Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release(v4.0.0): Shade GA — V3.x consolidation + audit prep
Some checks failed
Test / test (push) Has been cancelled
Details
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Details
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Details
Docker build and publish / docker (push) Has been cancelled
Details
Publish / publish (push) Has been cancelled
Details

Browse Source 
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire
format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers
byte-for-byte. The version bump is semantic: audit-cycle complete,
opt-in surface fully exposed, threat model refreshed for every new
surface.

Highlights:
- All 24 @shade/* packages bumped to 4.0.0 in lockstep.
- CHANGELOG 4.0.0 section is the canonical manifest of what landed.
- THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12
  Web-Worker boundary) + residual-risks table refreshed.
- OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox,
  bridge, observer, /metrics, /healthz, /ready.
- MIGRATION 0.3.x → 4.0 documented + smoke-tested against
  shade migrate-storage on a real SQLite DB.
- docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer.
- scripts/soak.ts harness for the GA-stable 2-week soak window.
- All V*.md plans archived under docs/archive/ with Status: Done.
- Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen
  non-realtime stack.

Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green.
Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports
  version 4.0.0 on /health.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sterister
2026-05-03 18:35:35 +02:00
parent 8b055912b7
commit e6fdf31b49
298 changed files with 37909 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/shade-storage-sqlite/package.json
View File

@@ -1,12 +1,13 @@
{
"name": "@shade/storage-sqlite",
"version": "0.3.0",
"version": "4.0.0",
"type": "module",
"main": "src/index.ts",
"types": "src/index.ts",
"dependencies": {
"@shade/core": "workspace:*",
"@shade/crypto-web": "workspace:*",
"@shade/inbox-server": "workspace:*",
"@shade/server": "workspace:*"
}
}

1
packages/shade-storage-sqlite/src/index.ts
View File

@@ -1,2 +1,3 @@
export { SQLiteStorage } from './sqlite-storage.js';
export { SqlitePrekeyStore } from './sqlite-prekey-store.js';
export { SqliteInboxStore } from './sqlite-inbox-store.js';

188
packages/shade-storage-sqlite/src/sqlite-inbox-store.ts Normal file
View File

