Wechaty Puppet Service Provider Certificate Program (DRAFT)

[huan]

The Background

The Wechaty Puppet Service (WPS) has been released in early 2020. After that, the Wechaty community has enabled the power of the Wechaty Puppet Provider (WPP): any WPP can be published as a service (WPS) by running a Wechaty Gateway:

$ npm install --global wechaty@next wechaty-puppet-padlocal 
$ wechaty gateway \
    --puppet wechaty-puppet-padlocal \
    --puppet-token padlocal_XXX \
...
21:58:39 INFO Gateway Registering Wechaty Puppet Token Gateway Service Discovery ... success

    Your have successfully ran Wechaty Token Gateway with the below settings:
      1. token: insecure_2a59ebfb-27b7-413f-9abf-907d28d63d3e

The above command shows how to publish the wechaty-puppet-padlocal WPP as a WPS, with a random generated Wechaty Puppet Service Token insecure_2a59ebfb-27b7-413f-9abf-907d28d63d3e. (You can specify the published token by the --token option)

To learn more about the Wechaty Puppet Ecosystem, this blog post has a detailed introduction:

• Introducing Wechaty Puppet Service (Providers), @huan, Jan 14, 2021

Alpha Stage Wechaty Ecosystem (2020 & 2021)

We have running the WPS as an alpha stage ecosystem service for the Wechaty community, for the past two years. (2020 & 2021)

The WPS enabled the Wechaty Ecosystem system for the Puppet Providers, which means that everyone can provide a WPS for the community, by simply providing a TOKEN to the user.

Thanks to the developers from our community, we soon have 5 WPS built for the Wechaty Ecosystem:

1. Donut, developed by @juzibot
2. WXWork, developed by @juzibot
3. Paimon, developed by @zpaimon
4. PadLocal, developed by @padlocal
5. SimplePad, developed by @chatrbot

In addition, any Wechaty developer can publish their own WPS by using the wechaty gateway CLI command mentioned at the beginning of this post.

The Problem (Alpha Stage, v0.x)

We have had great success with the alpha stage WPS, for example, we have thousands of WPS running for serving our community users every day.

We have also learned a lot from running it, and here's the list we need to improve before we move to the beta stage.

1. lacking Term-of-Service and the Privacy-Policy legal files
2. lagging customer support (for paid customers)
3. WPS gRPC protocol is not TLS enabled, which means the data on the internet is plain text

The Solution (Beta Stage, v1.x)

We have upgraded the Wechaty from 0.x to 1.x in Jan 2022. With v1.x Wechaty, the ecosystem needs to satisfy the Beta stage requirements, so that we can improve the service quality and deliver more value to our users.

The most important improvement for Wechaty v1.x is enabling TLS by default, and it requires the WPS to update their system to be compatible with Wechaty v1.x and use the CA-signed by the Wechaty community for maximum security.

Any WPS provided by the community in the Wechaty ecosystem will be classified from levels 0 to 7 by the following rules:

• Level-0: any valid WPS published by any developer by running any WPP with the wechaty gateway command (or providing the gRPC service directly), is a Level-0 WPS.
• Level-1: a Level-0 WPS that meets the following requirements:
  • secured by the TLS. (CA will be signed by the Wechaty community, with a $100 per month CA management fee)
• Level-2: a Level-1 WPS that meets the following requirements:
  • published the WPS landing page at Wechaty's official website under the https://wechaty.js.org/docs/puppet-service/${SNI}
  • published the WPS official website, and link it to the landing page, for users to apply, pay, and manage their WPS tokens
  • published a Term-of-Service page and linked its URL to the WPS landing page
  • published a Privacy-Policy page and linked its URL to the WPS landing page
  • published at least one support channel to the landing page
  • watched the https://github.com/wechaty/puppet-supports/issues for related support requests.
  • published at least one blog post on wechaty.js.org to announce the WPS, and link the blog posts to the landing page
  • agreed to maintain the WPS landing page on the Wechaty website when there are any updates needed
• Level-3: a Level-2 WPS that meets the following requirements:
  • agree to provide at least 2 non-expiring free tokens for each developer who has joined the Wechaty Developers Program
  • agree to provide at least 20 non-expiring free tokens to the Wechaty community.
• Level-4: a Level-3 WPS that meets the following requirements:
  • support the Wechaty open-source project by donating more to the Wechaty community via OpenCollective
• Level-5: a Level-4 WPS that meets the following requirements:
  • pass the basic testing listed at https://github.com/wechaty/puppet-supports/wiki/Basic-Test
  • pass the stress testing listed at https://github.com/wechaty/puppet-supports/wiki/Stress-Test
• Level-6: a Level-5 WPS that meets the following requirements:
  • pass the product testing listed at https://github.com/wechaty/puppet-supports/wiki/Product-Test
  • running with our Friday BOT and everything is ok for at least 1 week
• Level-7: a Level-6 WPS that meets the following requirements:
  • voted stable by at least 3 community contributors
  • voted stable by at least 3 paid users
  • verified stable by at least 1 PMC

It is greatly appreciated to the developers in our ecosystem to follow this upgrade, to become a Wechaty Official Certificated Puppet Service.

How to Apply for Certification

In order to apply for the WPS certification, please fill out the below template and post it to the https://github.com/wechaty/puppet-service/issues

Wechaty Puppet Service (WPS) Certification Application

1. What's your WPS Server Name Indication (SNI)?

> for example, `wxwork`, `paimon`: this will become the prefix of your token, i.e.: `wxwork_UUID` or `paimon_UUID`

2. What Level are you going to apply for? (the minimum level that can be applied is Level-2, and the higher the better)

3. Please copy/paste the Level-N requirements below, and comment on every requirement to explain why you are qualified:

4. You understand and agree that the right of final interpretation of the Terms of Service of the Wechaty ecosystem resides with the Wechaty community.  (Y/N)

4. Your name (sign)

Thank you very much for joining the Wechaty ecosystem by providing the valuable Wechaty Puppet Service to the chatbot developer users, it's very valuable, and appreciate all efforts everyone has worked for the community!

RFC

I'd like to invite the creator of Donut/WXWork @windmemory, creator of PadLocal @padlocal, creator of Paimon @zpaimon, creator of SimplePad @chatrbot to review this draft, any feedback will be highly appreciated.

CC @lijiarui @wechaty/puppet

[profthecopyright]

I have a question about the 2nd paragraph. By "for example, we have thousands of WPS running for serving our community users every day.", do you mean thousands of different service providers, or thousands of service instances from the same five providers listed in the 1st paragraph?

[huan]

do you mean thousands of different service providers,

All WPS share the same token discovery service in the Wechaty community: so that when a user want to switch protocol for their bot program, change the token is all they need to do.

[profthecopyright]

What I am asking is, how many WPS providers are in play now? Is there a list of all of them?

[huan]

You can see the number from the public community status page at https://chatie.statuspage.io/

For your second question: no, you can not list them all because there are private ones. We can only see the public ones.