build: Bundle vats with vite #742
Description
Task
- Switch vat code bundling from
@endo/bundle-sourceto vite+rollup
Background
Bundling Entrypoints with Endoify
It is mission critical that the ocap-kernel code runs in a locked down environment. We rely upon the endoify shim to perform lockdown, which reduces the requirement to one simple constraint: Every ocap kernel production entrypoint MUST begin by importing the endoify shim.
We use @endo/bundle-source in @metamask/kernel-shims to bundle ses and other @endo dependencies coherently. We don't need to endoify vat bundles because they aren't entry points. Vat bundles are loaded by the vat supervisor inside an endoified environment. In the browser runtime, entrypoints are endoified using our vite plugins jsTrustedPrelude and htmlTrustedPrelude. In the nodejs runtime, the vat-worker entrypoint is endoified via a first line import of the endoify shim.
Liveslots
The ocap kernel relies upon @agoric/swingset-liveslots to implement the machinery in the vats innards that makes it go. The makeLiveSlots function requires buildVatNamespace returns a promise for an object with a buildRootObject method. We currently transform a vat bundle into such an object using @endo/import-bundle. The unbundling strategy here must be compatible with the bundling strategy.
Requirements
- The shims in
@metamask/kernel-shimsare still bundled with@endo/bundle-source - Bundling with
yarn ocap bundleuses vite - The vats in
@ocap/kernel-testare bundled with vite -
@endo/bundle-sourceappears as a dev dependency of@metamask/kernel-shims -
@endo/bundle-sourceis not a dependency of any other package in the monorepo