[BEEEP] Add ThreadBoundRunner (#258)

## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

## 📔 Objective

Introduce ThreadBoundRunner, a utility that owns a non-Send state pinned
to a single thread. It exposes a Send API (`run_in_thread`) for
submitting async tasks that operate on this state. Tasks are dispatched
in order and run on the owning thread, enabling safe cross-thread
interaction with thread-bound resources.

Or in other words, it's a utility that allows us to easily depend on
JavaScript objects across the WASM divide in the rest of our core
infrastructure without having to worry about the single-threaded nature
of WASM/JavaScript.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

Author: coroiu

.cargo/config.toml

@@ -6,6 +6,7 @@ rustflags = ["--cfg", "aes_armv8"]
 
 [target.wasm32-unknown-unknown]
 rustflags = ['--cfg', 'getrandom_backend="wasm_js"']
+runner = 'wasm-bindgen-test-runner'
 
 # Enable support for 16k pages on Android, JNA is using these same flags
 # https://android-developers.googleblog.com/2024/08/adding-16-kb-page-size-to-android.html

.github/workflows/rust-test.yml

@@ -45,6 +45,37 @@ jobs:
       - name: Test
         run: cargo test --workspace --all-features
 
+  test-wasm:
+    name: WASM
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set Rust Toolchain
+        id: toolchain
+        shell: bash
+        run: |
+          RUST_TOOLCHAIN="$(grep -oP '^channel.*"(\K.*?)(?=")' rust-toolchain.toml)"
+          echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
+
+      - name: Install rust
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # stable
+        with:
+          toolchain: "${{ steps.toolchain.outputs.RUST_TOOLCHAIN }}"
+          targets: wasm32-unknown-unknown
+          components: rust-src
+
+      - name: Cache cargo registry
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
+
+      - name: Install wasm-bindgen-cli
+        run: cargo install wasm-bindgen-cli --version 0.2.100
+
+      - name: Test WASM
+        run: cargo test --target wasm32-unknown-unknown -p bitwarden-wasm-internal -p bitwarden-threading -p bitwarden-error --all-features
+
   coverage:
     name: Coverage
     runs-on: ubuntu-24.04

Cargo.lock

@@ -29,6 +29,7 @@ bitwarden-fido = { path = "crates/bitwarden-fido", version = "=1.0.0" }
 bitwarden-generators = { path = "crates/bitwarden-generators", version = "=1.0.0" }
 bitwarden-ipc = { path = "crates/bitwarden-ipc", version = "=1.0.0" }
 bitwarden-send = { path = "crates/bitwarden-send", version = "=1.0.0" }
+bitwarden-threading = { path = "crates/bitwarden-threading", version = "=1.0.0" }
 bitwarden-sm = { path = "bitwarden_license/bitwarden-sm", version = "=1.0.0" }
 bitwarden-ssh = { path = "crates/bitwarden-ssh", version = "=1.0.0" }
 bitwarden-vault = { path = "crates/bitwarden-vault", version = "=1.0.0" }
@@ -63,6 +64,7 @@ validator = { version = ">=0.18.1, <0.20", features = ["derive"] }
 wasm-bindgen = { version = ">=0.2.91, <0.3", features = ["serde-serialize"] }
 js-sys = { version = ">=0.3.72, <0.4" }
 wasm-bindgen-futures = "0.4.41"
+wasm-bindgen-test = "0.3.45"
 
 # There is an incompatibility when using pkcs5 and chacha20 on wasm builds. This can be removed once a new
 # rustcrypto-formats crate version is released since the fix has been upstreamed.

Cargo.toml

@@ -34,4 +34,4 @@ workspace = true
 [dev-dependencies]
 serde.workspace = true
 trybuild = "1.0.101"
-wasm-bindgen-test = "0.3.45"
+wasm-bindgen-test = { workspace = true }

crates/bitwarden-error/Cargo.toml

@@ -0,0 +1,2 @@
+[target.wasm32-unknown-unknown]
+runner = 'wasm-bindgen-test-runner'

