Skip to content

Inline frame core#602

Merged
illuzen merged 20 commits into
mainfrom
inline-frame-core
Jun 24, 2026
Merged

Inline frame core#602
illuzen merged 20 commits into
mainfrom
inline-frame-core

Conversation

@illuzen

@illuzen illuzen commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Inline all frame-* crates


Note

High Risk
This replaces consensus-critical FRAME glue (executive, support, proc macros) that compiles into runtime WASM; any drift from upstream or patch resolution mistakes could affect block execution and metadata across the chain.

Overview
Vendors the FRAME runtime stack (frame-support, proc-macro crates, frame-executive, metadata hash extension, benchmarking, try-runtime, system RPC APIs, etc.) under frame/ and wires the workspace to path dependencies plus [patch.crates-io] so the runtime and transitive deps resolve to these copies instead of crates.io.

docs/RUNTIME_SURFACE.md is updated to describe the new in-tree FRAME section and to label many pallets as inlined rather than upstream-only.

primitives/high-security is added to the workspace members/deps alongside expanded workspace keys for FRAME’s macro/benchmark toolchain (pretty_assertions, aquamarine, additional sp-* crates).

Reviewed by Cursor Bugbot for commit c423cbf. Configure here.

illuzen and others added 16 commits June 23, 2026 15:24
Copy upstream frame-support-procedural-tools-derive v12.0.0 from
polkadot-sdk into frame/support-procedural-tools-derive and register it
as a workspace member. This is the leaf proc-macro crate in the
frame-support procedural toolchain.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-support-procedural-tools v13.0.1 from polkadot-sdk
into frame/support-procedural-tools and switch the workspace dependency
from crates.io to the local path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-metadata v23.0.1 from polkadot-sdk into
frame/metadata and switch the workspace dependency from crates.io to
the local path. Required by frame-support for runtime metadata types.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-support-procedural v36.0.0 from polkadot-sdk into
frame/support-procedural, switch the workspace dependency to a local path,
and patch crates.io so transitive dependents resolve the in-tree copy.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-support v45.1.0 from polkadot-sdk into frame/support,
switch the workspace dependency to a local path, and patch crates.io so
transitive dependents resolve the in-tree copy.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-try-runtime v0.51.0 from polkadot-sdk into
frame/try-runtime, switch the workspace dependency to a local path, and
patch crates.io for transitive resolution.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-executive v45.0.1 from polkadot-sdk into
frame/executive and switch the workspace dependency to a local path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-metadata-hash-extension v0.13.0 from polkadot-sdk
into frame/metadata-hash-extension and switch the workspace dependency
to a local path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-system-rpc-runtime-api v40.0.0 from polkadot-sdk into
frame/system-rpc-runtime-api and switch the workspace dependency to a
local path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-benchmarking v45.0.3 from polkadot-sdk into
frame/benchmarking and switch the workspace dependency to a local path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copy upstream frame-system-benchmarking v45.0.0 from polkadot-sdk into
frame/system-benchmarking and switch the workspace dependency to a local
path.

Co-authored-by: Cursor <cursoragent@cursor.com>
Register qp-high-security as a workspace member and workspace dependency
so the crate is first-class in the workspace like the other runtime
primitives.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add pallet-transaction-payment, -rpc, and -rpc-runtime-api to
[patch.crates-io] so the full transaction-payment family resolves to
in-tree copies when building the runtime WASM and node. Switch
qp-high-security in quantus-runtime to the workspace dependency.

Co-authored-by: Cursor <cursoragent@cursor.com>
Document that all runtime pallets and FRAME core crates are now in-tree,
add a new section listing the frame/ directory, note the transaction-payment
RPC patch, and mark sp-* / codec crates as the remaining external surface.

Co-authored-by: Cursor <cursoragent@cursor.com>

@n13 n13 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Inline frame core

Reviewed by checking out the branch and diffing the non-vendored config against main, verifying Cargo.lock resolution, and — for this consensus-critical code — diffing every vendored crate's src/ against the actual upstream crates downloaded from crates.io.

Verdict

Strong, low-risk vendoring PR. This is a mechanical vendor-and-patch of the FRAME runtime stack, done correctly. The ~82k additions are almost entirely byte-faithful upstream copies; the meaningful surface (workspace Cargo.toml, [patch.crates-io], Cargo.lock, doc) is small and correct. A few cosmetic nits, and one thing to wait on (the WASM build matrix is still pending). Recommend merge once Build & Test goes green.

What I verified

Source drift (the critical check) — clean. Diffed src/ for all 11 vendored crates against the published crates.io versions:

Crate Claimed ver Source vs upstream
frame-support 45.1.0 identical
frame-executive 45.0.1 identical
frame-benchmarking 45.0.3 identical
frame-support-procedural (+tools, +tools-derive) 36.0.0 / 13.0.1 / 12.0.0 identical
frame-system-benchmarking 45.0.0 identical
frame-system-rpc-runtime-api 40.0.0 identical
frame-try-runtime 0.51.0 identical
frame-metadata-hash-extension 0.13.0 identical
frame-metadata 23.0.1 rustfmt-only diffs

The only crate that differs is frame-metadata (it ships from a different upstream repo with a different rustfmt config, then got cargo fmt'd here). Stripping comments + whitespace confirmed the differences are purely imports_granularity grouping and trailing-comma removal — no semantic change.

  • [features] wiring matches upstream for frame-support/executive/benchmarking (only tab-vs-space indentation differs, a cargo .crate normalization artifact). Important since feature flags drive what compiles into WASM.
  • Lockfile resolves correctly. Every vendored crate dropped its source/checksum in Cargo.lock (patches applied), with no duplicate crates.io copies and no version conflicts. [patch.crates-io] correctly forces transitive dependents to the in-tree copies, including the pallet-transaction-payment family.
  • Lints handled deliberately. No vendored crate opts into the workspace unwrap_used/expect_used = deny (no [lints] workspace = true), with explanatory comments — which is why clippy passes.
  • CI: Clippy & Doc, Format, Bugbot all green; Build & Test matrix still pending at review time.

Findings (all minor)

  1. Dead [workspace.dependencies] keys. derive-syn-parse, expander, and proc-macro-warning were added to workspace deps, but their only consumer (frame/support-procedural) uses direct version literals instead of .workspace = true, so the keys are unused. Either wire frame-support-procedural to .workspace = true, or drop the three keys. (macro_magic is similarly split — could be { workspace = true, features = ["proc_support"] }.)
  2. default-features = false in [patch.crates-io] is a no-op. Cargo ignores features/default-features/optional in patch entries — only the path matters. The new entries carry it (misleading, and inconsistent with the existing frame-system/litep2p patch entries that omit it). Cosmetic.
  3. Vendored manifests dropped upstream's [lints.rust.unexpected_cfgs] check-cfg. Harmless here — none of these crates' sources use substrate_runtime/build_opt_level/build_profile cfgs, and there's no global -D warnings. Worth knowing for future re-syncs.

Recommendations

  • Wait for the WASM Build & Test matrix before merging — std clippy + identical source + clean lock make the no_std/wasm risk low, but that's the build that actually compiles the consensus runtime.
  • Maintenance: vendoring this stack means owning upstream security/bug fixes with no auto-sync. The per-commit version notes are good; consider documenting the exact upstream tag/commit per crate and a re-sync procedure so future drift stays auditable.

🤖 AI-assisted review (Cursor).

@n13 n13 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Need to fix CI then GTG

@illuzen illuzen merged commit 75d32f8 into main Jun 24, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants