Internal precompile binaries hook

[BitcoinZavior]

Precompiled Binaries Feature

Resolves #20
This PR introduces a comprehensive precompiled binaries system that significantly improves the developer experience by reducing build times and providing secure, signed artifacts.

Key Features

Secure Distribution

• Ed25519-signed precompiled binaries with public key verification
• Automated signing and verification pipeline
• Secure artifact hosting via GitHub Releases

Performance Improvements

• Skip local Rust compilation for supported platforms
• Automatic fallback to local builds when precompiled binaries unavailable
• Configurable modes: auto, always, or never

Developer Experience

• Zero-configuration setup for most users
• Comprehensive CLI tooling for maintainers
• Detailed documentation and troubleshooting guides

Configuration

Users can configure precompiled binaries in their pubspec.yaml:
Defaulting to auto which most users would want.

bdk_dart:
  precompiled_binaries:
    mode: auto  # auto | always | never

[reez]

This is looking nice, added a bunch of comments/questions, and if you can run dart format to fix the ci failure too.

I’ll set up the signing secret later, let me know if any other maintainer setup is needed.

[reez]

Did you remove ** to reduce duplicate CI runs on branch pushes?

[BitcoinZavior]

Yes, but this is something you can assess and configure.

[reez]

This uses toolchain: stable, but native/rust-toolchain.toml pins 1.85.1 and the CLI reads that channel when running rustup run. Should we switch to toolchain-file: native/rust-toolchain.toml (or set toolchain: 1.85.1) so precompiled artifacts are built with the pinned toolchain? Same applies to the Android job.

[BitcoinZavior]

We switched both precompile jobs from stable to the pinned 1.85.1 toolchain. Pinning to 1.85.1 keeps a single source of truth and avoids subtle build/compatibility drift.

[reez]

auto is described as preferring precompiled, but the hook currently disables precompiled when rustup is present (UserOptions.defaultUsePrecompiledBinaries). Should we update this wording to reflect the rustup heuristic, or change the behavior to match the doc

[BitcoinZavior]

I suggest updating the wording in README.md. It now explicitly states that auto prefers local builds when the Rust toolchain (rustup) is detected; otherwise, it uses precompiled binaries.

[reez]

The doc says ‘download verified binary first and fall back’; should we note that mode: always is intended to disable fallback (once that behavior is enforced), or explicitly call out the rustup heuristic for auto?

[BitcoinZavior]

Added a “Mode behavior” section. It clarifies that always currently falls back but is intended to fail if a verified binary isn’t present, and reiterates how never operates.

[reez]

mode: always currently just returns null on download/verify failure, which triggers fallback in PrecompiledBuilder. Should always fail the build instead so it truly requires precompiled binaries?

[BitcoinZavior]

lib/src/precompiled/artifacts_provider.dart now tracks when mode == PrecompiledBinaryMode.always and throws PrecompiledBinaryRequiredException on any download/verification failure instead of returning null. Since PrecompiledBuilder does not catch that exception, the build fails rather than falling back whenever mode=always cannot obtain a signed artifact—so the builder enforces the “require precompiled” promise.

[reez]

--repository is required but never used in any gh release calls; should we pass --repo $repository to view/create/upload (or drop the flag if it’s not needed)?

[BitcoinZavior]

Forgot to call it out earlier: --repository was left unused in the release commands by mistake, but we’ve since wired it back in. This lets us rerun the tool against another repo (e.g., for testing or experimentation) without editing the workflow. In production it still defaults to the current repo, so the rest of the release flow behaves as before.

[reez]

We pass --locked to cargo, but there’s no committed native/Cargo.lock in this repo; cargo build --locked will fail without it. Should we add native/Cargo.lock or remove --locked?

[BitcoinZavior]

Lock file added and .gitignore updated to allow lock file changes.

[reez]

We concatenate lines from multiple files without a delimiter or filename marker which could (rarely) lead to hash collisions if file boundaries change. Should we consider prefixing each file with its path (or a separator) before hashing to make the hash more robust?

[BitcoinZavior]

That scenario is extremely rare isn't it? we would have to arrange contents to collide via a prefix/suffix shift. I believe a lightweight fix ( a separator before its contents) should be sufficient.

[reez]

If we enforce mode: always, should we be surfacing a hard failure here (or in PrecompiledArtifactProvider) so the build doesn’t silently fall back when always is set?

[BitcoinZavior]

PrecompiledArtifactProvider now throws PrecompiledBinaryRequiredException on any download/verify failure when mode == always. Since PrecompiledBuilder already propagates provider exceptions, the build will now fail fast instead of silently falling back—honoring the “require precompiled binaries” promise.

[BitcoinZavior]

Thanks for the review 🧡 PR updated to address review comments and to provide more info.