crates/bitwarden-threading/.cargo/config

@@ -0,0 +1,36 @@
+[package]
+name = "bitwarden-threading"
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+homepage.workspace = true
+repository.workspace = true
+license-file.workspace = true
+keywords.workspace = true
+
+[dependencies]
+bitwarden-error = { workspace = true }
+log = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+thiserror = { workspace = true }
+tokio = { features = ["sync", "time", "rt"], workspace = true }
+
+[target.'cfg(target_arch="wasm32")'.dependencies]
+js-sys = { workspace = true }
+tsify-next = { workspace = true }
+wasm-bindgen = { workspace = true }
+wasm-bindgen-futures = { workspace = true }
+
+[dev-dependencies]
+async-trait = "0.1.88"
+console_error_panic_hook = "0.1.7"
+js-sys = { workspace = true }
+tsify-next = { workspace = true }
+wasm-bindgen = { workspace = true }
+wasm-bindgen-futures = { workspace = true }
+wasm-bindgen-test = { workspace = true }
+
+[lints]
+workspace = true

crates/bitwarden-threading/Cargo.toml

@@ -0,0 +1,11 @@
+# bitwarden-threading
+
+Utility crate for Bitwarden SDK to handle threading and async quirks in FFI contexts.
+
+## WASM Testing
+
+To run the WASM tests, you can use the following command:
+
+```bash
+cargo test --target wasm32-unknown-unknown --all-features -- --nocapture
+```

crates/bitwarden-threading/README.md

@@ -0,0 +1,3 @@
+mod thread_bound_runner;
+
+pub use thread_bound_runner::ThreadBoundRunner;

