feat: add parseRecapFromSiwe WASM export for capability chain delegation#47
Merged
Conversation
Introduces a new `#[wasm_bindgen]` export `parseRecapFromSiwe(siweString)`
that decodes the recap capabilities embedded in a signed SIWE message and
returns them as an array of `{ service, space, path, actions }` entries.
This is the inverse of what `SessionConfig::into_message` produces when it
builds a session recap, and it is the primitive the JS SDK needs to decide
whether a requested delegation is a strict subset of the current session's
granted capabilities. When the subset check succeeds, the SDK can issue the
delegation via the existing `createDelegation` WASM path (session-key Ed25519
signature, no wallet prompt). When it does not, the SDK raises a permission
escalation flow.
Behavior:
- Recap-less SIWE returns an empty array (not an error); plain auth SIWE
messages are valid inputs.
- Malformed SIWE, tampered recap statements, and unparseable resource URIs
all propagate as errors instead of being silently swallowed.
- Actions are returned in deterministic sorted order (BTreeMap iteration).
- Multi-space sessions (primary + additional public companion) produce one
entry per (space, service, path) triple.
Includes three Rust unit tests:
- roundtrip over a multi-service (kv/sql/capabilities) SIWE
- empty-vec behavior on a recap-less plain auth SIWE
- multi-space session yielding distinct entries per space
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new
#[wasm_bindgen]exportparseRecapFromSiwe(siweString)that decodes the recap capabilities embedded in a signed SIWE message and returns them as an array of{ service, space, path, actions }entries.This is the inverse of what
SessionConfig::into_messagedoes today when it builds a session recap, and it is the primitive the JS SDK needs to decide whether a requested delegation is a strict subset of the current session's granted capabilities. When the subset check succeeds, the SDK can issue the delegation via the existingcreateDelegationWASM path (session-key Ed25519 signature, no wallet prompt). When it fails, the SDK will raise a permission escalation flow.This is Phase 1 of the capability-chain-delegation feature tracked in the js-sdk and listen repos.
Behavior
publiccompanion) produce one entry per (space, service, path) triple.service,space,path,actions) are wire-aligned with the TS SDK's manifestPermissionEntryshape.Implementation notes
tinycloud-sdk-wasm/src/session.rsnext tocreate_delegation, re-exported vialib.rsalongsidecreateDelegation.Capability::<serde_json::Value>::extract_and_verifyfromsiwe-recap, which returnsOk(None)on plain SIWE andErr(...)on tampered statements — we preserve both signals cleanly.ResourceIdso we can pullspace(),service(),path()without brittle string-splitting.Test plan
cargo check -p tinycloud-sdk-wasmpasses clean.cargo test -p tinycloud-sdk-wasm --libpasses, including three new tests:parse_recap_roundtrip— builds a multi-service (kv / sql / capabilities) SIWE and verifies every(service, space, path, actions)tuple roundtrips.parse_recap_empty_on_plain_siwe— recap-less SIWE returns an emptyVec, not an error.parse_recap_with_additional_spaces— primary +publiccompanion yields one entry per space.@tinycloud/sdk-rsrev bump) will consume this export in Phase 2.