Revert "F-A3 Phase 1: client-derived userKey_v2 + GlobalUsersIndex.users_v2 (fixes #15)"

This reverts commit ef56a7a.

Author: ehsan6sha

Cargo.lock

@@ -48,9 +48,7 @@ axum = { workspace = true }
 base64 = { workspace = true }
 md-5 = { workspace = true }
 blake3 = { workspace = true }
-cid = { workspace = true }
 hex = { workspace = true }
-serde_ipld_dagcbor = { workspace = true }
 jsonwebtoken = { workspace = true }
 serde = { workspace = true }
 tempfile = { workspace = true }

Cargo.toml

@@ -273,34 +273,16 @@ pub struct BucketEntry {
 /// Global users-index CBOR. Master pins one per snapshot; the CID
 /// is published via IPNS (every flush) and to the chain anchor
 /// (every 12h).
-///
-/// **Audit F-A3 (issue #15)**: `users_v2` is the additive
-/// client-derived lookup-key map. When `users_v2` is empty (no Mode B
-/// users yet), the CBOR byte-shape is identical to the legacy v1
-/// schema thanks to `skip_serializing_if = "BTreeMap::is_empty"`.
-/// SDK clients on Mode B prefer `users_v2.get(client_derived_v2_key)`
-/// and fall back to `users.get(hashed_user_id_v1)` on miss. v1 is
-/// kept indefinitely per the design decision — never-upgrading
-/// clients keep working.
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct GlobalUsersIndex {
     pub v: u32,
     /// Monotonic publisher sequence. Replay defense: SDK persists
     /// `highest_seen_sequence`; rejects payloads with regression.
     pub sequence: u64,
     pub updated_at_unix: u64,
-    /// **v1, kept indefinitely.** `hashed_user_id_hex` (32 hex chars
-    /// = 16-byte `BLAKE3("fula:user_id:" || user_id)[..16]`) →
+    /// `userKey_hex` (32 hex chars = 16-byte hashed_user_id) →
     /// per-user bucketsIndex CID (string). BTreeMap for determinism.
     pub users: BTreeMap<String, String>,
-    /// **v2 client-derived lookup keys** (audit F-A3 / issue #15).
-    /// `client_derived_lookup_key_hex` (32 hex chars = 16-byte
-    /// `BLAKE3("fula:user-lookup-v2:" || user_id || master_KEK_public)[..16]`) →
-    /// per-user bucketsIndex CID. Populated only for users whose
-    /// client has explicitly POSTed a v2 key (Mode B + F-A3-aware
-    /// SDK). Empty by default → CBOR byte-equivalent to legacy v1.
-    #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-    pub users_v2: BTreeMap<String, String>,
 }
 
 // ============================================================
@@ -360,46 +342,20 @@ pub fn build_user_buckets_index(
 
 /// Build the global users-index CBOR from a per-user CID map.
 /// `entries` is `userKey_hex (32 hex) → bucketsIndexCid`.
-///
-/// Convenience for the v1-only path; equivalent to
-/// `build_global_users_index_v2(entries, &BTreeMap::new(), sequence, now_unix)`.
 pub fn build_global_users_index(
     entries: &BTreeMap<String, Cid>,
     sequence: u64,
     now_unix: u64,
 ) -> GlobalUsersIndex {
-    build_global_users_index_v2(entries, &BTreeMap::new(), sequence, now_unix)
-}
-
-/// Build the global users-index CBOR including BOTH v1 and v2 lookup
-/// maps. `v2_entries` is `client_derived_v2_key_hex → bucketsIndexCid`.
-///
-/// **Audit F-A3 (issue #15)**: when `v2_entries` is empty, the
-/// resulting CBOR is byte-equivalent to the legacy v1 shape (the
-/// `users_v2` field is omitted via `skip_serializing_if`).
-pub fn build_global_users_index_v2(
-    v1_entries: &BTreeMap<String, Cid>,
-    v2_entries: &BTreeMap<String, Cid>,
-    sequence: u64,
-    now_unix: u64,
-) -> GlobalUsersIndex {
-    let users: BTreeMap<String, String> = v1_entries
-        .iter()
-        .map(|(uk, cid)| (uk.clone(), cid.to_string()))
-        .collect();
-    let users_v2: BTreeMap<String, String> = v2_entries
+    let users: BTreeMap<String, String> = entries
         .iter()
         .map(|(uk, cid)| (uk.clone(), cid.to_string()))
         .collect();
     GlobalUsersIndex {
-        // Bumped to 2 to match the schema change. SDK clients that
-        // know the v2 shape can short-circuit; old clients only read
-        // the `users` field and continue to function.
-        v: if users_v2.is_empty() { 1 } else { 2 },
+        v: 1,
         sequence,
         updated_at_unix: now_unix,
         users,
-        users_v2,
     }
 }
 

crates/fula-cli/src/handlers/users_index_publisher.rs

@@ -10854,7 +10854,6 @@ mod tests {
                 sequence: 42,
                 updated_at_unix: 1_700_000_001,
                 users: users_map,
-                users_v2: std::collections::BTreeMap::new(),
             };
             let global_cbor = serde_ipld_dagcbor::to_vec(&global).expect("global");
 
@@ -10934,7 +10933,6 @@ mod tests {
                 sequence: 5,
                 updated_at_unix: 1_700_000_000,
                 users: users_map,
-                users_v2: std::collections::BTreeMap::new(),
             };
             let global_cbor = serde_ipld_dagcbor::to_vec(&global).expect("global");
 
