Add bootnode-canton-dappbooster-dev-stack proposal

[pablofullana]

Development Fund Proposal Submission

Proposal file:
/proposals/bootnode-canton-dappbooster-dev-stack.md

---

Summary

dAppBooster for Canton v0.1 is an open-source local development stack (live today at github.com/BootNodeDev/cn-dappbooster) that takes a Canton dApp developer from Daml contracts to a working dApp UI on a laptop, including a self-custodial CIP-0103 browser wallet (Carpincho), and one-command local Canton infrastructure. This proposal funds the evolution of v0.1 toward its core thesis: Canton users installs one self-custodial wallet, creates their external parties within it, and uses those same parties to connect to any dApp on any validator. The keys never leave the wallet, the same identities work everywhere, and no dApp or validator can lock the user in.

---

Checklist

• Proposal file added under /proposals/
• Milestones and funding amounts defined
• Acceptance criteria included
• Alignment with Canton priorities described

---

Notes for Reviewers

• v0.1 is already running. Repo at cn-dappbooster, walkthrough at dappbooster.cc. One command brings the stack up. We are happy to walk anyone through it before review.
• Suggested labels: dapp-integration, wallet-apps.
• Still looking for a Champion
• The Rationale section states how we consume both PRs Development Fund Proposal: Canton Network dApp SDK and Tooling #69 and Proposal: Open Source Reference Wallet #90 (rather than compete), and Carpincho commits to passing PR Development Fund Proposal: Canton Network dApp SDK and Tooling #69's Wallet Compliance Test Suite at v1.0.

[github-actions]

SIG labels auto-detected and applied: dapp-integration, wallet-apps

If this is incorrect, you can ask the reviewers to update the labels.

[github-actions]

@pablofullana, thank you for your interest in the Canton Development Fund!

Your proposal does not include a Champion/Endorser field.

Per CIP-0100, all external proposals require a Tech & Ops Committee champion.

Next steps:

1. Add a "Champion" field to your proposal
2. Identify a Tech & Ops Committee member organization willing to champion it
3. Reopen this PR

If you need help finding a champion, reach out to SIGs or any Tech & Ops Committee member.

This PR is being closed automatically. You are welcome to reopen it once a champion is confirmed.

[daravep]

Thank you very much for your proposal. There is significant overlap with the Self-Signed OIDC work that is currently being completed by DA, which provides the native ability to authenticate to the user validator as well as to the provider app using self-signed JWTs.

At the same time, Send has already published, their browser variant of a CIP-103 wallet.

Would you be open to connect with the developers of CIP-103, Wallet Gateway and JWT auth to discuss how to structure your proposal in a way that incorporates these changes?

[daravep]

What do you mean with "interacts with multiple dApps across multiple validators"? Where is my party hosted, where do I submit my commands to? How do I authenticate to the dApp and how to my validator? How do I authorize my commands? This is all captured in CIP-103. But you are saying here that you are building something new but you also refer to CIP-103. Can you elaborate?

[pablofullana]

We mean, where the party is hosted, where commands are submitted, how the wallet authenticates to the dApp, and how authorization happens. These are all CIP-103, and Carpincho follows the spec. We are not aiming to reinvent any of that; it's not in scope here.

Carpincho (intended for external parties) is discovered by dApps over window.canton.carpincho, signs prepared transactions locally, and submits via wallet-service → participant.

What CIP-103 doesn't yet cover, and what we meant by "multiple validators", is being able to use the same identity across many validators.

Our proposal was to implement a SIWC IdP and extend the wallet-gateway with an external signing provider. SIOPv2 makes that go away: the wallet mints the JWT itself, the validator verifies the signature, no IDP in the loop. That's what we'll integrate once it lands in the wallet-gateway.

[daravep]

Can you elaborate what you mean with synchronous variant of CIP-0103? Is it the CIP-103 API or is it something different?

Also, please note that Send seems to have already built the CIP-103 browser wallet using passkeys: https://info.send.it/docs/send-safe/send-connect

[pablofullana]

re: "synchronous variant". That's our coinage, not CIP-103 spec language, and we can do better. We mean the CIP-103 dApp API served over the sync transport, the browser provider injected at window.canton.carpincho. The "async variant" we use for wallet-service is the same CIP-103 API, served over HTTP. Same protocol, different transports. We'll fix the proposal wording.

re: Send Connect. Indeed, they've shipped a real CIP-103 browser wallet, and the WebAuthn PRF passkey UX is genuinely good for the consumer use case.

Carpincho is CIP-0103 compatible, but it is designed as a development wallet. To provide richer tooling than a standard wallet, Carpincho relies on an extended version of the wallet-gateway, which we call wallet-service.

The differences that matter for that use case:

• Protocol-native Ed25519 keys, not derived via WebAuthn PRF. Easier to inject test keys, easier to reason about in CI, no passkey enrollment step.
• Headless / Playwright mode for CI testability. Passkey-based wallets are structurally hard to drive in headless CI. Virtual authenticators help, but PRF in particular has thin test tooling.
• Open development: both the wallet binary and the SDK live in the same canonical public repo, with all commits public. That makes the codebase forkable for teams building on top, not just installable.
• Stack integration: Carpincho ships as one of the components inside dAppBooster, alongside the dev environment and example dApp. Send Connect is a standalone consumer product.

A dApp built with dAppBooster targets any CIP-103 wallet at ship, Send Connect included. Different artifacts for different audiences, no overlap to resolve.