@@ -0,0 +1,188 @@
import { Database } from 'bun:sqlite';
import type { InboxStore } from '@shade/inbox-server';
import { toBase64, fromBase64 } from '@shade/core';
/**
* SQLite-backed InboxStore for the Shade Inbox Server (V3.6).
*
* Stores ciphertext blobs keyed by (address, msgId) with an
* (address, expires_at) index so prune scans don't need a full table walk.
*
* Docker usage:
* Volume mount /data, set SHADE_INBOX_DB_PATH=/data/shade-inbox.db
*/
export class SqliteInboxStore implements InboxStore {
private db: Database;
private stmts!: {
saveOwner: ReturnType<Database['prepare']>;
getOwner: ReturnType<Database['prepare']>;
deleteOwner: ReturnType<Database['prepare']>;
deleteOwnerBlobs: ReturnType<Database['prepare']>;
insertBlob: ReturnType<Database['prepare']>;
findBlob: ReturnType<Database['prepare']>;
fetchSince: ReturnType<Database['prepare']>;
deleteBlob: ReturnType<Database['prepare']>;
countBlobs: ReturnType<Database['prepare']>;
purgeExpired: ReturnType<Database['prepare']>;
nextSeq: ReturnType<Database['prepare']>;
};
// Monotonic in-process sequence for receivedAt — guarantees a strict
// ordering even when many writes land in the same millisecond.
private seq = 0;
constructor(dbPath?: string) {
const path = dbPath ?? process.env.SHADE_INBOX_DB_PATH ?? '/data/shade-inbox.db';
this.db = new Database(path, { create: true });
this.db.exec('PRAGMA journal_mode=WAL');
this.ensureTables();
this.prepareStatements();
this.bootstrapSeq();
}
private ensureTables() {
this.db.exec(`
CREATE TABLE IF NOT EXISTS inbox_owners (
address TEXT PRIMARY KEY,
signing_key TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS inbox_blobs (
address TEXT NOT NULL,
msg_id TEXT NOT NULL,
ciphertext TEXT NOT NULL,
received_at INTEGER NOT NULL,
expires_at INTEGER NOT NULL,
PRIMARY KEY (address, msg_id)
);
CREATE INDEX IF NOT EXISTS idx_inbox_addr_expires
ON inbox_blobs(address, expires_at);
CREATE INDEX IF NOT EXISTS idx_inbox_addr_received
ON inbox_blobs(address, received_at);
CREATE INDEX IF NOT EXISTS idx_inbox_expires
ON inbox_blobs(expires_at);
`);
}
private prepareStatements() {
this.stmts = {
saveOwner: this.db.prepare(
'INSERT OR REPLACE INTO inbox_owners (address, signing_key) VALUES (?, ?)',
),
getOwner: this.db.prepare('SELECT signing_key FROM inbox_owners WHERE address = ?'),
deleteOwner: this.db.prepare('DELETE FROM inbox_owners WHERE address = ?'),
deleteOwnerBlobs: this.db.prepare('DELETE FROM inbox_blobs WHERE address = ?'),
insertBlob: this.db.prepare(
'INSERT INTO inbox_blobs (address, msg_id, ciphertext, received_at, expires_at) VALUES (?, ?, ?, ?, ?)',
),
findBlob: this.db.prepare(
'SELECT received_at FROM inbox_blobs WHERE address = ? AND msg_id = ?',
),
fetchSince: this.db.prepare(
`SELECT msg_id, ciphertext, received_at, expires_at
FROM inbox_blobs
WHERE address = ? AND received_at > ? AND expires_at > ?
ORDER BY received_at ASC
LIMIT ?`,
),
deleteBlob: this.db.prepare(
'DELETE FROM inbox_blobs WHERE address = ? AND msg_id = ?',
),
countBlobs: this.db.prepare(
'SELECT COUNT(*) AS count FROM inbox_blobs WHERE address = ? AND expires_at > ?',
),
purgeExpired: this.db.prepare(
'DELETE FROM inbox_blobs WHERE expires_at <= ?',
),
nextSeq: this.db.prepare(
'SELECT MAX(received_at) AS max FROM inbox_blobs',
),
};
}
private bootstrapSeq() {
const row = this.stmts.nextSeq.get() as { max: number | null };
this.seq = Math.max(row?.max ?? 0, Date.now());
}
close() {
this.db.close();
}
async saveAddressOwner(address: string, signingKey: Uint8Array): Promise<void> {
this.stmts.saveOwner.run(address, toBase64(signingKey));
}
async getAddressOwner(address: string): Promise<Uint8Array | null> {
const row = this.stmts.getOwner.get(address) as { signing_key: string } | undefined;
if (!row) return null;
return fromBase64(row.signing_key);
}
async putBlob(args: {
address: string;
msgId: string;
ciphertext: Uint8Array;
expiresAt: number;
}): Promise<{ created: boolean; receivedAt: number }> {
const existing = this.stmts.findBlob.get(args.address, args.msgId) as
| { received_at: number }
| undefined;
if (existing) {
return { created: false, receivedAt: existing.received_at };
}
this.seq = Math.max(this.seq + 1, Date.now());
const receivedAt = this.seq;
this.stmts.insertBlob.run(
args.address,
args.msgId,
toBase64(args.ciphertext),
receivedAt,
args.expiresAt,
);
return { created: true, receivedAt };
}
async fetchBlobs(args: {
address: string;
sinceCursor: number;
now: number;
limit: number;
}): Promise<Array<{ msgId: string; ciphertext: Uint8Array; receivedAt: number; expiresAt: number }>> {
const rows = this.stmts.fetchSince.all(
args.address,
args.sinceCursor,
args.now,
args.limit,
) as Array<{ msg_id: string; ciphertext: string; received_at: number; expires_at: number }>;
return rows.map((r) => ({
msgId: r.msg_id,
ciphertext: fromBase64(r.ciphertext),
receivedAt: r.received_at,
expiresAt: r.expires_at,
}));
}
async deleteBlob(address: string, msgId: string): Promise<boolean> {
const result = this.stmts.deleteBlob.run(address, msgId);
return result.changes > 0;
}
async countBlobs(address: string, now: number): Promise<number> {
const row = this.stmts.countBlobs.get(address, now) as { count: number };
return row.count;
}
async purgeExpired(now: number): Promise<number> {
const result = this.stmts.purgeExpired.run(now);
return result.changes;
}
async deleteAddress(address: string): Promise<void> {
const tx = this.db.transaction(() => {
this.stmts.deleteOwner.run(address);
this.stmts.deleteOwnerBlobs.run(address);
});
tx();
}
}

