Hi all, just released GitHub - dragginzgame/canic 0.6, which has meant a full rewrite of the ops/ module.
Here it is. Thanks ChatGPT for helping me nail the naming down.
So this comes with a lot of metrics. Firstly, the candid endpoint macro has been overridden with canic_update and canic_query. This gives you three ways to protect endpoints, and also injects a perf macro that defers to the end of each endpoint call.
Take this endpoint that requests root to make a canister. You’ve got
- guard(app): a Canic-specific precheck that blocks the endpoint based on AppState mode (Enabled/Readonly/Disabled)
— queries allow Readonly, updates don’t - auth_any|all: runs caller-based authorization rules (async fns like is_controller(caller), is_parent(caller))
- policy(…): runs additional async, non-caller policy checks (e.g. is_prime_subnet()) after auth but before dispatch. This is “the app is live, the user is authenticated, but .. nope” check.
Each of these levels can use custom user-generated functions, for instance “is_project_owner()” on toko.
So lets run the endpoint and see what happens…
adam@Ripper:~/projects/canic$ dfx canister call root create_blank
(variant { Err = variant { AccessError = "application is disabled" } })
ah yes, so we have to turn the app on now, and this will cascade down the entire tree of canisters.
.ok so that will now do the cascade from root downwards
and we can keep going because the app state is now propagated to all new canisters
so lets check the metrics now.
and on the blank canister-
this doesn’t have CreateCanister because it’s not actually creating it, it’s sending a request to root to do so, via the ops::rpc module.
this is perf on the blank canister that’s child of root… and then we can also check root for the auth metrics.
and you can see the fact that 1 create_blank was allowed and 2 were denied.
Anyway, that’s a quick example of what’s new in Canic 0.6!