docs: add Canton chain support specification#139
Conversation
Add per-chain specification for Canton Network covering WalletConnect integration with operator-defined networks, Ed25519 signing, and the full RPC method surface (prepareSignExecute, listAccounts, getPrimaryAccount, getActiveNetwork, status, ledgerApi, signMessage). Made-with: Cursor
|
Preview deployment for your docs. Learn more about Mintlify Previews.
|
There was a problem hiding this comment.
Pull request overview
Adds documentation for Canton chain support in the Wallet SDK docs, and wires the new page into the Chain Support navigation so integrators can find and follow the WalletConnect JSON-RPC/event surface for Canton.
Changes:
- Add a new
wallet-sdk/chain-support/canton.mdxspecification covering methods, events, session lifecycle, and error codes. - Add Canton to the Chain Support overview page.
- Register the Canton page in the docs sidebar (
docs.json).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| wallet-sdk/chain-support/overview.mdx | Adds Canton to the ecosystem reference list. |
| wallet-sdk/chain-support/canton.mdx | Introduces the Canton WalletConnect integration spec (methods/events/session/error codes). |
| docs.json | Adds Canton to the “Chain Support” navigation group. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wallet-sdk/chain-support/canton.mdx
Outdated
| Read-only methods are auto-approved by the wallet. Methods that mutate the ledger or perform sensitive operations require explicit user approval. | ||
|
|
||
| | Method | Approval | | ||
| | -------------------- | ------------ | | ||
| | `listAccounts` | Auto-approve | | ||
| | `getPrimaryAccount` | Auto-approve | | ||
| | `getActiveNetwork` | Auto-approve | | ||
| | `status` | Auto-approve | | ||
| | `ledgerApi` | Auto-approve | | ||
| | `prepareSignExecute` | Manual | | ||
| | `signMessage` | Manual | |
There was a problem hiding this comment.
ledgerApi is marked as auto-approve, but the method is described as proxying raw Ledger API requests (including POST). Unless the wallet strictly enforces a read-only allowlist (e.g. only /v2/state/*) this can be used to perform ledger-mutating actions without user approval. Either (a) change ledgerApi to require manual approval, or (b) explicitly document and enforce a read-only/resource allowlist and reject any mutating endpoints.
| Read-only methods are auto-approved by the wallet. Methods that mutate the ledger or perform sensitive operations require explicit user approval. | |
| | Method | Approval | | |
| | -------------------- | ------------ | | |
| | `listAccounts` | Auto-approve | | |
| | `getPrimaryAccount` | Auto-approve | | |
| | `getActiveNetwork` | Auto-approve | | |
| | `status` | Auto-approve | | |
| | `ledgerApi` | Auto-approve | | |
| | `prepareSignExecute` | Manual | | |
| | `signMessage` | Manual | | |
| Read-only methods are auto-approved by the wallet. Methods that mutate the ledger or perform sensitive operations require explicit user approval. In particular, `ledgerApi` MUST either (a) require manual user approval for all requests, or (b) be restricted by the wallet to a strictly read-only allowlist of Ledger API resources (for example, `/v2/state/*` and other GET-only endpoints), rejecting any mutating calls. | |
| | Method | Approval | | |
| | -------------------- | ------------------------------------------------ | | |
| | `listAccounts` | Auto-approve | | |
| | `getPrimaryAccount` | Auto-approve | | |
| | `getActiveNetwork` | Auto-approve | | |
| | `status` | Auto-approve | | |
| | `ledgerApi` | Manual **(or auto-approve only for read-only)** | | |
| | `prepareSignExecute` | Manual | | |
| | `signMessage` | Manual | |
|
|
||
| ## Notes & Considerations | ||
|
|
||
| - All requests and responses comply with JSON-RPC structure (`id`, `jsonrpc`, etc.). |
There was a problem hiding this comment.
The request examples use the WalletConnect topic/chainId/request envelope, but the note says “All requests and responses comply with JSON-RPC structure (id, jsonrpc, etc.)”. As written, that’s inaccurate/misleading because the example requests omit id/jsonrpc and the JSON-RPC fields are handled by the client layer. Please clarify whether you’re documenting the WC session request envelope vs the underlying JSON-RPC payload, or update the examples to include id/jsonrpc consistently.
| - All requests and responses comply with JSON-RPC structure (`id`, `jsonrpc`, etc.). | |
| - WalletConnect requests/responses use the standard `topic/chainId/request` envelope. The `request` field inside that envelope is a JSON-RPC 2.0 payload (`jsonrpc`, `id`, `method`, `params`). For brevity, examples on this page may omit the `jsonrpc` and `id` fields, which are typically managed by the WalletConnect client. |
| - The `ledgerApi` method acts as a transparent proxy — the wallet handles authentication with the Canton Ledger API. Only `GET` and `POST` are supported; other HTTP methods will return a `5001` error. | ||
| - Party IDs in CAIP-10 accounts are URL-encoded (e.g. `operator::1220abc...` becomes `operator%3A%3A1220abc...`). | ||
| - The `prepareSignExecute` method always performs the full prepare → sign → execute cycle synchronously, responding only when the transaction is complete. | ||
| - The WC session `chainId` (e.g. `canton:devnet`) may differ from the `networkId` in wallet/network records (e.g. `canton:production`). The `chainId` identifies the chain at pairing time, while `networkId` reflects the wallet's internal network configuration. |
There was a problem hiding this comment.
