The following is a prototype, reference implementation, and proof-of-concept. This open source code is provided for research, experimentation, and developer education only. This code has not been audited, is actively experimental, and may contain bugs, vulnerabilities, or incomplete features. Use at your own risk.
- Host API protocol — source of truth for the host ↔ product integration protocol.
- host-api-wrapper — Host API wrapper for integrating and running a product inside the Polkadot browser host.
- product-react-renderer — Custom React reconciler for rendering native UI widgets from product scripts.
- product-bulletin — Bulletin Chain client adapter for product applications, wrapping
@parity/bulletin-sdk.
- host-api — Transport implementation for host ↔ product integration.
- host-container — Host-side container for hosting and managing products within the Polkadot ecosystem.
- host-papp — Polkadot app integration layer for the host.
- host-papp-react-ui — React UI flow for the Polkadot app integration.
- host-chat — Account lookup and chat-message codecs for host applications integrating with the Polkadot People chain.
- host-worker-sandbox — QuickJS-based sandbox for running product worker code in an isolated VM.
- host-substrate-chain-connection — Ref-counted
polkadot-apiconnection pool with shared WebSocket/light-client lifecycle.
- handoff-service — HOP (Handoff Pool) P2P file transfer service with end-to-end encryption over the Bulletin chain.
- statement-store — Encrypted, signed request/response messaging sessions over a Polkadot statement store.
- storage-adapter — Pluggable key/value storage adapters (in-memory, localStorage) with typed field views.
- scale — Additional SCALE codecs built on top of
scale-ts. - substrate-slot-sr25519-wasm — sr25519 WASM for slot-account secrets, matching the Android/iOS Substrate SDK
SlotAccountKey.
See CHANGELOG.md for release history.
See CONTRIBUTING.md for more information.
Before deploying it for real use cases, you are responsible for:
- Reviewing the code yourself; we publish a reference, not a hardened production build
- Checking that the dependencies are up to date and free of known vulnerabilities
- Securing your own fork or deployment environment (keys, secrets, network configuration)
- Tracking the latest tagged release/commits for security fixes; older releases are not backported (exceptions might apply)
For Parity's security disclosure process and Bug Bounty program, feel free to visit https://parity.io/bug-bounty.
Licensed under the Apache License 2.0.