Private Credentials - Presentation Request

[martonmoro]

Describe changes

Ticket or discussion link

Review checklist

• Proper documentation added
• Proper tests added

Screenshots

[deepsource-io]

Here's the code health analysis summary for commits 4658892..067f688. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success	❗ 70 occurences introduced 🎯 22 occurences resolved	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[mitschabaude]

Great work!

What worries me a bit is how complex this integration with Pallad is. The only thing I can think of to reduce that complexity for other wallets is moving reusable logic into mina-credentials. I guess that mainly includes the logic for pretty-printing credentials and presentations.
We should move those parts to mina-credentials in a follow-up PR!

[mitschabaude]

note for the future: in an ideal world, we could cache compiled presentation requests so if the same one is used several times we don't have to compile it every time

is the sandbox JS process long-lived? or is a new one spun up every time? at least caching within one browser session seems easy to do if it's long-lived

[mrcnk]

Each Web Connector's prompt is a single sandbox instance, we can definitely use chrome.storage.local to persist vk objects.

[mitschabaude]

who can send messages to this listener? is this isolated from the web page? I'm just worried the web page could trick the wallet into signing something

maybe that's a question for @mrcnk

[mrcnk]

Yeah, especially that we have signFieldsWithPassphrase, I would check if we can change window message handler. If it's to communicate with iframe, we can check iframe.contentWindow.body.addEventListener. If we need to rely on window, we should check if there are suitable methods in webext-bridge that we use for messaging in Pallad.

[mitschabaude]

@martonmoro can you switch everything to o1js v2.2.0 before merging this? nicer to be on an official version

[mitschabaude]

Thanks for the updates @martonmoro! As for me, this PR works well and is good to go.

We should keep in mind the window messaging question though, but could possibly address that in a separate PR.

We also still need proper e2e testing of the zkApp verifier case, but again I would address any modifications needed for that in future PRs, because this PR already delivers a significant amount of features that are well-tested.