refactor: make walletkit-db a generic encrypted sqlite crate#396
Closed
danielle-tfh wants to merge 2 commits into
Closed
refactor: make walletkit-db a generic encrypted sqlite crate#396danielle-tfh wants to merge 2 commits into
danielle-tfh wants to merge 2 commits into
Conversation
This was referenced May 5, 2026
danielle-tfh
changed the title
danielle-tfh
changed the title
danielle-tfh
force-pushed
the
extract-walletkit-secure-store
branch
from
d9a2908 to
34cf1a0
Compare
- README: rewrite walletkit-db blurb to generic-only; drop dangling sub-crate README pointer. - walletkit-db: re-export public types at crate root (Connection, Transaction, Statement, Row, StepResult, Value, cipher) and alias Error/Result back to DbError/DbResult for back-compat and to remove per-call-site aliasing in consumers. - vault: revert compute_content_id signature back to BlobKind (was weakened to u8 for no boundary reason); restore BlobKind::as_i64() and simplify the i64 cast call sites. - credential_storage: drop dead Ok(self.lock.lock()?) wrap. - vault: move BACKUP_TABLES into vault/schema.rs next to the schema it mirrors; revert blob_objects/credential_records ordering churn. - keys: relocate the 'Key structure' architecture doc block that was deleted from traits.rs in this refactor. - walletkit-db tests: add round-trip and non-empty-destination rejection coverage for cipher::export/import_plaintext_copy with a generic table. - docs: fix private intra-doc link to ffi module. Verified: cargo fmt, cargo clippy (all/default/no-default features), cargo test --workspace --lib (--features legacy-nullifiers,v3), cargo build --no-default-features, cargo deny (bans/licenses/sources), cargo doc --all-features (RUSTDOCFLAGS=-Dwarnings) all pass.
Contributor
Author
danielle-tfh
added a commit
that referenced
this pull request
May 13, 2026
1. error.rs: restore 1-1 From<walletkit_db::StoreError> variant mapping. The previous Self::VaultDb(err.to_string()) collapse erased variant identity that hosts depend on for UX (Crypto vs InvalidEnvelope vs Keystore vs CorruptedVault, etc.). keys.rs tests restored to match specific variants.
2. blobs::get(conn, cid: &[u8]): lax input — accept any byte slice so callers reading content_id out of another table column (Vec<u8> from column_blob) don't need copy_from_slice into a [u8; 32].
3. tests.rs: new test_key_envelope_cbor_bytes_frozen asserting the canonical KeyEnvelope serializes to a hard-coded hex string. Round-trip alone misses field-order or type drift; this catches it.
4. lib.rs: drop KeyEnvelope from public re-exports — fields are pub(crate), so external consumers couldn't read them anyway; only init_or_open_envelope_key is the surface.
5. blobs::delete(conn, cid: &[u8]): orphan-blob GC. Consumers handling status transitions (status: Enrolled → Unverified, etc.) call this instead of writing raw SQL.
6. README.md: walletkit-db description matches Cargo.toml ("Encrypted on-device storage primitives ...") — old wording was stale from the pre-refactor PR #396 framing.
7. vault/mod.rs: drop the redundant let conn = &self.conn aliasing introduced during the refactor.
8. traits.rs: tighten the doc note about consumer adapters — orphan rule blocks a blanket impl across crates, so consumers need a small newtype.
Verified: cargo fmt, cargo clippy -D warnings (all/default/no-default-features), cargo test --workspace --lib --features walletkit-core/legacy-nullifiers --features walletkit-core/v3 (123 + 19 = 142 tests), cargo doc -Dwarnings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
OrbKit's planned
OrbPcpStoreneeds a reusable encrypted SQLite crate rather than a credential-store-specific storage stack. Reference: OrbKit Outline.What changed
walletkit-dbis narrowed to one responsibility: a generic encrypted SQLite (sqlite3mc) wrapper.walletkit_db::sqlite.The credential-store-specific storage policy stays in
walletkit-core:Host-facing FFI does not change.
Why this shape
The shared layer for OrbKit is the encrypted database machinery, not the higher-level storage lifecycle.
This keeps the boundary simple:
walletkit-dbowns database mechanicsOn-disk format
No intended credential-storage format change in this refactor. Existing envelope, content-id, vault schema, and backup behavior stay the same.
Verification
cargo fmtcargo test -p walletkit-dbcargo check -p walletkit-core --libcargo test -p walletkit-core storage:: --lib --features embed-zkeys