Summary
When a user's main.py imports a pip-installed package (e.g. ic-python-db, ic-python-logging, or any pure Python package from PyPI), basilisk build should automatically detect and bundle those packages into the Wasm.
Motivation
Currently, Basilisk bundles only the user's source code into the canister Wasm. Any additional packages (ORM, logging, etc.) must be manually included. This friction prevents the natural Python workflow:
pip install ic-python-db
pip install ic-python-logging
from ic_python_db import Entity, String
from ic_python_logging import get_logger
class User(Entity):
name = String()Developers expect pip install + import to just work.
Package architecture
Basilisk ships as a minimal CDK. Application framework features are optional pip packages:
| Package |
What it provides |
Depends on |
ic-basilisk |
CDK core: @query, @update, ic.*, Candid types, memfs |
— |
ic-python-db |
Entity ORM, StableBTreeMap |
— |
ic-python-logging |
Structured logging |
— |
ic-basilisk-os |
Tasks, Wallet, Crypto (Codex, TaskSchedule, KeyEnvelope, ICRC-1, etc.) |
ic-python-db |
Usage:
# Minimal canister
pip install ic-basilisk
# With ORM
pip install ic-python-db
# Full application framework (tasks, wallet, encryption)
pip install ic-basilisk-os
Proposed behavior
basilisk build scans the user's Python source for import statements- Resolves imports against the local venv (standard pip-installed packages)
- Rejects packages with C extensions:
ERROR: numpy contains native code, not supported on IC
- Bundles pure Python
.py files into the Wasm data segment alongside user code
- At canister init, extracted into memfs under
/lib/site-packages/ and added to sys.path
Design decisions
- Use pip + PyPI — no custom package manager or registry
- Build-time bundling only — no runtime
pip install inside the canister (that's a separate feature)
- Pure Python filter — any package with native extensions is rejected with a clear error message
- Transitive deps — follow the dependency chain (pip already resolved this in the venv)
Scope
- ~100-200 lines of build logic
- No changes to the Wasm template
- No changes to the canister runtime (memfs + sys.path already exist)
Related
- Future: runtime
%pip install in the shell (separate issue)
- Future: on-chain package hash verification for governance (Realms)
Summary
When a user's
main.pyimports a pip-installed package (e.g.ic-python-db,ic-python-logging, or any pure Python package from PyPI),basilisk buildshould automatically detect and bundle those packages into the Wasm.Motivation
Currently, Basilisk bundles only the user's source code into the canister Wasm. Any additional packages (ORM, logging, etc.) must be manually included. This friction prevents the natural Python workflow:
Developers expect
pip install+importto just work.Package architecture
Basilisk ships as a minimal CDK. Application framework features are optional pip packages:
ic-basilisk@query,@update,ic.*, Candid types, memfsic-python-dbic-python-loggingic-basilisk-osic-python-dbUsage:
Proposed behavior
basilisk buildscans the user's Python source for import statementsERROR: numpy contains native code, not supported on IC.pyfiles into the Wasm data segment alongside user code/lib/site-packages/and added tosys.pathDesign decisions
pip installinside the canister (that's a separate feature)Scope
Related
%pip installin the shell (separate issue)