chore(vetkeys): migrate basic_ibe to icp-cli and @icp-sdk/vetkeys

.github/workflows/rust-vetkeys-basic-ibe-example.yml

@@ -0,0 +1,80 @@
+name: rust-vetkeys-basic-ibe
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - rust/vetkeys/basic_ibe/**
+      - .github/workflows/provision-darwin.sh
+      - .github/workflows/provision-linux.sh
+      - .github/workflows/rust-vetkeys-basic-ibe-example.yml
+      - .ic-commit
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  basic-ibe-rust-darwin:
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
+      - name: Provision Darwin
+        run: bash .github/workflows/provision-darwin.sh
+      - name: Pre-download network launcher
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash .github/workflows/pre-download-launcher.sh
+      - name: Basic IBE Rust Darwin
+        run: |
+          pushd rust/vetkeys/basic_ibe/rust
+          icp network start -d
+          icp deploy
+          popd
+  basic-ibe-rust-linux:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
+      - name: Provision Linux
+        run: bash .github/workflows/provision-linux.sh
+      - name: Pre-download network launcher
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash .github/workflows/pre-download-launcher.sh
+      - name: Basic IBE Rust Linux
+        run: |
+          pushd rust/vetkeys/basic_ibe/rust
+          icp network start -d
+          icp deploy
+          popd
+  basic-ibe-motoko-darwin:
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
+      - name: Provision Darwin
+        run: bash .github/workflows/provision-darwin.sh
+      - name: Pre-download network launcher
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash .github/workflows/pre-download-launcher.sh
+      - name: Basic IBE Motoko Darwin
+        run: |
+          pushd rust/vetkeys/basic_ibe/motoko
+          icp network start -d
+          icp deploy
+          popd
+  basic-ibe-motoko-linux:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
+      - name: Provision Linux
+        run: bash .github/workflows/provision-linux.sh
+      - name: Pre-download network launcher
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash .github/workflows/pre-download-launcher.sh
+      - name: Basic IBE Motoko Linux
+        run: |
+          pushd rust/vetkeys/basic_ibe/motoko
+          icp network start -d
+          icp deploy
+          popd

rust/vetkeys/basic_ibe/README.md

@@ -1,10 +1,12 @@
 # Identity-Based Encryption
 
+<!-- TODO: re-enable once icp.ninja supports icp-cli (currently requires dfx)
 | Motoko backend | [![](https://icp.ninja/assets/open.svg)](http://icp.ninja/editor?g=https://github.com/dfinity/examples/tree/master/rust/vetkeys/basic_ibe/motoko)|
 | --- | --- |
 | Rust backend | [![](https://icp.ninja/assets/open.svg)](http://icp.ninja/editor?g=https://github.com/dfinity/examples/tree/master/rust/vetkeys/basic_ibe/rust) |
+-->
 
-The **Basic IBE** example demonstrates how to use **[VetKeys](https://internetcomputer.org/docs/building-apps/network-features/vetkeys/introduction)** to implement secure messaging between users by means of Identity-Based Encryption (IBE) on the **Internet Computer (IC)**. This application allows users to send encrypted messages to other users using their **Internet Identity Principal** as the encryption key identifier. This canister (IC smart contract) ensures that only the authorized user can access their private decryption key, meaning that even if someone else knows your principal, they cannot decrypt messages intended for you because neither other users nor this canister can access your private key.
+The **Basic IBE** example demonstrates how to use **[VetKeys](https://docs.internetcomputer.org/building-apps/network-features/vetkeys/introduction)** to implement secure messaging between users by means of Identity-Based Encryption (IBE) on the **Internet Computer (IC)**. This application allows users to send encrypted messages to other users using their **Internet Identity Principal** as the encryption key identifier. This canister (IC smart contract) ensures that only the authorized user can access their private decryption key, meaning that even if someone else knows your principal, they cannot decrypt messages intended for you because neither other users nor this canister can access your private key.
 
 Note that generally it is possible for a canister to request a decryption key to decrypt secrets as part of its code.
 However, doing so requires the canister to provide its own transport key instead of requesting a user's transport key and this inherently makes secrets public.
@@ -22,23 +24,33 @@ A canister functionality for decrypting secrets can be detected by inspecting th
 
 ### Prerequisites
 
-- [Internet Computer software development kit](https://internetcomputer.org/docs/building-apps/getting-started/install)
+- [ICP CLI](https://cli.internetcomputer.org)
 - [npm](https://www.npmjs.com/package/npm)
 
 ### (Optionally) Choose a Different Master Key
 
-This example uses `test_key_1` by default. To use a different [available master key](https://internetcomputer.org/docs/building-apps/network-features/vetkeys/api#available-master-keys), change the `"init_arg": "(\"test_key_1\")"` line in `dfx.json` to the desired key before running `dfx deploy` in the next step.
+This example uses `test_key_1` by default. To use a different [available master key](https://docs.internetcomputer.org/building-apps/network-features/vetkeys/api#available-master-keys), change the `init_args` value in `icp.yaml` to the desired key before running `icp deploy` in the next step.
 
 ### Deploy the Canisters Locally
 
 If you want to deploy this project locally with a Motoko backend, then run:
 ```bash
-dfx start --background && dfx deploy
+icp network start -d && icp deploy
 ```
 from the `motoko` folder.
 
