Sterister
037f994572
Some checks failed
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Test / test (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
Answers Vyvern FR shade-ws-streaming-ratchet.md with a first-class
streaming-session API rather than the documented-contract fallback.
The Double-Ratchet crypto was already safe for high-frequency
one-directional use; the send/receive wrapper was not (per-frame
saveSession keystore write; shared per-peer mutex + single stored
session row coupling reuse to the HTTP path).
- @shade/core: stream.ts — identity-bound 3-DH seeding (X3DH-minus-
prekeys, no prekey-server round trip, mutually authenticated against
the parent session's pinned identities), bootstrapStreamSession
reusing init{Sender,Receiver}Session verbatim, in-memory-only
StreamRatchet (own op-mutex, never persisted, zeroized on close).
beginStream/acceptStream on ShadeSessionManager; Stream{Closed,
Handshake}Error; stream.opened/closed events.
- @shade/proto: STREAM_OPEN/OPEN_ACK/FRAME wire (0x31/0x32/0x33),
additive; inspectEnvelopeType extended.
- @shade/sdk: Shade.openStream/acceptStream → ShadeStream
(handshakeFrame/handleHandshake/seal/open/close), transport-
agnostic, independent of encrypt/decrypt queues + parent session,
identical server (sqlite:) and browser (IndexedDB) — touches no
storage.
- Tests: 5000-frame one-directional burst (bounded skipped keys + FS
zeroize), parent-session independence, replay/rewind rejection,
mutual-auth, proto wire round-trips. Full suite green (1159 pass).
- docs/streaming-sessions.md (R1–R7 contract); SECURITY.md matrix rows.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/recovery
Social key recovery for Shade — V3.10.
Shamir Secret Sharing over GF(2^8) splits the user's identity backup
key into n shares; any threshold-many k together reconstruct the
identity onto a new device. Distribution and reconstruction ride
existing 1:1 Shade sessions — no centralized recovery agent.
Install
bun add @shade/recovery
Quick wire-up
import {
setupRecovery,
attachGuardian,
requestRecovery,
MemoryRecoveryStore,
} from '@shade/recovery';
// Primary (Alice's existing device)
await setupRecovery({
shade,
guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
threshold: 3,
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
// Each guardian
attachGuardian({
shade,
store: new MemoryRecoveryStore(), // swap for persistent store in prod
approve: async (ctx) => askUser(ctx),
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
// New device (Alice on a fresh phone)
await requestRecovery({
shade: tempShade,
originalAddress: 'alice',
setupId: '<from recovery card>',
threshold: 3,
guardians: ['bob', 'carol', 'dan', 'eve', 'faythe'],
deliver: async (to, envelope) => myOutbox.send(to, envelope),
});
See docs/recovery.md for the full
threat model, persistence recommendations, and guardian-UX guidance.
Tests
bun test # all
bun test tests/shamir # Shamir primitives
bun test tests/integration # 3-of-5 end-to-end
bun test tests/adversarial # k-1 collusion + forged shares + OOB-gate