release(v4.4.0): public accessor for device identity public key

Expose the local device's 32-byte Ed25519 identity public key on Shade
so apps can hand it to their own backend at enrollment time for
signature verification, key pinning or per-device safety-number
computation. Closes the gap that forced consumers to ship placeholder
random bytes their backend could store but never verify against.

- @shade/sdk Shade.identityPublicKey: Promise<Uint8Array> — getter
  mirrors the existing fingerprint accessor. Throws pre-init,
  reflects the current key after rotate(), retired key preserved in
  retired-identities storage per existing grace-period contract.
  Private key remains unreachable.
- Test in shade-sdk/tests/sdk.test.ts: round-trip match against the
  underlying storage's signingPublicKey, plus value updates after
  rotate().
- Lockstep version bump 4.3.0 → 4.4.0 across all 25 packages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

This commit is contained in:

Sterister

2026-05-05 17:58:45 +02:00

parent f5f42fe557

commit dbb3a090d8

29 changed files with 268 additions and 26 deletions

									
										2

packages/shade-observability/package.json
									
												View File
												
				@@ -1,6 +1,6 @@

				{

				  "name": "@shade/observability",

				  "version": "4.3.0",

				  "version": "4.4.0",

				  "type": "module",

				  "main": "src/index.ts",

				  "types": "src/index.ts",

release(v4.4.0): public accessor for device identity public key

2 packages/shade-observability/package.json Unescape Escape View File

2

packages/shade-observability/package.json

View File