x/motr-enclave
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13cb35bc7371bd8520a9c5c3bc212ab518783dfa
motr-enclave/CHANGELOG.md

157 lines
6.1 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- SQLite custom functions for BIP44 derivation
- `bip44_derive(pubkey_hex, chain)` - Derive address from any public key
- `bip44_derive_from_enclave(enclave_id, chain)` - Derive from stored enclave
- Supports: `sonr` (Cosmos 118), `ethereum` (60), `bitcoin` (0)
- MPC signing via exec handlers
- `accounts sign` - Sign with account's enclave
- `enclaves sign` - Sign directly with enclave
- Multi-chain account initialization in `generate()`
- Creates accounts for sonr, ethereum, and bitcoin on enclave creation
### Changed
- `generate()` now returns `enclave_id`, `public_key`, and `accounts` array
- `internal/crypto/mpc/verify.go` simplified to use stdlib instead of external curves package
### Removed
- `internal/enclave/` package (unused encryption layer)
- `internal/crypto/mpc/utils.go` (dead code)
---
## [0.1.0] - 2025-01
### Added
#### Encryption & Serialization
- `internal/enclave/crypto.go` - WebAuthn PRF key derivation
- `DeriveEncryptionKey()` using HKDF with SHA-256
- `DeriveKeyWithContext()` for purpose-specific keys
- AES-256-GCM encryption/decryption (`Encrypt`, `Decrypt`)
- `EncryptBytes()` / `DecryptBytes()` convenience functions
- `SecureZero()` for memory clearing
- `internal/enclave/enclave.go` - Encrypted database wrapper
- `Enclave` struct wrapping `Keybase` with encryption
- `SerializeEncrypted()` / `LoadEncrypted()` methods
- `Export()` / `Import()` with `EncryptedBundle`
- `FromExisting()` to wrap existing keybase
- `internal/keybase/conn.go` - Native SQLite serialization
- `Serialize()` using `serdes.Serialize()` from ncruces/go-sqlite3
- `Load()` using `serdes.Deserialize()`
- `RestoreFromDump()` for encrypted bundle loading
#### Action Manager Extensions
- `internal/keybase/actions_verification.go`
- CreateVerificationMethod, ListVerificationMethodsFull
- GetVerificationMethod, DeleteVerificationMethod
- `internal/keybase/actions_service.go`
- CreateService, GetServiceByOrigin, GetServiceByID
- UpdateService, ListVerifiedServices
- `internal/keybase/actions_grant.go`
- CreateGrant, GetGrantByService, UpdateGrantScopes
- UpdateGrantLastUsed, SuspendGrant, ReactivateGrant, CountActiveGrants
- `internal/keybase/actions_credential.go`
- CreateCredential, UpdateCredentialCounter, RenameCredential
- DeleteCredential, CountCredentialsByDID
- `internal/keybase/actions_session.go`
- GetSessionByID, GetCurrentSession, UpdateSessionActivity
- SetCurrentSession, DeleteExpiredSessions
#### Plugin Exec Handlers
- `key_shares` resource - list, get, rotate, archive, delete
- `verification_methods` resource - list, get, delete
- `services` resource - list, get, get_by_id
#### UCAN v1.0.0-rc.1 Database Integration
- `internal/migrations/schema.sql` - v1.0.0-rc.1 tables
- `ucan_delegations` - CID-indexed delegation storage with envelope BLOB
- `ucan_invocations` - CID-indexed invocation storage with execution tracking
- `ucan_revocations` - Revocation records with reason and invocation CID
- Updated `grants` table to use `delegation_cid` instead of `ucan_id`
- `internal/migrations/query.sql` - CID-based queries
- Delegation CRUD: Create, Get by CID, List by DID/Issuer/Audience/Subject/Command
- Invocation CRUD: Create, Get by CID, List by DID/Issuer/Command, Mark executed
- Revocation: Create, Check revoked, Get revocation, List by revoker
- `internal/keybase/actions_delegation.go` - Delegation action handlers
- StoreDelegation, GetDelegationByCID, GetDelegationEnvelope
- ListDelegations, ListDelegationsByIssuer, ListDelegationsByAudience
- ListDelegationsForCommand, IsDelegationRevoked, RevokeDelegation
- DeleteDelegation, CleanExpiredDelegations
- `internal/keybase/actions_invocation.go` - Invocation action handlers
- StoreInvocation, GetInvocationByCID, GetInvocationEnvelope
- ListInvocations, ListInvocationsByCommand, ListPendingInvocations
- MarkInvocationExecuted, CleanOldInvocations
- `main.go` - Updated exec handlers for v1.0.0-rc.1
- `executeUCANAction` uses delegation methods (list, get, revoke, verify, cleanup)
- `executeDelegationAction` uses CID-based methods (list by issuer/audience/command)
- `validateUCAN` uses `IsDelegationRevoked` instead of old `IsUCANRevoked`
#### UCAN v1.0.0-rc.1 Core
Using `github.com/ucan-wg/go-ucan v1.1.0`:
- Type re-exports from go-ucan (Delegation, Invocation, Command, Policy)
- Sonr command constants (/vault/*, /did/*, /dwn/*)
- DelegationBuilder fluent API with Sonr-specific helpers
- InvocationBuilder fluent API with Sonr-specific helpers
- PolicyBuilder fluent API with all operators
- Sonr policy helpers (VaultPolicy, DIDPolicy, ChainPolicy)
- ValidationError types matching TypeScript definitions
- Capability, ExecutionResult, and related types
### Removed
#### Deprecated JWT-based UCAN
- `jwt.go` - Old JWT token handling
- `capability.go` - Old Attenuation/Resource/Capability model
- `verifier.go` - Old JWT verification
- `source.go` - Old JWT token creation
- `internal/crypto/mpc/spec/` - Old MPC JWT integration
- `github.com/golang-jwt/jwt/v5` dependency
- Old action files:
- `internal/keybase/actions_ucan.go` - Old JWT-based UCAN actions
- `internal/keybase/actions_delegation.go` - Old ID-based delegation actions
### Deprecated
The following from the old TODO have been superseded by UCAN v1.0.0-rc.1:
- "Token Validation" (JWT parsing) -> Replaced by go-ucan validation
- "Capability Verification" (`can`/`with` format) -> Replaced by policy evaluation
- "Proof Chain Validation" (JWT proof strings) -> Replaced by CID-based chain
- "UCAN Token Actions" (old format) -> Replaced by v1.0.0-rc.1 actions
- "Delegation Actions" (old model) -> Merged into CID-based actions
The old capability model (`Attenuation`, `Resource`, `Capability` interfaces) is replaced by:
- `sub` (DID) - Subject of the capability
- `cmd` (Command) - Action being delegated
- `pol` (Policy) - Constraints on invocation arguments
Reference in New Issue View Git Blame Copy Permalink