Sterister
037f994572
Some checks failed
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Test / test (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
Answers Vyvern FR shade-ws-streaming-ratchet.md with a first-class
streaming-session API rather than the documented-contract fallback.
The Double-Ratchet crypto was already safe for high-frequency
one-directional use; the send/receive wrapper was not (per-frame
saveSession keystore write; shared per-peer mutex + single stored
session row coupling reuse to the HTTP path).
- @shade/core: stream.ts — identity-bound 3-DH seeding (X3DH-minus-
prekeys, no prekey-server round trip, mutually authenticated against
the parent session's pinned identities), bootstrapStreamSession
reusing init{Sender,Receiver}Session verbatim, in-memory-only
StreamRatchet (own op-mutex, never persisted, zeroized on close).
beginStream/acceptStream on ShadeSessionManager; Stream{Closed,
Handshake}Error; stream.opened/closed events.
- @shade/proto: STREAM_OPEN/OPEN_ACK/FRAME wire (0x31/0x32/0x33),
additive; inspectEnvelopeType extended.
- @shade/sdk: Shade.openStream/acceptStream → ShadeStream
(handshakeFrame/handleHandshake/seal/open/close), transport-
agnostic, independent of encrypt/decrypt queues + parent session,
identical server (sqlite:) and browser (IndexedDB) — touches no
storage.
- Tests: 5000-frame one-directional burst (bounded skipped keys + FS
zeroize), parent-session independence, replay/rewind rejection,
mutual-auth, proto wire round-trips. Full suite green (1159 pass).
- docs/streaming-sessions.md (R1–R7 contract); SECURITY.md matrix rows.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/widgets
Embeddable React widgets for live Shade observability. Drop them into any React dashboard (Nova, Orchestrator, your own apps) to show what's happening in your Shade deployment.
Install
bun add @shade/widgets react react-dom
Quick start
import { ShadeProvider, IdentityCard, SessionList, RecentActivity } from '@shade/widgets';
function MyDashboard() {
return (
<ShadeProvider
observerUrl="https://shade.example.com/shade-observer"
token={process.env.SHADE_TOKEN!}
>
<IdentityCard />
<SessionList />
<RecentActivity />
</ShadeProvider>
);
}
You need a running @shade/observer endpoint for the widgets to talk to.
Components
| Component | Description |
|---|---|
<IdentityCard /> |
Your fingerprint, registration ID, init/rotation timestamps |
<SessionList /> |
Active Shade sessions with per-session message counts and DH ratchet steps |
<PrekeyStock lowThreshold={5} /> |
Gauge of remaining one-time prekeys with low-stock warning |
<RecentActivity limit={50} /> |
Live SSE feed of events flowing through the system |
<ServerStatus /> |
Prekey server stats (registered identities, fetches, replenishes, rate limits) |
<FingerprintCompare /> |
Paste a safety number to verify it matches your identity |
<WidgetCatalog /> |
Meta-widget letting users pick which widgets to display |
Letting users pick widgets
<ShadeProvider observerUrl="..." token="...">
<WidgetCatalog
available={['identity', 'sessions', 'prekeys', 'activity', 'server']}
defaultLayout={['identity', 'sessions', 'activity']}
/>
</ShadeProvider>
User selections persist to localStorage. Pass onLayoutChange to override with your own persistence.
Theming
<ShadeProvider observerUrl="..." token="..." themeMode="auto">
Modes: dark (default), light, auto (matches prefers-color-scheme).
Each widget renders self-contained CSS via inline styles — no Tailwind, no external CSS file, no conflicts with your host app.
Hooks
For custom layouts, use the underlying hooks directly:
import { useShadeState, useShadeEvents } from '@shade/widgets';
function CustomWidget() {
const { state, loading } = useShadeState();
const { events, connected } = useShadeEvents();
// ... render whatever you want
}
Polling interval
Default poll for /api/state is 5 seconds. Override:
<ShadeProvider observerUrl="..." token="..." pollIntervalMs={2000}>
The SSE event stream updates instantly regardless of poll interval.