feat: credential CLI, standing public auth, manifest scope removal#45
Merged
feat: credential CLI, standing public auth, manifest scope removal#45
Conversation
CLI improvements: - Add `content revoke` command for credential revocation - Fix `--broad` credential producing `chain:` instead of `chain:*` - Fix `content create --peer` blob CID mismatch (upload canonical JSON) - Fix `content publish` using wrong identity for blob upload auth - Fix `content download` pre-empting relay auth with local creator check Relay improvements: - Allow unauthenticated blob/documents reads when a valid public standing credential (aud: *) exists — no auth token needed for public content - Add `hasPublicStandingAuth` helper for the unauthenticated fast-path Protocol cleanup: - Add `SignRevocation` to Go protocol library - Remove `manifest:` scoped credentials entirely (TS + Go + specs) - Simplify resource hierarchy to `chain:*` > `chain:<contentId>` - Remove `manifestLookup` from both relay implementations - Update CREDENTIALS.md spec to reflect simplified scope model Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…blish fix Review iteration addressing pattern, architect, and codex findings: - Extract `authorizeRead` helper in Go relay (deduplicate standing auth block) - Add standing auth to TS relay (blob + documents endpoints) for parity - Move `grant`/`revoke` from `content` to `dfos credential` namespace - Fix `content publish` to use active identity for blob auth (not creator) - Surface blob upload errors instead of silently skipping - Fix `json.Marshal` error handling in content create/update - Clean stale manifest comments in auth.go and delegation.go - Add conformance test: anonymous read with standing auth + revocation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bvalosek
changed the title
…D mismatch DocumentCID (used by CLI to compute document CIDs) was calling DagCborEncode directly, while the relay's blob verification used DagCborCID which normalizes float64→int64 first. Documents with integer values (e.g. "version": 1) produced different CIDs, causing blob upload to fail with "blob bytes do not match documentCID". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- content update blob upload now surfaces errors (was silently swallowing) - Go isAttenuated adds childType==chain guard matching TS implementation - Remove stale manifest comments in auth.ts - Update CLI docs (README, CLI.md, CLAUDE-SKILL) for credential namespace Co-Authored-By: Claude <noreply@anthropic.com>
Without this, revocations pushed to a peer that hasn't ingested the issuer's identity chain will be rejected. Co-Authored-By: Claude <noreply@anthropic.com>
…k, --broad help text - Move verifyContentAccess JSDoc to correct location above the function - Add wildcard (chain:*) guard in CLI local credential verification - Clarify --broad flag help text Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
credentialCLI namespace: movedgrantandrevokefromcontenttodfos credential(aliascred) — cleaner command structure for access control operationsaud: *) exists — no auth token needed for public content. Implemented in both Go and TS relays with full paritymanifest:scoped credentials entirely from TS, Go, and specs. Resource hierarchy simplified tochain:*>chain:<contentId>DocumentCIDnow callsNormalizeJSONNumbersbefore CBOR encoding, matching relay blob verification. Fixes blob upload failures on documents with integer valuescontent update --peerblob upload path now surfaces errors instead of silently swallowing.credential revoke --peeraddspublishIdentityIfNeededbefore submitting to peerisAttenuatedparity: Go now checkschildType == "chain"guard matching TS, preventingchain:*from incorrectly covering non-chain resourceschain:*(broad) credentials instead of rejecting themcredentialnamespaceTest plan
pnpm test— all protocol + relay tests passdfos credential grant <id> <did> --readproduces valid credentialdfos credential grant <id> <did> --read --broadproduces wildcard credential accepted by local downloaddfos credential revoke <cid> --peer <relay>succeeds (identity auto-published)aud: *credential readable without auth tokenGenerated with Claude Code