Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f5f42fe557d536bfa2da4b783e32fb57dca2420b
Shade/packages/shade-recovery
History
Sterister f5f42fe557 release(v4.3.0): browser persistence via @shade/storage-indexeddb 
Ship an official IndexedDB-backed StorageProvider so browser-based Shade
consumers persist identity, prekeys, sessions, retired identities,
peer-verification state and stream-resume rows across tab refresh and
browser restart. Closes the gap that forced browser apps onto
storage:"memory" (regenerated identity each load, orphaned device
records server-side).

- New package @shade/storage-indexeddb (4.3.0): full StorageProvider
  conformance, schema v1, idb-backed; bumpPeerIdentityVersion is wrapped
  in a single readwrite IDB transaction (atomic, vs SQLite's
  read-then-upsert race).
- @shade/sdk resolveStorage() accepts { type: 'indexeddb', dbName? } via
  dynamic import (lazy, optional dep — same pattern as
  @shade/storage-postgres). Named StorageSpec type now reused by
  ResolvedConfig.
- Tests: 16 new tests in shade-storage-indexeddb (StorageProvider
  surface + peer-verifications + full E2EE conversation surviving a
  simulated tab reload). Run on fake-indexeddb.
- Lockstep version bump 4.2.1 → 4.3.0 across all 25 packages.
- Publish scripts updated to include the new package.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 17:35:02 +02:00
..
src
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
tests
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
package.json
release(v4.3.0): browser persistence via @shade/storage-indexeddb
2026-05-05 17:35:02 +02:00
README.md
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00
tsconfig.json
release(v4.0.0): Shade GA — V3.x consolidation + audit prep
2026-05-03 18:35:35 +02:00

README.md

@shade/recovery

Social key recovery for Shade — V3.10.

Shamir Secret Sharing over GF(2^8) splits the user's identity backup key into n shares; any threshold-many k together reconstruct the identity onto a new device. Distribution and reconstruction ride existing 1:1 Shade sessions — no centralized recovery agent.

Install

bun add @shade/recovery

Quick wire-up

import {
  setupRecovery,
  attachGuardian,
  requestRecovery,
  MemoryRecoveryStore,
} from '@shade/recovery';

// Primary (Alice's existing device)
await setupRecovery({
  shade,
  guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
  threshold: 3,
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

// Each guardian
attachGuardian({
  shade,
  store: new MemoryRecoveryStore(),    // swap for persistent store in prod
  approve: async (ctx) => askUser(ctx),
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

// New device (Alice on a fresh phone)
await requestRecovery({
  shade: tempShade,
  originalAddress: 'alice',
  setupId: '<from recovery card>',
  threshold: 3,
  guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
  deliver: async (to, envelope) => myOutbox.send(to, envelope),
});

See docs/recovery.md for the full threat model, persistence recommendations, and guardian-UX guidance.

Tests

bun test                    # all
bun test tests/shamir       # Shamir primitives
bun test tests/integration  # 3-of-5 end-to-end
bun test tests/adversarial  # k-1 collusion + forged shares + OOB-gate
Reference in New Issue View Git Blame Copy Permalink