Skip to content

feat(materialization): expose committed local signer#156

Open
marcus-pousette wants to merge 1 commit into
fix/sqlite-auth-optimistic-commitfrom
materialization-local-auth-signer
Open

feat(materialization): expose committed local signer#156
marcus-pousette wants to merge 1 commit into
fix/sqlite-auth-optimistic-commitfrom
materialization-local-auth-signer

Conversation

@marcus-pousette

@marcus-pousette marcus-pousette commented May 21, 2026

Copy link
Copy Markdown
Collaborator

Goal

Expose the verified signer public key on materialization changes produced by authenticated local SQLite writes.

Applications can attribute the committed change without re-reading the proof store or trusting metadata supplied separately by an auth session.

What changes

  • After the authenticated optimistic commit succeeds, derive the signer from committedOp.meta.id.replica.
  • Annotate only outcome changes whose source operation exactly matches that committed operation.
  • Snapshot the public-key bytes before emitting the event.
  • Leave unauthenticated writes and replay-derived changes unannotated.
  • On an optimistic conflict, expose only the fresh operation that actually commits.

Clean-slate choice

There is no optional authSession.signer, signer decoder, savepoint bridge, alternate commit path, or compatibility fallback. The signer identity comes from the exact operation whose proof and operation committed atomically in #195.

Remote signer propagation remains separate because it must come from the proof accepted at the remote commit boundary.

Fast paths

  • Unauthenticated writes perform no signer lookup or annotation.
  • Authenticated writes reuse the already-returned committed operation; there is no database read, proof-store query, transaction, or extra signature verification.
  • Only the small committed materialization outcome is mapped.

Size

4 files, +100/-18 relative to #195. Production behavior is 34 changed lines, roughly half the stale draft's signer bridge; the remaining diff is focused coverage.

Verification

  • relevant TypeScript builds
  • sqlite-node conformance under Node 20: 34/34
  • focused coverage for real capability-backed auth, unauthenticated writes, denial/no event, and optimistic conflict retry
  • Prettier and diff checks

Stack

Rebuilt cleanly on #195.

@marcus-pousette marcus-pousette force-pushed the materialization-source-metadata branch from 54444ee to 60950b7 Compare May 21, 2026 15:27
@marcus-pousette marcus-pousette force-pushed the materialization-local-auth-signer branch 2 times, most recently from 57d1e97 to 42307e6 Compare May 22, 2026 13:44
@marcus-pousette marcus-pousette changed the base branch from materialization-source-metadata to main May 22, 2026 13:45
@marcus-pousette marcus-pousette marked this pull request as ready for review May 22, 2026 13:45
@marcus-pousette marcus-pousette added enhancement New feature or request area:auth Authorization, capabilities, proofs, signatures, crypto, and privacy area:materialization Derived tree state, replay, outcomes, events, and materialization cursors labels Jul 12, 2026
@marcus-pousette marcus-pousette marked this pull request as draft July 12, 2026 15:04
@marcus-pousette

Copy link
Copy Markdown
Collaborator Author

Moving this back to draft after the repository-wide audit. The current branch still holds a SQLite savepoint across async authorization, which the #193-#195 stack intentionally replaces, and it does not wire signer metadata from a real auth session. Rebuild this after #195 so signer metadata is attached only to the revalidated committed outcome, validate the real 32-byte signer key, and cover the actual session integration.

@marcus-pousette marcus-pousette changed the title Expose local auth signer in materialization events feat(materialization): expose local signer metadata Jul 12, 2026
@marcus-pousette marcus-pousette force-pushed the materialization-local-auth-signer branch from 42307e6 to 0370abc Compare July 13, 2026 15:14
@marcus-pousette marcus-pousette changed the title feat(materialization): expose local signer metadata feat(materialization): expose committed local signer Jul 13, 2026
@marcus-pousette marcus-pousette changed the base branch from main to fix/sqlite-auth-optimistic-commit July 13, 2026 15:14
@marcus-pousette marcus-pousette marked this pull request as ready for review July 13, 2026 15:15
@marcus-pousette marcus-pousette force-pushed the fix/sqlite-auth-optimistic-commit branch from 21c9a88 to e054eaa Compare July 13, 2026 15:22
@marcus-pousette marcus-pousette force-pushed the materialization-local-auth-signer branch 2 times, most recently from 0bd1b0f to cfb93d6 Compare July 13, 2026 15:30
@marcus-pousette marcus-pousette force-pushed the fix/sqlite-auth-optimistic-commit branch from e054eaa to 8069ef0 Compare July 13, 2026 15:30
@marcus-pousette marcus-pousette force-pushed the fix/sqlite-auth-optimistic-commit branch from 8069ef0 to 871d990 Compare July 13, 2026 15:51
@marcus-pousette marcus-pousette force-pushed the materialization-local-auth-signer branch from cfb93d6 to dc9fe2e Compare July 13, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:auth Authorization, capabilities, proofs, signatures, crypto, and privacy area:materialization Derived tree state, replay, outcomes, events, and materialization cursors enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant