Production Readiness — Canton Middleware + dApp + Snap

[sadiq1971]

Scope: shipping the Canton middleware, the Canton dApp, and the Canton Snap to a state where both custodial and non‑custodial end users can register and transfer on Canton mainnet. Relayer / bridge work is out of scope for this document.

---

1. Current Status

Component	Where it runs today	Target
Canton middleware	Devnet	Mainnet
Canton dApp	Local only	Devnet, then Mainnet
Canton Snap	Published on npm (@chainsafe/canton-snap v0.2.x), works with MetaMask flask	Audited + on MetaMask’s allowlist (directory)

---

2. Production Blockers (must‑fix before mainnet)

Middleware

• Mainnet deployment by DevOps: infra, secrets, DB, networking, TLS, domain.
• Whitelist process after the deployment is done need to finalize the way to whitelist user for registration. This can be through direct db operation with vpn.

dApp

• Devnet deployment (hosting, domain, HTTPS, CSP, cache headers).
• dAPP logo + Branding Finalize the logo, branding and other texts.
• Mainnet deployment gated on middleware mainnet being live.

Snap

• External security audit of packages/snap (key derivation, prepared‑transaction envelope verification, DER signing, state handling, dialog content).
• MetaMask Snap Directory listing — submit to MetaMask’s allowlist so the snap appears as a recognized/verified snap (same path used by other ChainSafe snaps). Until this lands, users see the generic “third‑party snap” warning.