@@ -11017,7 +11015,6 @@ mod tests {
                 sequence: 1,
                 updated_at_unix: 0,
                 users: users_map,
-                users_v2: std::collections::BTreeMap::new(),
             };
             let global_cbor = serde_ipld_dagcbor::to_vec(&global).expect("global");
 
@@ -11104,7 +11101,6 @@ mod tests {
                 sequence: 1,
                 updated_at_unix: 0,
                 users: users_map,
-                users_v2: std::collections::BTreeMap::new(),
             };
             let global_cbor = serde_ipld_dagcbor::to_vec(&global).expect("global");
 
@@ -11191,7 +11187,6 @@ mod tests {
                 sequence: 1,
                 updated_at_unix: 0,
                 users: users_map,
-                users_v2: std::collections::BTreeMap::new(),
             };
             let global_cbor = serde_ipld_dagcbor::to_vec(&global).expect("global");
 

crates/fula-client/src/encryption.rs

@@ -66,25 +66,14 @@ use std::time::Duration;
 /// `GlobalUsersIndex` struct in `fula-cli`'s
 /// `handlers::users_index_publisher`. The two definitions must stay
 /// in lockstep — see plan §3.2.a for the producer side.
-///
-/// **Audit F-A3 (issue #15)**: `users_v2` is the additive
-/// client-derived lookup-key map. SDK cold-start should prefer
-/// `users_v2.get(client_derived_v2_key)` and fall back to
-/// `users.get(hashed_user_id_v1)` on miss.
 #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
 pub struct GlobalUsersIndex {
     pub v: u32,
     pub sequence: u64,
     pub updated_at_unix: u64,
-    /// **v1, kept indefinitely.** `hashed_user_id_hex` (32 hex chars) →
-    /// bucketsIndexCid (string). The SDK looks up its own
-    /// `hashed_user_id_v1` here on cold-start when v2 is unavailable.
+    /// `userKey_hex` (32 hex chars) → bucketsIndexCid (string).
+    /// The SDK looks up its own `userKey` here on cold-start.
     pub users: BTreeMap<String, String>,
-    /// **v2 client-derived lookup keys** (audit F-A3 / issue #15).
-    /// `client_derived_lookup_key_hex` (32 hex chars) → bucketsIndexCid.
-    /// Empty on pre-F-A3 deploys; SDK falls through to `users` on miss.
-    #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
-    pub users_v2: BTreeMap<String, String>,
 }
 
 /// Master's per-user `bucketsIndex` CBOR — one per user per snapshot
@@ -1636,7 +1625,6 @@ mod tests {
             sequence,
             updated_at_unix: 1_700_000_000,
             users: BTreeMap::new(),
-            users_v2: BTreeMap::new(),
         };
         let bytes = serde_ipld_dagcbor::to_vec(&payload).expect("encode");
         (Bytes::from(bytes), payload)
@@ -2245,7 +2233,6 @@ mod tests {
             sequence,
             updated_at_unix: 1_700_000_000,
             users: BTreeMap::new(),
-            users_v2: BTreeMap::new(),
         };
         let bytes = serde_ipld_dagcbor::to_vec(&payload).expect("encode");
         (Bytes::from(bytes), payload)

crates/fula-client/src/registry_resolver.rs

@@ -207,48 +207,6 @@ pub fn derive_key(context: &str, input: &[u8]) -> Blake3Hash {
     hasher.finalize()
 }
 
-/// Compute the **v2 client-derived user-lookup key** for the
-/// global users-index (audit F-A3 / issue #15).
-///
-/// `userKey_v2 = BLAKE3("fula:user-lookup-v2:" || user_id || master_KEK_public)[..16]`
-///
-/// The key purpose is **lookup uniqueness** (mapping a user to their
-/// bucketsIndex CID in the publicly-resolvable IPNS-published global
-/// CBOR) without exposing the mapping to enumeration by anyone who
-/// only knows `user_id` (typically email or Google `sub`).
-///
-/// Unlike the legacy `hash_user_id(user_id) = BLAKE3("fula:user_id:" || user_id)[..16]`,
-/// which is server-derivable from a public attribute alone, this v2
-/// derivation requires `master_KEK_public` — a client-derived value
-/// that the server never sees. An attacker who can resolve the
-/// global CBOR can no longer hash a target email and check membership.
-///
-/// **Effectiveness is gated by audit F-A1 (Mode B sign-up)**: if the
-/// master KEK is still identity-derived (Mode A, no user-secret
-/// entropy), `master_KEK_public` is also identity-derivable, so an
-/// attacker who can compute master KEK can also compute `userKey_v2`.
-/// The privacy improvement materialises only when paired with Mode B.
-///
-/// Domain separation: distinct from `hash_user_id` (`"fula:user_id:"`)
-/// to prevent any cross-namespace collision.
-///
-/// # Arguments
-/// * `user_id` — raw user identifier (email / Google `sub` bytes)
-/// * `kek_pub` — 32-byte X25519 public component of the master KEK
-///
-/// # Returns
-/// * 16-byte (128-bit) lookup key
-pub fn compute_user_lookup_key_v2(user_id: &[u8], kek_pub: &[u8; 32]) -> [u8; 16] {
-    let mut hasher = blake3::Hasher::new();
-    hasher.update(b"fula:user-lookup-v2:");
-    hasher.update(user_id);
-    hasher.update(kek_pub);
-    let h = hasher.finalize();
-    let mut out = [0u8; 16];
-    out.copy_from_slice(&h.as_bytes()[..16]);
-    out
-}
-
 /// Derive a key from the given input and context using Argon2id
 ///
 /// This provides brute-force resistance for credential-based key derivation.