Shade

Stian/Shade

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sterister	dbb3a090d8	release(v4.4.0): public accessor for device identity public key Expose the local device's 32-byte Ed25519 identity public key on Shade so apps can hand it to their own backend at enrollment time for signature verification, key pinning or per-device safety-number computation. Closes the gap that forced consumers to ship placeholder random bytes their backend could store but never verify against. - @shade/sdk Shade.identityPublicKey: Promise<Uint8Array> — getter mirrors the existing fingerprint accessor. Throws pre-init, reflects the current key after rotate(), retired key preserved in retired-identities storage per existing grace-period contract. Private key remains unreachable. - Test in shade-sdk/tests/sdk.test.ts: round-trip match against the underlying storage's signingPublicKey, plus value updates after rotate(). - Lockstep version bump 4.3.0 → 4.4.0 across all 25 packages. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 17:58:45 +02:00
Sterister	c95824f95f	feat(sdk): M-Magic 1-4 — high-level SDK with magic drop-in Phase A complete: createShade() one-liner with auto-establish, auto-publish, and auto-replenish. M-Magic 1-4 rolled into @shade/sdk: - createShade() factory with config validation and storage resolution (memory \| sqlite:... \| { type: 'postgres', url: ... } \| explicit instance) - Shade class wraps crypto + storage + session manager + transport - Auto-publish: initialize() automatically registers with the prekey server - Auto-establish: send() transparently fetches bundles and creates sessions on first message to a new peer - Per-address mutex serializes concurrent sends to prevent ratchet corruption - BackgroundTasks class for periodic replenishment + opt-in identity rotation - rotate() rebuilds the transport with the new signing key so subsequent signed operations work after rotation - onMessage() handler API for incoming plaintext API: const shade = await createShade({ prekeyServer, storage }); await shade.send('bob', 'hello'); await shade.receive('alice', envelope); shade.onMessage((from, msg) => ...); await shade.rotate(); await shade.shutdown(); 13 new SDK tests covering: happy path, auto-publish, two-process conversation, onMessage handlers, concurrent sends, unknown peer, fingerprint verification, shutdown, manual replenish, auto-replenish off, rotate, and config validation. 233 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 00:27:59 +02:00

Author

SHA1

Message

Date

Sterister

dbb3a090d8

release(v4.4.0): public accessor for device identity public key

Expose the local device's 32-byte Ed25519 identity public key on Shade
so apps can hand it to their own backend at enrollment time for
signature verification, key pinning or per-device safety-number
computation. Closes the gap that forced consumers to ship placeholder
random bytes their backend could store but never verify against.

- @shade/sdk Shade.identityPublicKey: Promise<Uint8Array> — getter
  mirrors the existing fingerprint accessor. Throws pre-init,
  reflects the current key after rotate(), retired key preserved in
  retired-identities storage per existing grace-period contract.
  Private key remains unreachable.
- Test in shade-sdk/tests/sdk.test.ts: round-trip match against the
  underlying storage's signingPublicKey, plus value updates after
  rotate().
- Lockstep version bump 4.3.0 → 4.4.0 across all 25 packages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-05 17:58:45 +02:00

Sterister

c95824f95f

feat(sdk): M-Magic 1-4 — high-level SDK with magic drop-in

Phase A complete: createShade() one-liner with auto-establish, auto-publish,
and auto-replenish.

M-Magic 1-4 rolled into @shade/sdk:
- createShade() factory with config validation and storage resolution
  (memory | sqlite:... | { type: 'postgres', url: ... } | explicit instance)
- Shade class wraps crypto + storage + session manager + transport
- Auto-publish: initialize() automatically registers with the prekey server
- Auto-establish: send() transparently fetches bundles and creates sessions
  on first message to a new peer
- Per-address mutex serializes concurrent sends to prevent ratchet corruption
- BackgroundTasks class for periodic replenishment + opt-in identity rotation
- rotate() rebuilds the transport with the new signing key so subsequent
  signed operations work after rotation
- onMessage() handler API for incoming plaintext

API:
  const shade = await createShade({ prekeyServer, storage });
  await shade.send('bob', 'hello');
  await shade.receive('alice', envelope);
  shade.onMessage((from, msg) => ...);
  await shade.rotate();
  await shade.shutdown();

13 new SDK tests covering: happy path, auto-publish, two-process
conversation, onMessage handlers, concurrent sends, unknown peer,
fingerprint verification, shutdown, manual replenish, auto-replenish
off, rotate, and config validation.

233 tests passing, 0 failures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 00:27:59 +02:00

2 Commits