/ereputation
+EREPUTATION_MAPPING_DB_PATH="/path/to/erep/mapping/db"
+VITE_EREPUTATION_BASE_URL=http://localhost:8765
 
-# eVault Configuration
-PORT=4000
+LOAD_TEST_USER_COUNT=6

.github/workflows/build.yml

@@ -13,29 +13,56 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10.13.1
+          run_install: false
+
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: 22.x
+          cache: 'pnpm'
 
       - name: Install build dependencies
         run: |
           sudo apt-get update
           sudo apt-get install -y build-essential python3
 
-      - name: Install pnpm
-        run: npm install -g pnpm
+      - name: Setup environment variables
+        run: |
+          # Always copy .env.example to .env before builds to ensure env vars are available
+          # Root level .env
+          if [ -f .env.example ]; then
+            cp .env.example .env
+            echo "✅ Created root .env from .env.example"
+          else
+            echo "⚠️  Warning: root .env.example not found, creating minimal .env"
+            touch .env
+          fi
+          
+          # Package-level .env files (e.g., blabsy)
+          for dir in platforms/* infrastructure/*; do
+            if [ -d "$dir" ] && [ -f "$dir/.env.example" ]; then
+              cp "$dir/.env.example" "$dir/.env"
+              echo "✅ Created $dir/.env from $dir/.env.example"
+            fi
+          done
 
       - name: Install Dependencies
-        run: pnpm install
-
-      - name: Clean and rebuild native modules
         run: |
-          # Remove any pre-built binaries that might be incompatible
-          find node_modules -name "*.node" -delete 2>/dev/null || true
-          # Rebuild all native modules
-          pnpm rebuild
+          # Install all dependencies (optional dependencies are installed by default)
+          # Use --frozen-lockfile to ensure reproducible builds
+          pnpm install --frozen-lockfile
+          
+      - name: Rebuild native modules
+        run: |
+          # Rebuild native modules to ensure compatibility with CI environment
+          pnpm rebuild || echo "Rebuild completed with warnings (some packages may not need rebuilding)"
 
       - name: Build All Packages
-        run: pnpm build
+        run: |
+          # Build all packages using turbo
+          pnpm build
 

.npmrc

@@ -0,0 +1,3 @@
+optional=true
+strict-peer-dependencies=false
+

infrastructure/control-panel/package.json

@@ -54,4 +54,4 @@
 		"lucide-svelte": "^0.539.0",
 		"tailwind-merge": "^3.0.2"
 	}
-}
+}

infrastructure/web3-adapter/src/index.ts

@@ -180,7 +180,11 @@ async function createGroupManifestWithRetry(
 			const endpoint = new URL("/graphql", response.data.uri).toString();
 
 			const { GraphQLClient } = await import("graphql-request");
-			const client = new GraphQLClient(endpoint);
+			const client = new GraphQLClient(endpoint, {
+				headers: {
+					"X-ENAME": w3id,
+				},
+			});
 
 			const STORE_META_ENVELOPE = `
                 mutation StoreMetaEnvelope($input: MetaEnvelopeInput!) {

package.json

@@ -35,11 +35,13 @@
         "onlyBuiltDependencies": [
             "@biomejs/biome",
             "@parcel/watcher",
+            "@rollup/rollup-linux-x64-gnu",
             "cpu-features",
             "es5-ext",
             "esbuild",
             "msw",
             "protobufjs",
+            "rollup",
             "sqlite3",
             "ssh2",
             "svelte-preprocess"

platforms/blabsy/.env.example

@@ -1,4 +1,16 @@
-# Registry URL for fetching motd and other registry services
-# Note: In Next.js, environment variables exposed to the browser must be prefixed with NEXT_PUBLIC_
-NEXT_PUBLIC_REGISTRY_URL=http://localhost:4321
+PUBLIC_REGISTRY_URL="PUBLIC_REGISTRY_URL"
+# Dev URL
+NEXT_PUBLIC_URL=NEXT_PUBLIC_URL
+NEXT_PUBLIC_BASE_URL=NEXT_PUBLIC_BASE_URL
 
