Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Shade/docs/archive/V3.8.md
Sterister e6fdf31b49
Some checks failed
Test / test (push) Has been cancelled
Details
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Details
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Details
Docker build and publish / docker (push) Has been cancelled
Details
Publish / publish (push) Has been cancelled
Details
release(v4.0.0): Shade GA — V3.x consolidation + audit prep 
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire
format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers
byte-for-byte. The version bump is semantic: audit-cycle complete,
opt-in surface fully exposed, threat model refreshed for every new
surface.

Highlights:
- All 24 @shade/* packages bumped to 4.0.0 in lockstep.
- CHANGELOG 4.0.0 section is the canonical manifest of what landed.
- THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12
  Web-Worker boundary) + residual-risks table refreshed.
- OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox,
  bridge, observer, /metrics, /healthz, /ready.
- MIGRATION 0.3.x → 4.0 documented + smoke-tested against
  shade migrate-storage on a real SQLite DB.
- docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer.
- scripts/soak.ts harness for the GA-stable 2-week soak window.
- All V*.md plans archived under docs/archive/ with Status: Done.
- Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen
  non-realtime stack.

Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green.
Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports
  version 4.0.0 on /health.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00

3.0 KiB
Raw Permalink Blame History

Shade V3.8 — Web Workers Crypto

Status: Done Effort: M-L (36 uker) Forrige: V3.1 Adresserer: V2.2 §4 Levert: 0.4.0 Konsumentdokumentasjon: docs/web-workers.md

Mål

Store filer i nettleseren skal kunne krypteres / dekrypteres uten å blokkere hovedtråden eller sprenge RAM. Dedikert Worker kjører @shade/crypto-web + @shade/streams, koblet til @shade/transfer via ReadableStream / WritableStream.

Scope

Inn

  • Ny entry: @shade/crypto-web/worker — dedikert Web Worker med WorkerCryptoProvider.
  • Hovedtråd-proxy: MainThreadCryptoProvider som forwarder kall til Worker.
  • Stream-pipeline: ReadableStream<Uint8Array> → Worker (transferable buffers) → @shade/transfer-chunk-PUTs.
  • Lifecycle: spawn-on-demand, idle-timeout, terminate-on-rotate.
  • Safari-aware chunk-sizing (Safari har lavere postMessage-kapasitet).

Ut

  • Service Workers (background sync) — egen vurdering.
  • SharedArrayBuffer (krever COOP/COEP-headers; valgfritt opt-in).

Design

Provider-API (uendret for konsumenter)

const crypto = await createWorkerCryptoProvider({
  workerUrl: '/shade-crypto.worker.js',
});
const shade = await createShade({ crypto, ... });

WorkerCryptoProvider implementerer samme CryptoProvider-interface som SubtleCryptoProvider. Kall serialiseres med transferable ArrayBuffer så minne ikke kopieres.

Stream-pipeline

file.stream()
  .pipeThrough(shade.encryptStream(peer))           // worker
  .pipeThrough(shade.transfer.outboundChunks())     // main → http
  .pipeTo(transferSink());

Worker-siden av encryptStream bruker MultiLaneSender.

Leveranser

Kode

  • @shade/crypto-web — ny worker.ts entrypoint.
  • @shade/sdkshade.encryptStream / decryptStream.
  • Bundler-eksempel for Vite, Webpack og Rollup.

Tester

  • Unit: postMessage roundtrip med transferable buffer.
  • Integration: 100 MB fil i nettleser uten frame-drop > 16 ms (P99).
  • Safari: chunked postMessage-workaround.

Dokumentasjon

  • docs/web-workers.md — setup, bundler-kvirks, Safari-notater, COOP/COEP for SharedArrayBuffer-modus.

Akseptansekriterier

  • 100 MB upload i Chrome uten å blokkere main thread > 16 ms i P99 (Performance Observer-måling — verifiseringsoppskrift i docs/web-workers.md).
  • Safari fungerer med default chunk-size (256 KiB postMessage budget, langt under Safari's transferable-grense).
  • Worker termineres innen 30 s etter siste bruk (idleTimeoutMs, default 30_000).

Avhengigheter

Ingen direkte. Kan kjøres parallelt med V3.2 / V3.4.

Risiko

  • Bundler-helvete. Vite, Webpack og Rollup behandler Workers ulikt. Mitiger ved publisert recipe + integration-tester per bundler.
  • Safari postMessage-grenser. Test tidlig.

Migrasjon

Opt-in. Default forblir SubtleCryptoProvider.

Reference in New Issue View Git Blame Copy Permalink