 To use the Rust backend instead of Motoko, run the same command in the `rust` folder.
 
+To run the frontend in development mode with hot reloading (after running `icp deploy`):
+```bash
+npm run dev
+```
+
+When you are done testing, stop the local network to free up resources and unblock the default port for other projects:
+```bash
+icp network stop
+```
+
 ## Example Components
 
 ### Backend
@@ -52,16 +64,10 @@ The backend consists of a canister that:
 
 The frontend is a vanilla typescript application providing a simple interface for sending, receiving, and deleting encrypted messages.
 
-To run the frontend in development mode with hot reloading (after running `dfx deploy`):
-
-```bash
-npm run dev
-```
-
 ## Limitations
 
 This example dapp does not implement key rotation, which is strongly recommended in a production dapp to limit the impact of potential key compromise if a malicious party gains access to the user's decryption key.
 
 ## Additional Resources
 
-- **[What are VetKeys](https://internetcomputer.org/docs/building-apps/network-features/vetkeys/introduction)** - For more information about VetKeys and VetKD.
+- **[What are VetKeys](https://docs.internetcomputer.org/building-apps/network-features/vetkeys/introduction)** - For more information about VetKeys and VetKD.

rust/vetkeys/basic_ibe/frontend/package.json

@@ -1,31 +1,32 @@
 {
-  "name": "basic-ibe-frontend",
-  "private": true,
-  "version": "0.0.0",
-  "type": "module",
-  "scripts": {
-    "dev": "npm run build:bindings && vite",
-    "build": "npm run build:bindings && tsc && vite build",
-    "build:bindings": "cd scripts && ./gen_bindings.sh",
-    "preview": "vite preview",
-    "lint": "eslint"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.24.0",
-    "@rollup/plugin-typescript": "^12.1.2",
-    "@types/node": "^24.0.4",
-    "eslint": "^9.24.0",
-    "eslint-config-prettier": "^10.1.5",
-    "eslint-plugin-prettier": "^5.4.0",
-    "tslib": "^2.8.1",
-    "typescript": "~5.7.2",
-    "typescript-eslint": "^8.35.1",
-    "vite": "^6.4.1",
-    "vite-plugin-environment": "^1.1.3"
-  },
-  "dependencies": {
-    "@dfinity/auth-client": "^2.4.1",
-    "@dfinity/principal": "^2.4.1",
-    "@dfinity/vetkeys": "^0.3.0"
-  }
+    "name": "basic-ibe-frontend",
+    "private": true,
+    "version": "0.0.0",
+    "type": "module",
+    "scripts": {
+        "dev": "printf '\\nNo backend specified. Use one of:\\n\\n  npm run dev:motoko\\n  npm run dev:rust\\n\\n' && exit 1",
+        "dev:motoko": "npm run build:bindings && BACKEND=motoko vite",
+        "dev:rust": "npm run build:bindings && BACKEND=rust vite",
+        "build": "npm run build:bindings && tsc && vite build",
+        "build:bindings": "cd scripts && ./gen_bindings.sh",
+        "preview": "vite preview",
+        "lint": "eslint"
+    },
+    "devDependencies": {
+        "@eslint/js": "^9.24.0",
+        "@rollup/plugin-typescript": "^12.1.2",
+        "@types/node": "^24.0.10",
+        "eslint": "^9.24.0",
+        "eslint-config-prettier": "^10.1.5",
+        "eslint-plugin-prettier": "^5.4.0",
+        "tslib": "^2.8.1",
+        "typescript": "~5.7.2",
+        "typescript-eslint": "^8.35.1",
+        "vite": "^6.4.1"
+    },
+    "dependencies": {
+        "@icp-sdk/auth": "^7.1.0",
+        "@icp-sdk/core": "^5.4.0",
+        "@icp-sdk/vetkeys": "^0.5.0-beta.0"
+    }
 }

rust/vetkeys/basic_ibe/frontend/scripts/gen_bindings.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 
-cd ../../backend && make extract-candid
+# Bindings are always generated from the Rust backend since both backends
+# expose the same Candid interface.
+if command -v candid-extractor >/dev/null 2>&1; then
+    cd ../../rust/backend && make extract-candid
+    cd ../..
+else
+    cd ../..
+fi
 
-cd .. && dfx generate basic_ibe || exit 1
-
-rm -r frontend/src/declarations/basic_ibe > /dev/null 2>&1 || true
+rm -rf frontend/src/declarations/basic_ibe
 
 mkdir -p frontend/src/declarations/basic_ibe
-mv src/declarations/basic_ibe frontend/src/declarations
-rmdir -p src/declarations > /dev/null 2>&1 || true
-
-# dfx 0.31+ generates @icp-sdk/core imports; rewrite to @dfinity/* to match deps
-find frontend/src/declarations -type f \( -name '*.ts' -o -name '*.js' \) -exec \
-  perl -i -pe 's|\@icp-sdk/core/agent|\@dfinity/agent|g; s|\@icp-sdk/core/principal|\@dfinity/principal|g; s|\@icp-sdk/core/candid|\@dfinity/candid|g' {} +
+npx @icp-sdk/bindgen --did-file rust/backend/backend.did --out-dir frontend/src/declarations/basic_ibe --declarations-flat --force