Skip to content

Add three reusable client-side helpers (prefs store, sealed blob store, pairing)#52

Open
Herklos wants to merge 1 commit into
masterfrom
claude/octospaces-starfish-upgrade-0ayjvh
Open

Add three reusable client-side helpers (prefs store, sealed blob store, pairing)#52
Herklos wants to merge 1 commit into
masterfrom
claude/octospaces-starfish-upgrade-0ayjvh

Conversation

@Herklos

@Herklos Herklos commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Extracts three reusable client-side helpers from downstream applications into the SDK, allowing consuming libraries to hold configuration instead of logic. TypeScript only this release; Python twins are deferred (these are client-side conveniences over existing primitives with no protocol/wire changes).

Key Changes

@drakkar.software/starfish-spaces

  • createPrefsStore — Generic per-identity preference store persisted on the _spaces registry extra-field

    • Factors shared machinery for preference features: in-memory cache with change subscriptions, KV persistence, server hydration with caller-supplied merge, and CAS-safe synced writes
    • Supports two write cadences: write-through (immediate server sync) for low-frequency toggles, and debounced (batched flush) for high-frequency updates
    • Includes in-flight guard to prevent optimistic changes from being clobbered by stale server reads
    • Comprehensive test coverage for both cadences, KV persistence, hydration strategies, and the in-flight guard
  • startDevicePairing / completeDevicePairing — Device pairing over a public rendezvous slot

    • One-way PIN-sealed provisioning: existing device provisions new device's keypair + cap bundle, seals with PIN (Argon2id → AES-GCM), publishes to _pairing/<nonce> rendezvous
    • QR payload carries only nonce and root Ed25519 pubkey; new device fetches sealed blob, opens with PIN, installs cap bundle
    • Security invariants: hash-guarded rendezvous push (pull baseHash first), best-effort slot cleanup after successful open, mandatory root trust pinning
    • Dual-accept QR prefix support (default starfish-pair:, any custom <name>: or *-pair: prefix)
    • Comprehensive test coverage for QR payload shape, onProvisioned ordering, hash-guarded push, and root pinning

@drakkar.software/starfish-client

  • createSealedBlobStore — Cached sealed-blob store with two-tier caching
    • Wraps ByteSealer seal/push/pull core with in-memory decrypted-plaintext cache (default 64 MB, FIFO eviction) and KV-persisted ciphertext cache (default 4 MB)
    • App supplies SealedBlobPaths strategy mapping blob id + context to storage paths and seal AAD
    • Store owns id generation, size-guarding, sealing, transport, and caching
    • Throws FileTooLargeError when payload exceeds configured maxBytes
    • Comprehensive test coverage for seal/upload, memory cache serving, persistence, and network fallback

Implementation Details

  • All three helpers use closure-based state management for safe per-app/per-test instantiation
  • PrefsStore includes detailed documentation on monotonic merge requirements for debounced mode to prevent mid-debounce clobbering
  • Device pairing uses generic prefix stripping to accept any *-pair: format while maintaining root pinning
  • Sealed blob store uses FIFO eviction for memory cache and insertion-order tracking for persistence budget management
  • All new exports added to package index.ts files
  • Version bumped to 3.0.0-alpha.64 across all 33 packages (lockstep versioning)

https://claude.ai/code/session_01Wr2a6mBbDwUncEfa2NHBRp

…b store; bump to alpha.64

Extract three reusable client-side helpers so downstream apps can hold config
instead of logic, and bump all packages to 3.0.0-alpha.64 (lockstep).

- spaces: createPrefsStore — generic per-identity preference store on the
  _spaces registry extra-field (cache + subscriptions + KV persistence +
  CAS-safe synced write over updateSpacesExtraField); write-through or
  debounced from one config.
- spaces: startDevicePairing / completeDevicePairing — device-pairing
  rendezvous over the public _pairing/<nonce> slot, centralizing the
  hash-guarded push, slot clear, and mandatory root-pinning invariants.
  Adds SpaceLayout.pairingPull/pairingPush (default _pairing/<nonce>).
- client: createSealedBlobStore — cached sealed-blob store (in-memory
  plaintext cache + KV-persisted ciphertext cache) over the ByteSealer
  seal/push/pull core; app supplies a path/AAD strategy.

TypeScript only this release; Python twins deferred (client-side conveniences,
no protocol/wire change). Tests + docs + CHANGELOG updated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Wr2a6mBbDwUncEfa2NHBRp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants