You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each peer only knows its direct connections. The workspace owner has no visibility into the full swarm topology — who is connected to whom, or which peers exist beyond their direct neighbors.
Proposal
Allow workspace owners to send an identity discovery request through the swarm via the existing delta sync mechanism. Each peer responds with:
Their identity information (public key, device ID, display name)
Their list of direct peers (identity keys / device IDs)
Security model
Only the owner can send a discovery request (enforced by signature verification — peers reject requests not signed by the owner)
Requests travel inside deltas — encrypted between each pair of peers like any other delta payload. Each peer can read the request (to act on it and forward it), but it is never plaintext on the wire.
Responses are double-encrypted — the response content is encrypted to the owner's public key (inner layer), then wrapped in normal delta transport encryption (outer layer). Intermediate peers can decrypt the delta envelope but cannot read the response payload inside it. Only the owner can decrypt the inner layer.
This introduces the first request/response messaging pattern in the swarm protocol; existing infrastructure only carries push-based deltas and invites
What this enables
Network graph visualization — the owner can map the full swarm topology
Sync diagnostics — identify isolated peers, single points of failure, or unreachable nodes
This is a good first candidate for the request/response messaging primitive — it doesn't depend on #150 (no verification records needed, just existing identity and peer data), making it simpler to build and test. The verification collection feature (#152) can then reuse the same protocol.
Architectural pieces (shared with verification collection)
New delta payload types — request and response items embedded alongside operations in delta bundles
Correlation ID so responses can be matched to the originating request
Owner-only send enforcement (signature check on request)
Inner-layer encryption of response payload to owner's public key (Ed25519->X25519 conversion or separate key exchange -- TBD), independent of the outer delta transport encryption
Open questions
Should the peer list include connection metadata (last seen, relay vs direct)?
How much identity detail to include? (just public key + device ID, or also display name / role?)
Key derivation: reuse Ed25519->X25519 conversion for encryption, or introduce a separate key exchange?
Context
Each peer only knows its direct connections. The workspace owner has no visibility into the full swarm topology — who is connected to whom, or which peers exist beyond their direct neighbors.
Proposal
Allow workspace owners to send an identity discovery request through the swarm via the existing delta sync mechanism. Each peer responds with:
Security model
What this enables
Implementation note
This is a good first candidate for the request/response messaging primitive — it doesn't depend on #150 (no verification records needed, just existing identity and peer data), making it simpler to build and test. The verification collection feature (#152) can then reuse the same protocol.
Architectural pieces (shared with verification collection)
Open questions
Dependencies