Sterister
1fb59a7076
Two unblocking changes for first-contact flows.
Sender attribution: relay captures shortHash(senderSigningKey) at
PUT time (after signature verification, no new trust surface) and
surfaces it on bridge push (IncomingMessage.from) + inbox-fetch
(FetchedBlob.from) + DecryptHandler raw arg. Apps receiving a prekey
envelope from a never-before-seen peer can now bootstrap X3DH via
shade.receive('fp:<hex>', env) — pre-4.8 the wire envelope didn't
authenticate the sender and there was no out-of-band hint to use.
Idempotent ALTER TABLE migrations for SQLite + Postgres add a
sender_fp TEXT column; legacy rows surface as from=undefined
(inter-version compat).
Inbox.start() race: pre-4.8 start() called register() fire-and-forget
AND schedulePoll(0) synchronously, so the first poll on a fresh
address often beat the register HTTP RTT and got SHADE_NOT_FOUND.
start() now defers; register() success kicks schedulePoll(0). Manual
tick() is unaffected (deliberate user action, no gating).
Both reported by Prism. Tests cover all five acceptance criteria
from the sender-attribution request (PUT capture, bridge surface,
fetch surface, inter-version compat, end-to-end pair smoke) plus
the three from the race-fix request.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
28 lines
605 B
JSON
28 lines
605 B
JSON
{
|
|
"name": "@shade/crypto-web",
|
|
"version": "4.8.0",
|
|
"type": "module",
|
|
"main": "src/index.ts",
|
|
"types": "src/index.ts",
|
|
"exports": {
|
|
".": {
|
|
"types": "./src/index.ts",
|
|
"default": "./src/index.ts"
|
|
},
|
|
"./worker": {
|
|
"types": "./src/worker.ts",
|
|
"default": "./src/worker.ts"
|
|
},
|
|
"./worker-protocol": {
|
|
"types": "./src/worker-protocol.ts",
|
|
"default": "./src/worker-protocol.ts"
|
|
}
|
|
},
|
|
"dependencies": {
|
|
"@noble/curves": "^2.0.1",
|
|
"@noble/hashes": "^2.0.1",
|
|
"@shade/core": "workspace:*",
|
|
"@shade/streams": "workspace:*"
|
|
}
|
|
}
|