feat: signed cross-instance write path (#10) #65
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "feat/v7-signed-write-path"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Closes #10. Third slice of v7 — invited remote editors can now create/update entries in a host project over the signed AP inbox.
Flow
A
Create/Updateof aNotewhosecontextis a project's AP URL (${appUrl}/ap/projects/:id) is routed as an entry write, ahead of the existing comment path:verifyInboxSignature).parseSignatureKeyId()exposes the verified signer, and the inbox requiressigner === activity.actor. A valid signature from actor A cannot write as actor B →401.project_collaborators). Verified-but-uninvited →403. No open-inbox path.services/remoteContribution.tswrites the entry withuser_id NULL+ attribution snapshotted from the remote actor, records aremote_contributionsrow (idempotent onap_activity_id), and embeds in the background.Updates target
${appUrl}/ap/entries/:idand apply last-write-wins for now; the optimistic-lock conflict gate + review queue are #11.Design notes
remote_contributionsinstead ofaudit_log, conflict handling to come), so a separate function is lower-risk than over-generalizing.remote_contributions(there's no user FK for a remote author).Verification (dev server)
remoteWritePath.test.ts— 5 tests that forge real HTTP signatures with a generated RSA key:202, entry withuser_id NULL/source='federation'/ actor attribution +remote_contributionsrow;403;401, no entry;Full API suite 195 passed (was 190), no regressions to the existing Follow/comment/actor inbox handling.
🤖 Generated with Claude Code