docs(todo): update migration tasks and references
This commit is contained in:
20
TODO.md
20
TODO.md
@@ -36,6 +36,7 @@ The following files use the **old JWT-based format** and must be rewritten:
|
||||
### Reference Implementation (Already Compliant)
|
||||
|
||||
These files are already aligned with v1.0.0-rc.1:
|
||||
|
||||
- `src/ucan.ts` - TypeScript types with envelope format
|
||||
- `internal/codec/ucan-schemas.json` - JSON Schema definitions
|
||||
|
||||
@@ -164,17 +165,20 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
> Reference: MIGRATION.md lines 770-814
|
||||
|
||||
### 2.1 WebAuthn PRF Key Derivation
|
||||
|
||||
- [ ] Implement `DeriveEncryptionKey(prfOutput []byte) ([]byte, error)`
|
||||
- [ ] Use HKDF with SHA-256 to derive 256-bit encryption key
|
||||
- [ ] Salt with `"nebula-enclave-v1"` as info parameter
|
||||
|
||||
### 2.2 Database Encryption
|
||||
|
||||
- [ ] Implement application-level AES-GCM encryption for serialized pages
|
||||
- [ ] Add encryption wrapper around `Serialize()` output
|
||||
- [ ] Add decryption wrapper for `Load()` input
|
||||
- [ ] Store encryption metadata (IV, auth tag) with serialized data
|
||||
|
||||
### 2.3 Encrypted Database Wrapper
|
||||
|
||||
- [ ] Create `internal/enclave/enclave.go` - Encrypted database wrapper
|
||||
- [ ] Create `internal/enclave/crypto.go` - WebAuthn PRF key derivation
|
||||
- [ ] Integrate with existing `internal/keybase` package
|
||||
@@ -186,12 +190,14 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
> Current implementation in `conn.go:exportDump()` only outputs comments
|
||||
|
||||
### 3.1 Proper Serialization
|
||||
|
||||
- [ ] Implement full row export with proper SQL INSERT statements
|
||||
- [ ] Handle JSON columns correctly (escape special characters)
|
||||
- [ ] Include table creation order for foreign key constraints
|
||||
- [ ] Add version header for migration compatibility
|
||||
|
||||
### 3.2 Proper Deserialization
|
||||
|
||||
- [ ] Parse serialized SQL dump in `Load()`
|
||||
- [ ] Execute INSERT statements to restore data
|
||||
- [ ] Validate data integrity after restore
|
||||
@@ -204,6 +210,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
> Reference: `internal/keybase/actions.go`
|
||||
|
||||
### 4.1 Key Share Actions
|
||||
|
||||
- [ ] `CreateKeyShare(ctx, params) (*KeyShareResult, error)`
|
||||
- [ ] `ListKeyShares(ctx) ([]KeyShareResult, error)`
|
||||
- [ ] `GetKeyShareByID(ctx, shareID) (*KeyShareResult, error)`
|
||||
@@ -213,6 +220,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `DeleteKeyShare(ctx, shareID) error`
|
||||
|
||||
### 4.2 UCAN Token Actions (v1.0.0-rc.1)
|
||||
|
||||
- [ ] `CreateDelegation(ctx, params) (*DelegationResult, error)`
|
||||
- [ ] `ListDelegations(ctx) ([]DelegationResult, error)`
|
||||
- [ ] `GetDelegationByCID(ctx, cid) (*DelegationResult, error)`
|
||||
@@ -224,12 +232,14 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `CleanExpiredUCANs(ctx) error`
|
||||
|
||||
### 4.3 Verification Method Actions
|
||||
|
||||
- [ ] `CreateVerificationMethod(ctx, params) (*VerificationMethodResult, error)`
|
||||
- [ ] `ListVerificationMethods(ctx) ([]VerificationMethodResult, error)`
|
||||
- [ ] `GetVerificationMethod(ctx, methodID) (*VerificationMethodResult, error)`
|
||||
- [ ] `DeleteVerificationMethod(ctx, methodID) error`
|
||||
|
||||
### 4.4 Service Actions
|
||||
|
||||
- [ ] `CreateService(ctx, params) (*ServiceResult, error)`
|
||||
- [ ] `GetServiceByOrigin(ctx, origin) (*ServiceResult, error)`
|
||||
