Skip to content

Generalize src/orb/broker.ts into a multi-secret-type broker shared by ORB + AMS hosted #7174

Description

@JSONbored

Problem

src/orb/broker.ts already solves "prove installation ownership, then mint/cache a short-lived secret" — but it's GitHub-token-specific as written: orb_enrollments has no secret_type/kind column, brokerOrbToken's return shape is hardcoded to GitHub's { token, expiresAt, permissions }, and the mint call is GitHub's installation-token endpoint specifically (confirmed by direct code read). Hosted ORB and AMS both need to broker more than GitHub tokens — AI-provider keys at minimum, DB credentials once #7173's storage migration lands.

Area

src/orb/broker.ts, src/orb/oauth.ts, migrations/ (new column on orb_enrollments or a new table).

Proposal

Add a secret_type discriminator and a pluggable per-type mint/refresh strategy, keeping the parts that are already generic unchanged: the admin-ownership proof (verifyInstallationAdmin), the opaque-secret issuance + hash-storage pattern (createOpaqueToken/hashToken), and the AES-256-GCM cache encryption (encryptSecret/decryptSecret) all carry over as-is. Only the mint/refresh call and the returned shape need to become type-aware.

Deliverables

  • secret_type column on orb_enrollments (or equivalent), migration included
  • A mint/refresh strategy interface, GitHub-token as the first (already-working) implementation
  • An AI-provider-key strategy implementation
  • Existing GitHub-token brokering behavior unchanged — this is additive, not a rewrite

Boundaries

Links & Resources

Metadata

Metadata

Assignees

Labels

maintainer-onlyOwner-only work — yields no Gittensor points.

Projects

Status
Done

Relationships

None yet

Development

No branches or pull requests

Issue actions