Skip to content

v0.3.0 — Scope-down tickets, owner-only secrets, adopted site docs

Choose a tag to compare

@github-actions github-actions released this 19 Jul 00:50
4cdab00

The custody release: tickets gain a second capability tier without a second paste, secret files become owner-only on disk, and the docs-site pages for the /node section now live in this repository so they version with the node.

Features

  • Scope-down ticket exchange (#4): POST /t/<secret>/derive-sync-ticket lets a provision-scoped ticket mint a complete, parent-linked sync ticket. Revoking the parent revokes everything derived from it — live derived sockets close with 4001 — and ticket list shows lineage revocation. Sync-scoped and unknown secrets get the standard non-enumerable 401; tickets.json stays v1 (additive parentId). This is what lets a lofi app persist transport-only credential material and custody the provision original behind the user's passkey.

Security

  • Owner-only secret files (#3): config.json (holding the backend and admin secrets) is written 0600 inside a 0700 data directory, and installs created before modes were set are healed on every load — config.json, iroh.key, and the directory alike. POSIX only; mode assertions in tests, skipped on Windows.

Documentation

  • The 13 site-voice pages for lofi.host's /node section are adopted under docs/site/, gated by this repo's CI and consumed by the lofi site at a pinned checkout (#6)
  • Ticket custody is stated as the app actually ships it — sealed at rest, provision capability passkey-gated, password manager as the durable copy (#5, #8)
  • Browser convergence is recorded as validated against lofi-node, with the benign boot-time warning named (#7)
  • Operator hardening: proxy-log redaction with concrete Caddy and nginx configs, the secret-in-URL rationale, and app-shell weight/precompression guidance (#8)

Full Changelog: v0.2.1...v0.3.0