74
packages/shade-storage-sqlite/src/sqlite-storage.ts
View File

@@ -1,5 +1,5 @@
import { Database } from 'bun:sqlite';
import type { StorageProvider, IdentityKeyPair, SignedPreKey, OneTimePreKey, SessionState, RetiredIdentity, PersistedStreamState } from '@shade/core';
import type { StorageProvider, IdentityKeyPair, SignedPreKey, OneTimePreKey, SessionState, RetiredIdentity, PersistedStreamState, PeerVerification, PeerVerificationSource } from '@shade/core';
import {
toBase64, fromBase64,
constantTimeEqual,
@@ -48,6 +48,11 @@ export class SQLiteStorage implements StorageProvider {
listActiveStreamStates: ReturnType<Database['prepare']>;
listActiveStreamStatesByDirection: ReturnType<Database['prepare']>;
pruneStreamStates: ReturnType<Database['prepare']>;
savePeerVerification: ReturnType<Database['prepare']>;
getPeerVerification: ReturnType<Database['prepare']>;
removePeerVerification: ReturnType<Database['prepare']>;
getPeerIdentityVersion: ReturnType<Database['prepare']>;
upsertPeerIdentityVersion: ReturnType<Database['prepare']>;
};
constructor(dbPath?: string) {
@@ -111,6 +116,17 @@ export class SQLiteStorage implements StorageProvider {
CREATE INDEX IF NOT EXISTS idx_stream_state_peer ON stream_state(peer_address);
CREATE INDEX IF NOT EXISTS idx_stream_state_updated ON stream_state(updated_at);
CREATE INDEX IF NOT EXISTS idx_stream_state_status ON stream_state(status, direction);
CREATE TABLE IF NOT EXISTS peer_verifications (
peer_address TEXT PRIMARY KEY,
fingerprint TEXT NOT NULL,
verified_at INTEGER NOT NULL,
verified_by TEXT NOT NULL,
identity_version INTEGER NOT NULL
);
CREATE TABLE IF NOT EXISTS peer_identity_versions (
peer_address TEXT PRIMARY KEY,
version INTEGER NOT NULL
);
`);
}
@@ -153,6 +169,20 @@ export class SQLiteStorage implements StorageProvider {
pruneStreamStates: this.db.prepare(
"DELETE FROM stream_state WHERE status IN ('finished', 'aborted') AND updated_at < ?",
),
savePeerVerification: this.db.prepare(
`INSERT OR REPLACE INTO peer_verifications
(peer_address, fingerprint, verified_at, verified_by, identity_version)
VALUES (?, ?, ?, ?, ?)`,
),
getPeerVerification: this.db.prepare(
'SELECT peer_address, fingerprint, verified_at, verified_by, identity_version FROM peer_verifications WHERE peer_address = ?',
),
removePeerVerification: this.db.prepare('DELETE FROM peer_verifications WHERE peer_address = ?'),
getPeerIdentityVersion: this.db.prepare('SELECT version FROM peer_identity_versions WHERE peer_address = ?'),
upsertPeerIdentityVersion: this.db.prepare(
`INSERT INTO peer_identity_versions (peer_address, version) VALUES (?, ?)
ON CONFLICT(peer_address) DO UPDATE SET version = excluded.version`,
),
};
}
@@ -320,6 +350,48 @@ export class SQLiteStorage implements StorageProvider {
async pruneStreamStates(olderThan: number): Promise<void> {
this.stmts.pruneStreamStates.run(olderThan);
}
// ─── Peer verifications (V3.3) ────────────────────────────
async savePeerVerification(v: PeerVerification): Promise<void> {
this.stmts.savePeerVerification.run(
v.peerAddress,
v.fingerprint,
v.verifiedAt,
v.verifiedBy,
v.identityVersion,
);
}
async getPeerVerification(address: string): Promise<PeerVerification | null> {
const row = this.stmts.getPeerVerification.get(address) as
| { peer_address: string; fingerprint: string; verified_at: number | bigint; verified_by: string; identity_version: number | bigint }
| undefined;
if (!row) return null;
return {
peerAddress: row.peer_address,
fingerprint: row.fingerprint,
verifiedAt: Number(row.verified_at),
verifiedBy: row.verified_by as PeerVerificationSource,
identityVersion: Number(row.identity_version),
};
}
async removePeerVerification(address: string): Promise<void> {
this.stmts.removePeerVerification.run(address);
}
async getPeerIdentityVersion(address: string): Promise<number> {
const row = this.stmts.getPeerIdentityVersion.get(address) as { version: number | bigint } | undefined;
return row ? Number(row.version) : 1;
}
async bumpPeerIdentityVersion(address: string): Promise<number> {
const current = await this.getPeerIdentityVersion(address);
const next = current + 1;
this.stmts.upsertPeerIdentityVersion.run(address, next);
return next;
}
}
function rowToStreamState(row: any): PersistedStreamState {

