Content-key re-wrap for account devices (0243 Phase 2, P2.3)#331
Merged
Conversation
…0243 P2.3) Complete P2.3: a new optional expandDeviceRecipients dependency on computeRecipients expands each DID recipient to every active device of its account (built from ledger records via deviceRecipientExpander). Admitting a device makes it a recipient on the next recompute; revoking removes it from future re-wraps; an identity in no account expands to only itself, so an unrelated DID never reaches another account's data. Omitting the dependency leaves recipients unchanged (additive, no regression). 8 new tests (4 expander + 4 computeRecipients integration); full @xnetjs/data suite (1729) green. Checks P2.3 + the admit/revoke and unrelated-DID validation items. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: xNet Test <test@xnet.dev>
Contributor
|
Preview removed for PR #331. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Completes P2.3 of exploration 0243 — the content-key re-wrap that lets a user's data follow their devices, on top of the ledger schemas (#328) and operations (#329).
What this adds
computeRecipientsgains an optionalexpandDeviceRecipientsdependency: each DID recipient expands to every currently active device of the account it belongs to (built from ledger records via the newdeviceRecipientExpander). So:DeviceRecord) → it becomes a recipient on the next recompute → it can decrypt the account's data.RevocationRecord) → it's dropped from future re-wraps.8 new tests (4 pure expander + 4
computeRecipientsintegration covering admit/revoke/no-leak/no-op); the full@xnetjs/datasuite (1729 tests) stays green.Status
This checks P2.3 plus the "admit grants / revoke removes" and "unrelated DID can't decrypt" validation items. The doc is now 11/13 implementation, 7/9 validation. Remaining are the two deliberately-deferred items: P1.4 (synced-passkey surfacing — convenience) and P3.1 (opt-in WorkOS-gated KMS escrow — optional, privacy tradeoff).
Changeset:
@xnetjs/dataminor. No user-visible behavior wired yet →skip-changelog.🤖 Generated with Claude Code