+# Emulator
+NEXT_PUBLIC_USE_EMULATOR=false
+
+# Firebase
+NEXT_PUBLIC_API_KEY="API-KEY"
+NEXT_PUBLIC_AUTH_DOMAIN="auth-domain"
+NEXT_PUBLIC_PROJECT_ID="project-id"
+NEXT_PUBLIC_STORAGE_BUCKET="bucket-id"
+NEXT_PUBLIC_MESSAGING_SENDER_ID="sender-id"
+NEXT_PUBLIC_APP_ID="app-id"
+NEXT_PUBLIC_MEASUREMENT_ID="measurement-id"

platforms/cerberus/src/services/PlatformEVaultService.ts

@@ -42,6 +42,7 @@ export class PlatformEVaultService {
     private static instance: PlatformEVaultService;
     private client: GraphQLClient | null = null;
     private endpoint: string | null = null;
+    private w3id: string | null = null;
 
     private constructor() {}
 
@@ -169,9 +170,15 @@ export class PlatformEVaultService {
      * Ensure we have a valid GraphQL client
      */
     private async ensureClient(w3id: string): Promise<GraphQLClient> {
-        if (!this.endpoint || !this.client) {
+        // Recreate client if w3id changed or client/endpoint is missing
+        if (!this.endpoint || !this.client || this.w3id !== w3id) {
             this.endpoint = await this.resolveEndpoint(w3id);
-            this.client = new GraphQLClient(this.endpoint);
+            this.client = new GraphQLClient(this.endpoint, {
+                headers: {
+                    "X-ENAME": w3id,
+                },
+            });
+            this.w3id = w3id;
         }
         return this.client;
     }

platforms/dreamSync/vite.config.ts

@@ -6,36 +6,37 @@ import runtimeErrorOverlay from "@replit/vite-plugin-runtime-error-modal";
 const envDir = path.resolve(import.meta.dirname, "../../");
 console.log("🔍 Vite envDir:", envDir);
 
-export default defineConfig({
-  plugins: [
+export default defineConfig(async () => {
+  const plugins = [
     react(),
     runtimeErrorOverlay(),
-    ...(process.env.NODE_ENV !== "production" &&
-    process.env.REPL_ID !== undefined
-      ? [
-          await import("@replit/vite-plugin-cartographer").then((m) =>
-            m.cartographer(),
-          ),
-        ]
-      : []),
-  ],
-  resolve: {
-    alias: {
-      "@": path.resolve(import.meta.dirname, "client", "src"),
-      "@shared": path.resolve(import.meta.dirname, "shared"),
-      "@assets": path.resolve(import.meta.dirname, "attached_assets"),
+  ];
+
+  if (process.env.NODE_ENV !== "production" && process.env.REPL_ID !== undefined) {
+    const { cartographer } = await import("@replit/vite-plugin-cartographer");
+    plugins.push(cartographer());
+  }
+
+  return {
+    plugins,
+    resolve: {
+      alias: {
+        "@": path.resolve(import.meta.dirname, "client", "src"),
+        "@shared": path.resolve(import.meta.dirname, "shared"),
+        "@assets": path.resolve(import.meta.dirname, "attached_assets"),
+      },
+    },
+    root: path.resolve(import.meta.dirname, "client"),
+    build: {
+      outDir: path.resolve(import.meta.dirname, "dist/public"),
+      emptyOutDir: true,
     },
-  },
-  root: path.resolve(import.meta.dirname, "client"),
-  build: {
-    outDir: path.resolve(import.meta.dirname, "dist/public"),
-    emptyOutDir: true,
-  },
-  server: {
-    fs: {
-      strict: true,
-      deny: ["**/.*"],
+    server: {
+      fs: {
+        strict: true,
+        deny: ["**/.*"],
+      },
     },
-  },
-  envDir: envDir,
+    envDir: envDir,
+  };
 });

platforms/dreamsync-api/src/services/PlatformEVaultService.ts

@@ -42,6 +42,7 @@ export class PlatformEVaultService {
     private static instance: PlatformEVaultService;
     private client: GraphQLClient | null = null;
     private endpoint: string | null = null;
+    private w3id: string | null = null;
 
     private constructor() {}
 
@@ -169,9 +170,15 @@ export class PlatformEVaultService {
      * Ensure we have a valid GraphQL client
      */
     private async ensureClient(w3id: string): Promise<GraphQLClient> {
-        if (!this.endpoint || !this.client) {
+        // Recreate client if w3id changed or client/endpoint is missing
+        if (!this.endpoint || !this.client || this.w3id !== w3id) {
             this.endpoint = await this.resolveEndpoint(w3id);
-            this.client = new GraphQLClient(this.endpoint);
+            this.client = new GraphQLClient(this.endpoint, {
+                headers: {
+                    "X-ENAME": w3id,
+                },
+            });
+            this.w3id = w3id;
         }
         return this.client;
     }