88
packages/shade-storage-sqlite/tests/peer-verifications.test.ts Normal file
View File

@@ -0,0 +1,88 @@
import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
import { unlinkSync, existsSync } from 'node:fs';
import { tmpdir } from 'node:os';
import { join } from 'node:path';
import { SQLiteStorage } from '../src/index.js';
describe('SQLiteStorage — peer_verifications (V3.3)', () => {
let path: string;
let storage: SQLiteStorage;
beforeEach(() => {
path = join(tmpdir(), `shade-test-${Date.now()}-${Math.random().toString(36).slice(2)}.db`);
storage = new SQLiteStorage(path);
});
afterEach(() => {
storage.close();
if (existsSync(path)) unlinkSync(path);
});
test('round trip: save → get → remove', async () => {
await storage.savePeerVerification({
peerAddress: 'bob',
fingerprint: '12345 67890 12345 67890 12345 67890 12345 67890 12345 67890 12345 67890',
verifiedAt: 1_700_000_000_000,
verifiedBy: 'user',
identityVersion: 1,
});
const v = await storage.getPeerVerification('bob');
expect(v).not.toBeNull();
expect(v!.peerAddress).toBe('bob');
expect(v!.verifiedBy).toBe('user');
expect(v!.identityVersion).toBe(1);
await storage.removePeerVerification('bob');
expect(await storage.getPeerVerification('bob')).toBeNull();
});
test('upsert overwrites on duplicate peer_address', async () => {
await storage.savePeerVerification({
peerAddress: 'bob',
fingerprint: 'fp-1',
verifiedAt: 1,
verifiedBy: 'user',
identityVersion: 1,
});
await storage.savePeerVerification({
peerAddress: 'bob',
fingerprint: 'fp-2',
verifiedAt: 2,
verifiedBy: 'transitive',
identityVersion: 2,
});
const v = await storage.getPeerVerification('bob');
expect(v!.fingerprint).toBe('fp-2');
expect(v!.verifiedBy).toBe('transitive');
expect(v!.identityVersion).toBe(2);
});
test('identity-version starts at 1 and increments via bump', async () => {
expect(await storage.getPeerIdentityVersion('alice')).toBe(1);
expect(await storage.bumpPeerIdentityVersion('alice')).toBe(2);
expect(await storage.bumpPeerIdentityVersion('alice')).toBe(3);
expect(await storage.getPeerIdentityVersion('alice')).toBe(3);
// Independent counter per peer
expect(await storage.getPeerIdentityVersion('bob')).toBe(1);
});
test('survives reopen', async () => {
await storage.savePeerVerification({
peerAddress: 'bob',
fingerprint: 'fp',
verifiedAt: 42,
verifiedBy: 'user',
identityVersion: 5,
});
await storage.bumpPeerIdentityVersion('bob');
storage.close();
storage = new SQLiteStorage(path);
const v = await storage.getPeerVerification('bob');
expect(v!.fingerprint).toBe('fp');
expect(v!.identityVersion).toBe(5);
expect(await storage.getPeerIdentityVersion('bob')).toBe(2);
});
});

197
packages/shade-storage-sqlite/tests/sqlite-inbox-store.test.ts Normal file
View File