At the time of writing this comment, current POC/alpha version of Carpincho already ships with:

• CIP-56 and Amulet asset listing
• Balances and UTXO inspection
• Token send and transfer acceptance flows
• Amulet preapproval management
• dApp transaction preparation
• Execution of prepared transactions
• prepareExecuteAndWait
• Controlled ledgerApi proxying
• DAR deployments
• Contracts creation
• Choices exercise
• Party activity listing
• Active contract listing for parties

Screenshots of these features here: Carpincho features for developers

And many others in the projected roadmap.

[daravep]

What do you mean with "while wallet-gateway migration is not yet done"?

[pablofullana]

wallet-service is our temporary solution while wallet-gateway is under development. It gives Carpincho the async CIP-103 operations it needs today (external party creation, transaction prep, …), because upstream wallet-gateway can't yet serve browser-resident wallets.

wallet-service keeps the base wallet-gateway capabilities, but adds internal RPC methods that Carpincho uses to interact with Canton. It also makes it possible for Carpincho to feature all the developer tools, features, and capabilities it ships with.

[daravep]

Note that https://openid.net/specs/openid-connect-self-issued-v2-1_0.html is coming to canton to allow removing the reliance on IDPs.

[daravep]

Note that this is also covered in this grant here: https://github.com/Stephan-da/canton-dev-fund/blob/64c32415b0c5a01b2ef9d1f742cfb281793e5b99/proposals/wallet-gateway-reference-implementation.md#milestone-4-decentralized-identity-oidc

[pablofullana]

The goal has always been to let developers run a complete Canton development stack with a single command, npx dappbooster --canton and get a full local Canton stack running without having to manually (Splice frontend, JS backend, wallet, Splice, wallet-gateway, and wallet-service). Where developers could customize the validators it starts, which optional services to enable, like PQS.

We understand there may be other ways to provide this one-command Canton stack, for example creating DPM templates. During the recent NYC 2026 ETHGlobal hackathon we realized those templates exist. This is the way we propose, but we are open to collaborate with other alternatives if you consider them more appropriate.

[daravep]

Did you implement a new auth method in Canton or where are you validating the JWTs? In the wallet service? We are right now adding this actually as part of the CIP-103 work to Canton, using the self-signed OIDC standard.

[pablofullana]

At the moment of submitting this RFP, we were not aware of the existence of self-signed OIDC standard. So this SIWC item is no longer relevant.

[pablofullana]

Thank you very much for your proposal. There is significant overlap with the Self-Signed OIDC work that is currently being completed by DA, which provides the native ability to authenticate to the user validator as well as to the provider app using self-signed JWTs.

At the same time, Send has already published, their browser variant of a CIP-103 wallet.

Would you be open to connect with the developers of CIP-103, Wallet Gateway and JWT auth to discuss how to structure your proposal in a way that incorporates these changes?

@daravep , thanks for the review. The overlap concerns are well-placed and we want to bake them in rather than work around them.

Yes to the offer to connect. A call with the CIP-103, Wallet Gateway, and JWT auth folks at DA is the right venue before we revise the proposal body. If you can point us at the right contacts or set it up, we'll coordinate timing as soon as possible (pablo@bootnode.dev).

We'll work through the inline feedback and reply on each thread shortly.

[pablofullana]

@daravep , below is a chart and a condensed list of our proposal's components to make the scope easier to follow at a glance, happy to refine if anything reads unclear.

• [New] dAppBooster CLI: a single command npx dappbooster --canton with everything you need to build Apps on Canton.

• [Existing] Splice: provisions a local instance of the standard Splice stack developed by Canton.

• [New] Wallet-Gateway for Developers: (formerly named wallet-service) extends the existing CIP-103 wallet-gateway with developer-focused capabilities. It exposes an RPC interface with methods such as prepareTransaction, executePrepared, cip56.listPendingTransfers, cip56.listHoldings, and many others.

• [New] dApp Backend: based on the Quickstart backend example, it's a TypeScript backend that acts as a bridge between the frontend and the Canton infrastructure, enabling contract queries, PQS access, and other backend services.

• [New] dApp Frontend: a TypeScript + Vite scaffold that provides the building blocks common to most Canton dApps, including wallet connectivity, connected-party visualization, and other essential integrations.

• [New] dApp Components: a collection of reusable React components for Canton dApps, including: token inputs, token selectors, party inputs, bigint inputs, and other commonly needed UI elements.

• [Temporary] Connect Kit: a lightweight connector that enables frontend applications to discover Carpincho through window.canton.carpincho. This component can eventually be replaced by PartyLayer if it adds support for automatic wallet discovery through the window.canton namespace.

• [New] Carpincho: a browser wallet extension designed for Canton developers.

  • End-user features: create external parties, manage token holdings, transfer tokens, approve transfers (CIP-56 and Amulet support), and view transaction activity.
  • Developer-oriented features: when connected to Wallet Gateway for Developers, Carpincho unlocks advanced development workflows such as DAR deployment, contract creation, choice execution, active contract inspection, and additional capabilities planned on the roadmap.
  • demo video: carpincho wallet demo

• (New) CIP-56 faucet: a local faucet that allows any connected party to manage sample CIP-56 utility tokens.

Hoping this gives a clearer picture going into the sync with the CIP-103, Wallet Gateway, and JWT auth team at DA.