- [ ] `GetServiceByID(ctx, serviceID) (*ServiceResult, error)`
|
||||
@@ -237,6 +247,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `ListVerifiedServices(ctx) ([]ServiceResult, error)`
|
||||
|
||||
### 4.5 Grant Actions (Extend Existing)
|
||||
|
||||
- [ ] `CreateGrant(ctx, params) (*GrantResult, error)`
|
||||
- [ ] `GetGrantByService(ctx, serviceID) (*GrantResult, error)`
|
||||
- [ ] `UpdateGrantScopes(ctx, grantID, scopes, accounts) error`
|
||||
@@ -246,6 +257,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `CountActiveGrants(ctx) (int64, error)`
|
||||
|
||||
### 4.6 Account Actions (Extend Existing)
|
||||
|
||||
- [ ] `CreateAccount(ctx, params) (*AccountResult, error)`
|
||||
- [ ] `ListAccountsByChain(ctx, chainID) ([]AccountResult, error)`
|
||||
- [ ] `GetDefaultAccount(ctx, chainID) (*AccountResult, error)`
|
||||
@@ -254,6 +266,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `DeleteAccount(ctx, accountID) error`
|
||||
|
||||
### 4.7 Credential Actions (Extend Existing)
|
||||
|
||||
- [ ] `CreateCredential(ctx, params) (*CredentialResult, error)`
|
||||
- [ ] `UpdateCredentialCounter(ctx, credentialID, signCount) error`
|
||||
- [ ] `RenameCredential(ctx, credentialID, name) error`
|
||||
@@ -261,6 +274,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `CountCredentialsByDID(ctx) (int64, error)`
|
||||
|
||||
### 4.8 Session Actions (Extend Existing)
|
||||
|
||||
- [ ] `GetSessionByID(ctx, sessionID) (*SessionResult, error)`
|
||||
- [ ] `GetCurrentSession(ctx) (*SessionResult, error)`
|
||||
- [ ] `UpdateSessionActivity(ctx, sessionID) error`
|
||||
@@ -268,6 +282,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] `DeleteExpiredSessions(ctx) error`
|
||||
|
||||
### 4.9 Sync Checkpoint Actions
|
||||
|
||||
- [ ] `GetSyncCheckpoint(ctx, resourceType) (*SyncCheckpointResult, error)`
|
||||
- [ ] `UpsertSyncCheckpoint(ctx, params) error`
|
||||
- [ ] `ListSyncCheckpoints(ctx) ([]SyncCheckpointResult, error)`
|
||||
@@ -279,18 +294,21 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
> Reference: MIGRATION.md lines 823-824
|
||||
|
||||
### 5.1 Key Share Storage
|
||||
|
||||
- [ ] Parse key share data from MPC protocol
|
||||
- [ ] Encrypt share data before storage
|
||||
- [ ] Store public key and chain code
|
||||
- [ ] Track party index and threshold
|
||||
|
||||
### 5.2 Account Derivation
|
||||
|
||||
- [ ] Implement BIP44 derivation path parsing
|
||||
- [ ] Derive addresses from public keys
|
||||
- [ ] Support multiple chains (Cosmos 118, Ethereum 60)
|
||||
- [ ] Generate proper address encoding per chain
|
||||
|
||||
### 5.3 Key Rotation
|
||||
|
||||
- [ ] Implement key rotation workflow
|
||||
- [ ] Archive old shares
|
||||
- [ ] Update status transitions
|
||||
@@ -365,6 +383,7 @@ These files are already aligned with v1.0.0-rc.1:
|
||||
- [ ] Track last processed transaction hash
|
||||
|
||||
### 8.2 Sync Operations
|
||||
|
||||
- [ ] Fetch DID document updates from chain
|
||||
- [ ] Validate on-chain document hash
|
||||
- [ ] Update local state on changes
|
||||
@@ -498,6 +517,7 @@ The following items from the previous TODO have been removed as they reference t
|
||||
- ~~Section 3.3 "Delegation Actions" - Old delegation model~~ -> Merged into Section 1 and 4.2
|
||||
|
||||
The old capability model (`Attenuation`, `Resource`, `Capability` interfaces) is replaced by:
|
||||
|
||||
- `sub` (DID) - Subject of the capability
|
||||
- `cmd` (Command) - Action being delegated
|
||||
- `pol` (Policy) - Constraints on invocation arguments
|
||||
|
||||
Reference in New Issue
Block a user