@@ -0,0 +1,197 @@
import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
import { tmpdir } from 'os';
import { join } from 'path';
import { unlinkSync } from 'fs';
import { SqliteInboxStore } from '../src/sqlite-inbox-store.js';
function randBytes(n: number): Uint8Array {
const buf = new Uint8Array(n);
globalThis.crypto.getRandomValues(buf);
return buf;
}
function tempDbPath(): string {
return join(
tmpdir(),
`shade-inbox-test-${Date.now()}-${Math.random().toString(36).slice(2)}.db`,
);
}
describe('SqliteInboxStore', () => {
let dbPath: string;
let store: SqliteInboxStore;
beforeEach(() => {
dbPath = tempDbPath();
store = new SqliteInboxStore(dbPath);
});
afterEach(() => {
store.close();
try {
unlinkSync(dbPath);
} catch {}
try {
unlinkSync(dbPath + '-wal');
} catch {}
try {
unlinkSync(dbPath + '-shm');
} catch {}
});
test('owner save + get', async () => {
const key = randBytes(32);
await store.saveAddressOwner('bob', key);
const got = await store.getAddressOwner('bob');
expect(got).not.toBeNull();
expect(got!).toEqual(key);
});
test('putBlob is idempotent on (address, msgId)', async () => {
const ct = randBytes(64);
const a = await store.putBlob({
address: 'bob',
msgId: 'a'.repeat(64),
ciphertext: ct,
expiresAt: Date.now() + 60_000,
});
expect(a.created).toBe(true);
const b = await store.putBlob({
address: 'bob',
msgId: 'a'.repeat(64),
ciphertext: ct,
expiresAt: Date.now() + 60_000,
});
expect(b.created).toBe(false);
expect(b.receivedAt).toBe(a.receivedAt);
});
test('fetchBlobs respects sinceCursor and expires_at', async () => {
const now = Date.now();
await store.putBlob({
address: 'bob',
msgId: '1'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now + 60_000,
});
await store.putBlob({
address: 'bob',
msgId: '2'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now - 1000, // already expired
});
await store.putBlob({
address: 'bob',
msgId: '3'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now + 60_000,
});
const all = await store.fetchBlobs({
address: 'bob',
sinceCursor: 0,
now,
limit: 100,
});
// Expired one filtered out.
expect(all.length).toBe(2);
expect(all.map((r) => r.msgId).sort()).toEqual(['1'.repeat(64), '3'.repeat(64)]);
// Cursor advances strictly.
const half = await store.fetchBlobs({
address: 'bob',
sinceCursor: all[0]!.receivedAt,
now,
limit: 100,
});
expect(half.length).toBe(1);
expect(half[0]!.msgId).toBe(all[1]!.msgId);
});
test('purgeExpired removes only expired rows', async () => {
const now = Date.now();
await store.putBlob({
address: 'bob',
msgId: '1'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now - 1,
});
await store.putBlob({
address: 'bob',
msgId: '2'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now + 60_000,
});
const removed = await store.purgeExpired(now);
expect(removed).toBe(1);
const remaining = await store.fetchBlobs({
address: 'bob',
sinceCursor: 0,
now,
limit: 10,
});
expect(remaining.length).toBe(1);
expect(remaining[0]!.msgId).toBe('2'.repeat(64));
});
test('persists across reopen', async () => {
const key = randBytes(32);
await store.saveAddressOwner('bob', key);
const ct = randBytes(64);
await store.putBlob({
address: 'bob',
msgId: '5'.repeat(64),
ciphertext: ct,
expiresAt: Date.now() + 60_000,
});
store.close();
store = new SqliteInboxStore(dbPath);
const got = await store.getAddressOwner('bob');
expect(got).toEqual(key);
const blobs = await store.fetchBlobs({
address: 'bob',
sinceCursor: 0,
now: Date.now(),
limit: 10,
});
expect(blobs.length).toBe(1);
expect(blobs[0]!.ciphertext).toEqual(ct);
});
test('deleteAddress drops owner + blobs', async () => {
const key = randBytes(32);
await store.saveAddressOwner('bob', key);
await store.putBlob({
address: 'bob',
msgId: '7'.repeat(64),
ciphertext: randBytes(8),
expiresAt: Date.now() + 60_000,
});
await store.deleteAddress('bob');
expect(await store.getAddressOwner('bob')).toBeNull();
const blobs = await store.fetchBlobs({
address: 'bob',
sinceCursor: 0,
now: Date.now(),
limit: 10,
});
expect(blobs.length).toBe(0);
});
test('countBlobs ignores expired entries', async () => {
const now = Date.now();
await store.putBlob({
address: 'bob',
msgId: '1'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now - 1,
});
await store.putBlob({
address: 'bob',
msgId: '2'.repeat(64),
ciphertext: randBytes(8),
expiresAt: now + 60_000,
});
expect(await store.countBlobs('bob', now)).toBe(1);
});
});