Sterister
3c0db14904
Some checks failed
Test / test (push) Has been cancelled
Prism filed a per-recipient-flush-concurrency FR pointing at
serial-per-flush. Investigation surfaced the actual culprit:
`scheduleFlush` was using a 15 s backoff on **both** the success and
failure paths, so envelopes enqueued *during* an in-flight flush
sat ~15 s behind the next drain — visible as "10 s of silence then
25-frame burst" on the receiving side under sustained sender output.
Two fixes:
1. `scheduleFlush` now uses 0 ms delay when `flushOnce` delivered
≥1 envelope and more is queued (network healthy → drain
remainder immediately). 15 s reserved for the actual failure
case where every attempt this round failed. `flushOnce` returns
`{ delivered, remaining } | null` so concurrent-flush early
returns don't double-schedule.
2. `flushOnce` groups the outgoing queue by `recipientAddress` and
drains buckets via `Promise.all`. Per-peer order preserved
(sequential within a bucket); a slow POST to recipient A no
longer head-of-line-blocks frames bound for B.
`Inbox.tick` public shape unchanged. `OutgoingQueueStore`
implementations see the same per-entry list/remove/bumpAttempts/
size contract; only cross-recipient interleaving changes.
Tests cover (1) 25-envelope burst behind a 100 ms slow PUT drains
within 1 s, and (2) carol's PUT lands within 150 ms even when bob's
PUT stalls 200 ms.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/recovery
Social key recovery for Shade — V3.10.
Shamir Secret Sharing over GF(2^8) splits the user's identity backup
key into n shares; any threshold-many k together reconstruct the
identity onto a new device. Distribution and reconstruction ride
existing 1:1 Shade sessions — no centralized recovery agent.
Install
bun add @shade/recovery
Quick wire-up
import {
setupRecovery,
attachGuardian,
requestRecovery,
MemoryRecoveryStore,
} from '@shade/recovery';
// Primary (Alice's existing device)
await setupRecovery({
shade,
guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
threshold: 3,
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
// Each guardian
attachGuardian({
shade,
store: new MemoryRecoveryStore(), // swap for persistent store in prod
approve: async (ctx) => askUser(ctx),
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
// New device (Alice on a fresh phone)
await requestRecovery({
shade: tempShade,
originalAddress: 'alice',
setupId: '<from recovery card>',
threshold: 3,
guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
See docs/recovery.md for the full
threat model, persistence recommendations, and guardian-UX guidance.
Tests
bun test # all
bun test tests/shamir # Shamir primitives
bun test tests/integration # 3-of-5 end-to-end
bun test tests/adversarial # k-1 collusion + forged shares + OOB-gate