Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,21 @@
# Changelog

## 3.0.0-alpha.64

Adds three reusable client-side helpers extracted from downstream apps so a consuming library can hold configuration instead of logic. **TypeScript only** this release; Python twins are deferred (these are client-side conveniences over existing primitives — no protocol/wire change, so the cross-language conformance vectors are unaffected).

### `@drakkar.software/starfish-spaces` (alpha.64)

#### Added
- **`createPrefsStore` — generic per-identity preference store** on the `_spaces` registry `extra`-field. Factors the shared machinery (in-memory cache + change subscriptions, KV persistence via the configured `kvAdapter`, server hydration with a caller-supplied `merge`, and a CAS-safe synced write over `updateSpacesExtraField`) so an app supplies only config (field name, `empty`, `coerce`/`merge`, KV key) plus its own accessors. Supports both **write-through** (immediate per-op sync, e.g. mutes) and **debounced** (`flushDelayMs`; batched snapshot flush, e.g. read marks) cadences from one config, with `foldKvOnHydrate` + `legacyKeys` for back-compat migration.
- **Device-pairing rendezvous — `startDevicePairing` / `completeDevicePairing`** over the public `_pairing/<nonce>` slot. Centralizes the pairing security invariants (hash-guarded first-write push, best-effort slot clear after open, and mandatory root pinning via the QR-carried `rootEdPub` satisfying `installPairingBundle`). QR prefix, TTL, and `fetch` are configurable; any `*-pair:` prefix is accepted on completion (dual-accept).
- **`SpaceLayout.pairingPull` / `pairingPush`** added to the layout seam (default `_pairing/<nonce>`), so the rendezvous path is injectable alongside the other storage paths.

### `@drakkar.software/starfish-client` (alpha.64)

#### Added
- **`createSealedBlobStore` — cached sealed-blob store.** Wraps the `ByteSealer` seal/push/pull core (over `pushBlob`/`pullBlob`) with an in-memory decrypted-plaintext LRU (default 64 MB) and a KV-persisted post-seal ciphertext cache (default 4 MB) so blobs reopen offline / after reload without a round-trip. The app supplies a `SealedBlobPaths` strategy (push/pull path + AAD per blob id + context); the store owns id generation, size-guarding (`FileTooLargeError`), sealing, transport, and cache eviction.

## 3.0.0-alpha.63

Security- and parity-hardening release: a full TS+Python security and code review of the library produced 37 verified findings, all remediated here. Fixes are cross-language (both implementations) unless noted. **Two breaking API changes** are called out below (pairing-bundle install and webhook sealed-open now require an explicit trust argument).
Expand Down
2 changes: 1 addition & 1 deletion packages/python/audit/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-audit"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish audit logging extension (console / callback / no-op audit loggers for server pull/push events)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/client/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-sdk"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Python client SDK for the Starfish sync protocol"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/entitlements/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-entitlements"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish entitlements extension (per-user feature-slug role enrichment for the server, plus a client-side entitlement reader)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/events/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-events"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish server plugin that intercepts JSON event-batch pushes and encodes them as Parquet on S3 (Python mirror of @drakkar.software/starfish-events)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/identities/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-identities"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish root + device identity extension (passphrase derivation, device cap-cert minting, pairing flows, device directory)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/keyring/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-keyring"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish multi-recipient encryption layer (keyring documents, recipient management, AES-GCM payload encryption)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/outbox/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-outbox"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish durable offline write-queue — dedup-by-id, claim, retry, reconnect-drain, persisted per identity, framework-free"
readme = "README.md"
requires-python = ">=3.11"
Expand Down
2 changes: 1 addition & 1 deletion packages/python/projection/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-projection"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish incremental-list extension (post-push projection hook: fold each write into a single list document — append, update-in-place, or remove)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/protocol/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-protocol"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Shared protocol primitives for the Starfish sync protocol"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/queuing/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-queuing"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish change-event queuing extension (post-push publish hook, MemoryQueue/CustomQueue/NatsQueue backends, per-collection config)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/replica/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-replica"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish replication extension (primary→replica sync, write modes, on-pull/scheduled triggers, push proxy) as a server plugin"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/restrictions/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-restrictions"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish identity action restrictions extension (deny/allow access by identity, scoped to the server, a namespace, a collection, or an action)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/server/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-server"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Python server for the Starfish sync protocol"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/sharing/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-sharing"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish member-cap extension (member cap-cert minting, scope presets, member directory)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/spaces/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-spaces"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish multi-user spaces extension (registry, membership, object tree, E2EE keyrings, invite flows, resource-request inbox)"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/python/wal/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "starfish-wal"
version = "3.0.0a63"
version = "3.0.0a64"
description = "Starfish WAL extension — append-only CRDT op-log document model (LWW register + RGA list + text) core, cross-language conformant with the TypeScript package"
requires-python = ">=3.11"
dependencies = [
Expand Down
2 changes: 1 addition & 1 deletion packages/ts/audit/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@drakkar.software/starfish-audit",
"version": "3.0.0-alpha.63",
"version": "3.0.0-alpha.64",
"repository": {
"type": "git",
"url": "https://github.com/Drakkar-Software/starfish.git",
Expand Down
4 changes: 4 additions & 0 deletions packages/ts/client/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,10 @@ log.getCheckpoint() // max ts held — persist, and restore via setC
- `pull()` is safe to call concurrently — overlapping calls serialize internally so they never double-append a window.
- **Reactive bindings:** `createStarfishLog` (Zustand, `./zustand`) + hooks `useStarfishLog` / `useStarfishLogItems` / `useLogStatus` / `useLogConnectivity`; `createStarfishLogObservable` (Legend, `./legend`); `createAppendLogMobileLifecycle` (pull on app foreground). `startPolling` and `createSuspenseResource` work with `cursor.pull()` directly.

