Sterister
80c410f518
Ships the Prism FR (encrypted-profile-storage-v4.9.md) as a generic relay-side encrypted blob primitive: deterministically-located, AEAD-sealed blobs keyed by a 32-byte slotId derived client-side via HKDF from the user's master key. Unlocks credential-only bootstrap of new devices into existing E2EE state — no QR, no physical access. Server: BlobStore interface + Memory/Sqlite/Postgres impls, createBlobRoutes for GET/PUT/DELETE /v1/blob/:slotId with TOFU pubkey auth and If-Match CAS (409/412 semantics). Mounted on the same Hono app as the inbox; SHADE_BLOB_PG_URL / SHADE_BLOB_DB_PATH / SHADE_DISABLE_BLOB env-var plumbing in standalone. SDK: createProfileNamespace high-level wrapper (HKDF derivation, random-nonce AEAD seal, slotId-bound AAD) + low-level BlobClient. Cross-platform test vectors in test-vectors/blob-storage.json. New errors: ConflictError (409), PreconditionFailedError (412). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/observer
Live observability backend for Shade — exposes a snapshot endpoint, an SSE event stream, and serves the bundled dashboard SPA.
Install
bun add @shade/observer @shade/server @shade/core
Usage
import { createObserver } from '@shade/observer';
import { ShadeEventEmitter, ShadeSessionManager } from '@shade/core';
import { PrekeyServerEvents, createPrekeyServer } from '@shade/server';
// 1. Create event emitters
const clientEvents = new ShadeEventEmitter();
const serverEvents = new PrekeyServerEvents();
// 2. Wire them into your session manager and prekey server
const manager = new ShadeSessionManager(crypto, storage, { events: clientEvents });
const prekeyServer = createPrekeyServer({ crypto, events: serverEvents });
// 3. Create the observer
const observer = createObserver({
token: process.env.SHADE_OBSERVER_TOKEN!,
clientEvents,
serverEvents,
});
// 4. Mount or serve standalone
import { Hono } from 'hono';
const app = new Hono();
app.route('/shade-observer', observer);
Bun.serve({ port: 3900, fetch: app.fetch });
After this, visit http://localhost:3900/shade-observer/dashboard/ and enter your bearer token to see the dashboard.
Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/state |
Bearer | Current snapshot (identity, sessions, prekeys, server stats) |
| GET | /api/events |
Bearer (or ?token=) |
SSE stream of live events |
| GET | /dashboard/ |
None | Bundled web UI |
| GET | /health |
None | Liveness check |
Configuration
| Env var | Required | Description |
|---|---|---|
SHADE_OBSERVER_TOKEN |
Yes | Bearer token (min 16 chars). Refuses to start if shorter. |
The token is checked with constant-time comparison.
Security notes
- Event payloads contain NO key material, plaintext, or signatures — only structural facts (counters, addresses, short hashes for display).
- The observer is intended for internal/debugging use. Put it behind a reverse proxy and authenticate access.
- The dashboard stores the bearer token in
localStoragefor convenience. Don't load the dashboard on shared computers.