This page repeatedly shows chainId: canton:devnet in requests while responses report networkId: canton:production, and the note claims chainId may differ from networkId. For CAIP-2/CAIP-10, the network identifier should be consistent across session chainId and returned account/network metadata; otherwise dApps can’t reliably interpret which network they’re on. Please align examples so chainId/networkId match, and/or rename/clarify networkId if it’s an internal label rather than the CAIP-2 identifier.
| - The WC session `chainId` (e.g. `canton:devnet`) may differ from the `networkId` in wallet/network records (e.g. `canton:production`). The `chainId` identifies the chain at pairing time, while `networkId` reflects the wallet's internal network configuration. | |
| - The WC session `chainId` (e.g. `canton:devnet`) and any `networkId` returned in account or network metadata MUST refer to the same CAIP-2 network identifier. If the wallet maintains additional internal labels for networks, they should not be confused with or substituted for this CAIP-2 `chainId`. |
| }, | ||
| "network": { | ||
| "networkId": "canton:production", | ||
| "ledgerApi": "http://127.0.0.1:5003" |
There was a problem hiding this comment.
The ledgerApi/getActiveNetwork examples return ledgerApi: http://127.0.0.1:5003. Using a loopback URL in docs is confusing because it’s not reachable from most clients; consider replacing with a placeholder host (e.g. https://<ledger-api-host>) and/or explicitly stating that this URL is only meaningful from the wallet’s execution environment.
| "ledgerApi": "http://127.0.0.1:5003" | |
| "ledgerApi": "https://<ledger-api-host>" |
wallet-sdk/chain-support/canton.mdx
Outdated
| const CANTON_WC_METHODS = [ | ||
| 'prepareSignExecute', |
There was a problem hiding this comment.
I'm in favor of adding canton_ prefix. You?
There was a problem hiding this comment.
Out of curiosity, what is the reason for re-mapping prepareExecute and prepareExecuteAndWait?
There was a problem hiding this comment.
hey @mjuchli-da hey, we did it because both methods this way result in single prepareSignExecute method on the other (wallet side), makes handling easier (one method instead of two) and the handling is the same. If you think we should keep both thats fine as well
There was a problem hiding this comment.
the nature of the two are different in the sense that prepareExecute is async and prepareExecuteAndWait is blocking. How are you planning to mix the two? It is reasonable to assume that every wallet can provide the blocking version?
There was a problem hiding this comment.
It is reasonable to assume that every wallet can provide the blocking version?
yes, thats the idea which is in line with pretty much every other blockchain so implementing apps/wallets are already familiar with the pattern i.e. request -> wallet responds -> request resolves with the result
There was a problem hiding this comment.
Okay I think I understand the reasoning behind it and see that similar mappings are being done for other chains. That said, I am a bit concerned about the fact that we deviate from the CIP-103 API naming here and wonder if it wouldn't be better to replicate the logic for both method names individually, so that clients can stick to standardized naming. I"m curious what you think on this?
Made-with: Cursor
Made-with: Cursor
Summary
wallet-sdk/chain-support/canton.mdxcovering the full WalletConnect integration specificationdocs.json) and ecosystem overview pageWhat's Documented
canton_):canton_prepareSignExecute— prepare, sign, and execute ledger transactions with multiple signing provider supportcanton_listAccounts— retrieve all configured wallet accountscanton_getPrimaryAccount— retrieve the primary wallet accountcanton_getActiveNetwork— discover the active network configurationcanton_status— check wallet connectivity to the Canton ledgercanton_ledgerApi— proxy raw Ledger API requests through the walletcanton_signMessage— sign arbitrary messages with Ed25519accountsChanged,statusChanged,chainChangedcanton_prepareExecute/canton_prepareExecuteAndWait→canton_prepareSignExecute)participant,wallet-kernel,blockdaemonwith their Ledger API flowsoptionalNamespaces(no hardcoded chains), approval with CAIP-10 accountsTest plan
mint devand verify the Canton page renders correctly at/wallet-sdk/chain-support/canton#canton_getactivenetwork)