## Sealed blobs

`sealAndPushBlob` / `pullAndOpenBlob` are the one-shot seal/transport helpers. For a caching layer, **`createSealedBlobStore`** wraps that core with an in-memory decrypted-plaintext LRU (default 64 MB) and a KV-persisted post-seal ciphertext cache (default 4 MB) so blobs reopen offline / after reload without a round-trip. The app supplies a `SealedBlobPaths` strategy (push/pull path + AAD per blob id + context); the store owns id generation, size-guarding (`FileTooLargeError`), sealing, transport, and eviction.

## Other utilities

The package also re-exports the v2 ergonomics that survived intact: `consoleSyncLogger`, `noopSyncLogger`, `createMetricsCollector`, `createMigrator`, `createSchemaValidator`, `classifyError`, conflict resolvers (`createUnionMerge`, `createSoftDeleteResolver`, `timestampWinner`, `pruneTombstones`), `SnapshotHistory`, `startPolling`/`startAdaptivePolling`, `createDedupFetch`, `fetchServerConfig`, `pullEntitlements`, `createIndexedDBStorage`, `exportData`/`importData`, `createDebouncedSync`/`createDebouncedPush`, `createMultiStoreSync`, `createMobileLifecycle`, and the Zustand/Legend bindings via the `./zustand` and `./legend` subpaths.
Expand Down
2 changes: 1 addition & 1 deletion packages/ts/client/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@drakkar.software/starfish-client",
"version": "3.0.0-alpha.63",
"version": "3.0.0-alpha.64",
"repository": {
"type": "git",
"url": "https://github.com/Drakkar-Software/starfish.git",
Expand Down
7 changes: 7 additions & 0 deletions packages/ts/client/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,13 @@ export type {
SealAndPushBlobOptions,
PullAndOpenBlobOptions,
} from "./blob-seal.js"
export { createSealedBlobStore, FileTooLargeError } from "./sealed-blob-store.js"
export type {
SealedBlobStore,
SealedBlobPaths,
SealedBlobStoreKv,
CreateSealedBlobStoreOptions,
} from "./sealed-blob-store.js"
export { PARQUET_MIME_TYPE, PARQUET_MIME_TYPES } from "@drakkar.software/starfish-protocol"
export { SyncManager, AbortError, DocAuthorError } from "./sync.js"
export type { SyncManagerOptions, SyncSigner } from "./sync.js"
Expand Down
Loading