crates/bitwarden-threading/src/lib.rs

@@ -0,0 +1,225 @@
+#![allow(dead_code)]
+#![allow(unused_variables)]
+
+use std::{future::Future, pin::Pin, rc::Rc};
+
+use bitwarden_error::bitwarden_error;
+use thiserror::Error;
+#[cfg(not(target_arch = "wasm32"))]
+use tokio::task::spawn_local;
+#[cfg(target_arch = "wasm32")]
+use wasm_bindgen_futures::spawn_local;
+
+type CallFunction<ThreadState> =
+    Box<dyn FnOnce(Rc<ThreadState>) -> Pin<Box<dyn Future<Output = ()>>> + Send>;
+
+struct CallRequest<ThreadState> {
+    function: CallFunction<ThreadState>,
+}
+
+/// The call failed before it could return a value. This should not happen unless
+/// the thread panics, which can only happen if the function passed to `run_in_thread`
+/// panics.
+#[derive(Debug, Error)]
+#[error("The call failed before it could return a value: {0}")]
+#[bitwarden_error(basic)]
+pub struct CallError(String);
+
+/// A runner that takes a non-`Send`, non-`Sync` state and makes it `Send + Sync` compatible.
+///
+/// `ThreadBoundRunner` is designed to safely encapsulate a `!Send + !Sync` state object by
+/// pinning it to a single thread using `spawn_local`. It provides a `Send + Sync` API that
+/// allows other threads to submit tasks (function pointers or closures) that operate on the
+/// thread-bound state.
+///
+/// Tasks are queued via an internal channel and are executed sequentially on the owning thread.
+///
+/// # Example
+/// ```ignore
+/// let runner = ThreadBoundRunner::new(my_state);
+///
+/// runner.run_in_thread(|state| async move {
+///     // do something with `state`
+/// });
+/// ```
+///
+/// This pattern is useful for interacting with APIs or data structures that must remain
+/// on the same thread, such as GUI toolkits, WebAssembly contexts, or other thread-bound
+/// environments.
+#[derive(Clone)]
+pub struct ThreadBoundRunner<ThreadState> {
+    call_channel_tx: tokio::sync::mpsc::Sender<CallRequest<ThreadState>>,
+}
+
+impl<ThreadState> ThreadBoundRunner<ThreadState>
+where
+    ThreadState: 'static,
+{
+    pub fn new(state: ThreadState) -> Self {
+        let (call_channel_tx, mut call_channel_rx) =
+            tokio::sync::mpsc::channel::<CallRequest<ThreadState>>(1);
+
+        spawn_local(async move {
+            let state = Rc::new(state);
+            while let Some(request) = call_channel_rx.recv().await {
+                spawn_local((request.function)(state.clone()));
+            }
+        });
+
+        ThreadBoundRunner { call_channel_tx }
+    }
+
+    /// Submit a task to be executed on the thread-bound state.
+    ///
+    /// The provided function is executed on the thread that owns the internal `ThreadState`,
+    /// ensuring safe access to `!Send + !Sync` data. Tasks are dispatched in the order they are
+    /// received, but because they are asynchronous, multiple tasks may be in-flight and running
+    /// concurrently if their futures yield.
+    ///
+    /// # Returns
+    /// A future that resolves to the result of the function once it has been executed.
+    pub async fn run_in_thread<F, Fut, Output>(&self, function: F) -> Result<Output, CallError>
+    where
+        F: FnOnce(Rc<ThreadState>) -> Fut + Send + 'static,
+        Fut: Future<Output = Output>,
+        Output: Send + Sync + 'static,
+    {
+        let (return_channel_tx, return_channel_rx) = tokio::sync::oneshot::channel();
+        let request = CallRequest {
+            function: Box::new(|state| {
+                Box::pin(async move {
+                    let result = function(state);
+                    return_channel_tx.send(result.await).unwrap_or_else(|_| {
+                        log::warn!(
+                            "ThreadBoundDispatcher failed to send result back to the caller"
+                        );
+                    });
+                })
+            }),
+        };
+
+        self.call_channel_tx
+            .send(request)
+            .await
+            .expect("Call channel should not be able to close while anything still still has a reference to this object");
+        return_channel_rx
+            .await
+            .map_err(|e| CallError(e.to_string()))
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    /// Utility function to run a test in a local context (allows using tokio::..::spawn_local)
+    async fn run_test<F>(test: F) -> F::Output
+    where
+        F: std::future::Future,
+    {
+        #[cfg(not(target_arch = "wasm32"))]
+        {
+            let local_set = tokio::task::LocalSet::new();
+            local_set.run_until(test).await
+        }
+
+        #[cfg(target_arch = "wasm32")]
+        {
+            test.await
+        }
+    }
+
+    async fn run_in_another_thread<F>(test: F)
+    where
+        F: std::future::Future + Send + 'static,
+        F::Output: Send,
+    {
+        #[cfg(not(target_arch = "wasm32"))]
+        {
+            tokio::spawn(test).await.expect("Thread panicked");
+        }
+
+        #[cfg(target_arch = "wasm32")]
+        {
+            test.await;
+        }
+    }
+
+    #[derive(Default)]
+    struct State {
+        /// This is a marker to ensure that the struct is not Send
+        _un_send_marker: std::marker::PhantomData<*const ()>,
+    }
+
+    impl State {
+        pub fn add(&self, input: (i32, i32)) -> i32 {
+            input.0 + input.1
+        }
+
+        #[allow(clippy::unused_async)]
+        pub async fn async_add(&self, input: (i32, i32)) -> i32 {
+            input.0 + input.1
+        }
+    }
+
+    #[tokio::test]
+    async fn calls_function_and_returns_value() {
+        run_test(async {
+            let runner = ThreadBoundRunner::new(State::default());
+
+            let result = runner
+                .run_in_thread(|state| async move {
+                    let input = (1, 2);
+                    state.add(input)
+                })
+                .await
+                .expect("Calling function failed");
+
+            assert_eq!(result, 3);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn calls_async_function_and_returns_value() {
+        run_test(async {
+            let runner = ThreadBoundRunner::new(State::default());
+
+            let result = runner
+                .run_in_thread(|state| async move {
+                    let input = (1, 2);
+                    state.async_add(input).await
+                })
+                .await
+                .expect("Calling function failed");
+
+            assert_eq!(result, 3);
+        })
+        .await;
+    }
+
+    #[tokio::test]
+    async fn can_continue_running_if_a_call_panics() {
+        run_test(async {
+            let runner = ThreadBoundRunner::new(State::default());
+
+            runner
+                .run_in_thread::<_, _, ()>(|state| async move {
+                    panic!("This is a test panic");
+                })
+                .await
+                .expect_err("Calling function should have panicked");
+
+            let result = runner
+                .run_in_thread(|state| async move {
+                    let input = (1, 2);
+                    state.async_add(input).await
+                })
+                .await
+                .expect("Calling function failed");
+
+            assert_eq!(result, 3);
+        })
+        .await;
+    }
+}