solid-pod-rs 0.4.0-alpha.4: notifications feature gate fix + publish#1
Merged
solid-pod-rs 0.4.0-alpha.4: notifications feature gate fix + publish#1
Conversation
Three sites in the canonical "C3 enumeration" plus a fourth hidden site discovered during V3-audit cross-reference of did_nostr_document emitters. C3a — crates/solid-pod-rs-nostr/src/did.rs:98, 154: - BEFORE: render_did_document_tier1 + render_did_document_tier3 emitted "NostrSchnorrKey2024" as verificationMethod.type. This is a custom identifier with no W3C cryptosuite registry entry. - AFTER: "SchnorrSecp256k1VerificationKey2019" (the registered cryptosuite). C3b — crates/solid-pod-rs-nostr/src/did.rs:93: - Tier-1 @context expanded to include "https://w3id.org/security/suites/secp256k1-2019/v1" alongside "https://www.w3.org/ns/did/v1". Without the security-suite context, a strict JSON-LD processor silently ignores the verificationMethod.type term. 4th HIDDEN SITE — crates/solid-pod-rs/src/interop.rs: - The original V3 cohesion audit's "Three C3 sites" enumeration missed did_nostr_document in interop.rs which independently emitted NostrSchnorrKey2024 for callers consuming the core interop surface. - Surfaced during mega-sprint Phase 0 cross-reference work; batched here. Tests — crates/solid-pod-rs/tests/did_nostr_resolver.rs: - Asserts canonical type + secp256k1-2019 @context inclusion in resolver output. Regression guard. L1 reference-vector test scaffolds (Phase 1) at: - crates/solid-pod-rs-nostr/tests/upstream_vectors/all_fixtures.rs - crates/solid-pod-rs-didkey/tests/upstream_vectors/all_fixtures.rs Cross-references: ADR-074 D2 canonical DID Document shape, ADR-082 D6 L1 contract, qe-fleet/Q1 F4.2, Q3 §E2. Co-Authored-By: claude-flow <ruv@ruv.net>
… (0.4.0-alpha.3) Per ADR-076/078 absorption, `nostr-bbs-pod-worker` and other CF-Workers consumers need to wire solid-pod-rs without dragging tokio, reqwest, notify, tokio-tungstenite, or futures-util into their build. This ships the necessary feature gating without changing the surface for any existing consumer. Cargo.toml: - tokio, tokio-tungstenite, futures-util, notify, reqwest are now `optional = true`. - New features: `core`, `std`, `tokio-runtime`, `notifications`. - `default = ["std", "fs-backend", "memory-backend", "tokio-runtime", "notifications"]` — preserves the 0.4.0-alpha.2 surface bit-for-bit. - All async-IO features (fs-backend, memory-backend, s3-backend, oidc, dpop-replay-cache, webhook-signing, did-nostr, rate-limit, quota, legacy-notifications, security-primitives) imply `tokio-runtime`. Source: - lib.rs: `pub mod storage|notifications|provision|quota` gated on `tokio-runtime`. `Storage`/`SsrfPolicy`/`Provision*`/`Quota*` re-exports gated to match. - error.rs: `From<notify::Error> for PodError` gated on `fs-backend`. - metrics.rs: SSRF-block helpers gated on `tokio-runtime`. Dotfile counter remains in `core`. SSRF counter fields stay in `SecurityMetricsInner` so `Default`/`Clone` derivations are layout-stable across feature configurations. - security/mod.rs: `ssrf` submodule + its re-exports gated on `tokio-runtime`. `dotfile`, `cors`, `rate_limit` (trait) stay pure. - ldp.rs: `LdpContainerOps` trait + impl + the `Storage` import gated on `tokio-runtime`. The LDP parsers (PATCH dialects, content negotiation, range parsing, server-managed triples) stay in `core`. - wac/resolver.rs: `StorageAclResolver` struct + impl gated on `tokio-runtime`. The `AclResolver` trait remains in `core` so consumers can implement KV-backed resolvers against the same contract. - wac/mod.rs: `StorageAclResolver` re-export gated. Sibling crates: - All 6 sibling Cargo.toml version refs bumped to 0.4.0-alpha.3. - didkey/activitypub/git: explicit `tokio-runtime` added to their solid-pod-rs deps. idp/nostr already pull it transitively via oidc/did-nostr/security-primitives. Validation: - `cargo check -p solid-pod-rs` (default features) — PASS - `cargo check -p solid-pod-rs --no-default-features --features core` — PASS - `cargo check --workspace` — all 7 sibling crates PASS - `cargo test -p solid-pod-rs --lib` — 236 tests PASS Refs: ADR-076, ADR-078, PRD-004, phase-4-chain-charter-2026-05-07. Co-Authored-By: claude-flow <ruv@ruv.net>
The dev-dependency on `solid-pod-rs-server` was version-pinned to the same workspace version, creating a publish cycle: cargo couldn't resolve the dev-dep against crates.io because the parent crate hadn't yet published its 0.4.0-alpha.3 release. Path-only dev-deps are supported: cargo strips dev-dependencies from the published metadata, so omitting the version pin is the canonical workaround. `cargo publish --dry-run -p solid-pod-rs` now PASS. Co-Authored-By: claude-flow <ruv@ruv.net>
…o-runtime` (0.4.0-alpha.4) Phase 4 Stage 1 follow-up. Publishing 0.4.0-alpha.3 to crates.io exposed a gating bug: `pub mod notifications;` was gated behind `tokio-runtime`, but the module unconditionally references `reqwest::Response`. Sibling crates that activate `default-features = false, features = ["tokio-runtime"]` without `notifications` (didkey, activitypub, git) failed to compile during the publish-verify step because reqwest wasn't pulled into the dep graph. Fix: gate notifications module on `notifications` feature (which already implies `tokio-runtime + dep:reqwest`). Bump to 0.4.0-alpha.4 and re-publish; alpha.3 stays as a broken intermediate. Validation: - cargo check --no-default-features --features core — PASS - cargo check --no-default-features --features tokio-runtime — PASS (was failing) - cargo check --no-default-features --features notifications — PASS - cargo check --workspace — all 7 crates PASS - cargo test --lib — 236 tests PASS Co-Authored-By: claude-flow <ruv@ruv.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
notificationsmodule onnotificationsfeature (nottokio-runtime)Test plan
🤖 Generated with claude-flow