Skip to content

v0.2.0-pre.11

Pre-release
Pre-release

Choose a tag to compare

View all tags
@vLannaAi vLannaAi released this 07 Jun 22:24
v0.2.0-pre.11
6231632
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security fix.

openVault no longer self-provisions into another principal's vault (#313)

Opening a vault you hold no grant to that is already held by other principals now fails closed with NoAccessError and writes nothing — previously it silently minted a fresh owner keyring (new DEKs) into that vault and read zero records. Genuinely-new vaults (no _keyring/*) still open-or-create as before. New opt-in openVault({ create: false }) / queryAcross({ create: false }) forces strict open-existing. The gate runs before managed-passphrase secret resolution, so managed (KMS-sealed) mode also writes nothing on the fail-closed path.

Install: pnpm add @noy-db/hub@next

Assets 2
Loading