Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds lower-level utilities and constructors in ic-http-certification to let the asset canister build/serialize certification artifacts (header values, full trees, and certifications) without duplicating hashing and header-building logic.
Changes:
- Add utilities to CBOR-encode + base64-encode values and to build the v2
IC-Certificateheader value as aString. - Add
HttpCertificationTree::as_hash_treeandHttpCertification::response_only_prehashedfor serialization and prehashed construction. - Add
response_hash_from_headersplus exposeRESPONSE_STATUS_PSEUDO_HEADER_NAME; minor cleanups and example updates; update changelog.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/ic-http-certification/src/utils/response_header.rs | Adds base64(CBOR) helper and a function to build the v2 certificate header value string. |
| packages/ic-http-certification/src/tree/certification_tree.rs | Adds as_hash_tree() to expose the full labeled HashTree. |
| packages/ic-http-certification/src/tree/certification.rs | Adds response_only_prehashed() constructor for precomputed hashes. |
| packages/ic-http-certification/src/lib.rs | Tweaks lint allow attributes for test-only rstest_reuse import. |
| packages/ic-http-certification/src/hash/response_hash.rs | Makes status pseudo-header constant public and adds response_hash_from_headers(). |
| packages/ic-certification-testing-wasm/src/certificate_builder.rs | Small iterator cleanup using a function pointer in map. |
| examples/certification/certified-counter/src/backend/src/lib.rs | Updates thread-local initialization; changes certified data setter call; improves error formatting. |
| CHANGELOG.md | Adds Unreleased entries for the new ic-http-certification APIs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
viviveevee
force-pushed
the
vivee/add-utility
branch
from
94e92ab to
6103fc2
Compare
- Add `HttpCertification::response_only_prehashed` for creating certifications from pre-computed hashes - Add `HttpCertificationTree::as_hash_tree` for serializing the full certification tree - Add `response_hash_from_headers` for computing response hashes from pre-built header pairs - Add `build_v2_certificate_header_value` and `cbor_encode_to_base64` utilities for building the IC-Certificate header - Make `RESPONSE_STATUS_PSEUDO_HEADER_NAME` public - Add tests for all new APIs - Fix clippy warnings and replace deprecated ic-cdk functions - Update CHANGELOG Made-with: Cursor
viviveevee
force-pushed
the
vivee/add-utility
branch
from
6103fc2 to
43934ca
Compare
There was a problem hiding this comment.
Pull request overview
Adds new ic-http-certification utilities intended to simplify asset-canister integration by allowing pre-hashed certification construction and easier serialization of certification structures.
Changes:
- Add
HttpCertification::response_only_prehashedto build response-only certifications from precomputed hashes. - Add
HttpCertificationTree::as_hash_treeto expose the full labeled tree for serialization (e.g., CBOR). - Add helper utilities for building/encoding the v2
IC-Certificateheader value and computing response hashes from pre-built header pairs; update examples to neweric-cdkAPIs.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/ic-http-certification/src/utils/response_header.rs | Adds base64(CBOR) helper and a function to build the v2 IC-Certificate header value string. |
| packages/ic-http-certification/src/tree/certification_tree.rs | Adds as_hash_tree() returning the full labeled HashTree + test coverage. |
| packages/ic-http-certification/src/tree/certification.rs | Adds response_only_prehashed() + test ensuring it matches response_only(). |
| packages/ic-http-certification/src/lib.rs | Relaxes test-only linting to avoid unused import warnings for rstest_reuse. |
| packages/ic-http-certification/src/hash/response_hash.rs | Exposes the status pseudo-header constant and adds response_hash_from_headers() + test. |
| packages/ic-certification-testing-wasm/src/certificate_builder.rs | Minor iterator simplification for wasm-bindgen deserialization mapping. |
| examples/http-certification/skip-certification/src/backend/src/lib.rs | Updates to certified_data_set and canister_cycle_balance usage. |
| examples/http-certification/json-api/src/backend/src/lib.rs | Updates to certified_data_set. |
| examples/http-certification/custom-assets/src/backend/src/lib.rs | Updates to certified_data_set and canister_cycle_balance usage. |
| examples/http-certification/assets/src/backend/src/lib.rs | Updates to certified_data_set, canister_cycle_balance, and formatting style. |
| examples/certification/certified-counter/src/backend/src/lib.rs | Updates to certified_data_set and formatting style. |
| CHANGELOG.md | Adds Unreleased entries for selected new APIs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Adds lower-level utilities in ic-http-certification to help asset-canister-style consumers reuse precomputed hashes and serialize full certification trees, reducing duplicated logic in downstream canisters.
Changes:
- Added new public helpers for building
IC-Certificateheader values and encoding CBOR-to-base64. - Added APIs to (a) construct response-only certifications from precomputed hashes and (b) serialize the full certification tree as a
HashTree. - Added a lower-level response-hash function operating on pre-built
(String, Value)header pairs; updated examples and changelog accordingly.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/ic-http-certification/src/utils/response_header.rs | Adds cbor_encode_to_base64 and build_v2_certificate_header_value utilities. |
| packages/ic-http-certification/src/tree/certification_tree.rs | Adds HttpCertificationTree::as_hash_tree + test ensuring http_expr label wrapping. |
| packages/ic-http-certification/src/tree/certification.rs | Adds HttpCertification::response_only_prehashed + test equating it to response_only. |
| packages/ic-http-certification/src/hash/response_hash.rs | Makes status pseudo-header constant public; adds response_hash_from_headers + test. |
| packages/ic-http-certification/src/lib.rs | Adjusts clippy allow list for test-only rstest_reuse import. |
| packages/ic-certification-testing-wasm/src/certificate_builder.rs | Minor iterator/map simplification for wasm bindgen decoding. |
| examples/http-certification/skip-certification/src/backend/src/lib.rs | Updates to newer ic_cdk::api names and cycle balance function. |
| examples/http-certification/json-api/src/backend/src/lib.rs | Updates to certified_data_set API name. |
| examples/http-certification/custom-assets/src/backend/src/lib.rs | Updates to newer ic_cdk::api names and cycle balance function. |
| examples/http-certification/assets/src/backend/src/lib.rs | Updates to newer ic_cdk::api names, cycle balance function, and formatting. |
| examples/certification/certified-counter/src/backend/src/lib.rs | Updates to certified_data_set and minor formatting improvements. |
| CHANGELOG.md | Adds “Unreleased” entries documenting the new APIs/utilities. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Document input-shape requirements for response_hash_from_headers (lowercased names, filtered headers, applied CEL filter, Value::String). - Note the debug-only precondition check so release-build callers know they must uphold it themselves. - Avoid the extra reallocation when appending the status pseudo-header by using Vec::with_capacity + extend_from_slice. - Bump example Metrics.cycle_balance to u128 so canister_cycle_balance() is not silently truncated past u64::MAX. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
lwshang
approved these changes
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Feat
HttpCertification::response_only_prehashedfor creating certifications from pre-computed hashesHttpCertificationTree::as_hash_treefor serializing the full certification treeresponse_hash_from_headersfor computing response hashes from pre-built header pairsbuild_v2_certificate_header_valuefor building theIC-Certificateheader value as aStringcbor_encode_to_base64utility for encoding values as base64(CBOR)RESPONSE_STATUS_PSEUDO_HEADER_NAMEpublicAdds small utility functions that the asset canister needs to get rid of a bunch of code