Initial PRD attempt#1
Merged
Merged
Conversation
FSM1
commented
Jan 15, 2026
Owner
- Introduced PRD.md detailing the CipherBox product, its goals, user personas, functional requirements, and technical architecture.
- Updated README.md to include a brief description of CipherBox and a link to the PRD for more details.
- Introduced PRD.md detailing the CipherBox product, its goals, user personas, functional requirements, and technical architecture. - Updated README.md to include a brief description of CipherBox and a link to the PRD for more details.
FSM1
added a commit
that referenced
this pull request
Feb 2, 2026
ENVIRONMENTS.md: - Rename section title to "Environment-Specific IPNS Key Derivation" - Replace "environment salt" terminology with "environment context" throughout - Remove unused VITE_WEB3AUTH_NETWORK env var (network derived from VITE_ENVIRONMENT) - Add URL schemes to environment variable reference table REVIEW-2026-01-25-environments.md: - Update findings #1, #3, #4 status to "Addressed" with dates Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
FSM1
added a commit
that referenced
this pull request
Feb 2, 2026
…ion (#49) * docs: add comprehensive environment architecture for multi-env isolation Addresses the Web3Auth key isolation problem where all environments sharing the same project leads to IPNS sequence number conflicts. Documents four environments (local, CI, staging, production) with: - Environment-specific Ed25519 key derivation salt approach - Docker Compose configurations for offline/online IPFS modes - Web3Auth network switching (Devnet vs Mainnet) - Complete env var reference and implementation checklist * docs: add TEE infrastructure analysis to environment architecture Extends ENVIRONMENTS.md with detailed TEE layer implications: - Local/CI: TEE disabled, IPNS can expire, user resets to clean slate - Staging: TEE active with Phala testnet, needs DHT cleanup strategy for orphaned records when Web3Auth testnet IDs become unstable - Production: Full TEE with monitoring, alerting thresholds, and incident runbooks for IPNS staleness detection Includes: - TEE environment matrix and configuration per environment - Staging cleanup job interface for orphaned IPNS records - Production monitoring requirements (staleness, error rates, latency) - Implementation checklist for TEE infrastructure rollout - Incident response runbook for IPNS staleness * docs: add security review for environment architecture Security review of ENVIRONMENTS.md found: - 2 Medium: HKDF parameter naming, random vs derived key migration - 2 Low: Cross-env data accessibility, mock service /reset endpoint - 3 Info: TEE epoch design, Web3Auth shared identity, JWT placeholder Overall assessment: APPROVED WITH CONCERNS Core cryptographic approach is sound, needs clarification before impl. * docs: address CodeRabbit review comments - Clarify HKDF salt vs info usage to match RFC 5869 best practices - Add security warning about cross-environment CID leakage risks - Add safety note for /reset endpoint (local/CI only) - Add language tags to fenced code blocks (bash, text) - Add blank lines around alerting thresholds table (MD058) - Replace absolute paths with repo-relative paths Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: address Copilot and additional CodeRabbit comments ENVIRONMENTS.md: - Rename section title to "Environment-Specific IPNS Key Derivation" - Replace "environment salt" terminology with "environment context" throughout - Remove unused VITE_WEB3AUTH_NETWORK env var (network derived from VITE_ENVIRONMENT) - Add URL schemes to environment variable reference table REVIEW-2026-01-25-environments.md: - Update findings #1, #3, #4 status to "Addressed" with dates Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: address CodeRabbit review comments for TEE architecture - Add comprehensive TEE Key Encryption Architecture section: - Document threat model and security goals - Add encryption flow diagram (client -> API -> TEE) - Specify ECIES over secp256k1 as encryption primitive - Document TEE public key distribution with attestation - Define key epoch rotation scheme with 1-week grace period - Add epoch validation logic and error handling - Document forward secrecy considerations - Update security review findings: - Mark TEE epoch rotation finding (#5) as addressed - Add comprehensive private key security test cases: - Test that private keys are never logged - Test that keys are not stored in localStorage/sessionStorage - Test that only encrypted keys are sent to TEE - Test IPNS signature verification prevents forgery Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
4 tasks
FSM1
added a commit
that referenced
this pull request
Mar 4, 2026
- Extract clearAllUserStores() helper used by both useAuth logout and apiClient 401 interceptor, ensuring all stores are cleared on every logout path (addresses Copilot comments #1 and #2) - Extract initialState constant in quota store so reset() and init values cannot drift (addresses Copilot comment #4) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: ef84f2610701
FSM1
added a commit
that referenced
this pull request
Mar 4, 2026
* fix(web): clear share and quota stores on logout Share store's clearShares() was defined but never called during logout, causing stale share data to persist across sessions. Quota store had no reset method at all. Both are now cleared in the useAuth logout sequence. Closes M2 tech debt items from milestone audit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: b5b5f70621d5 * docs(quick-023): M2 tech debt store logout cleanup Quick task completed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 89f45663f542 * fix(web): centralize store cleanup and address PR review comments - Extract clearAllUserStores() helper used by both useAuth logout and apiClient 401 interceptor, ensuring all stores are cleared on every logout path (addresses Copilot comments #1 and #2) - Extract initialState constant in quota store so reset() and init values cannot drift (addresses Copilot comment #4) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: ef84f2610701 * fix(web): add session version guard to quota store fetchQuota Prevents in-flight fetchQuota() responses from repopulating cleared state after reset/logout. Flagged by both Copilot and CodeRabbit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 4d1d4cd4dad6 --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
FSM1
added a commit
that referenced
this pull request
Mar 29, 2026
Phase 9 items #13-19 all resolved across later phases: - #13 ThrottlerGuard applied to auth controller - #14 IPNS URL encoding added in Rust SDK extraction - #15 Debug eprintln! removed before Phase 9 merge - #16 Private key console.log removed in Phase 28 - #17 Ed25519 key_bytes zeroized in Rust SDK extraction - #18 Already marked resolved (PublishCoordinator) - #19 Sync errors sanitized via sanitize_error() 12 Phase 5 items (#1-12) remain open — all low severity input validation and defense-in-depth improvements. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: d2581dc98652
FSM1
added a commit
that referenced
this pull request
Mar 29, 2026
* docs: move structured logging to implemented in DEFERRED.md Phase 28 implemented the structured logging wrapper (lib/logger.ts), replacing 127 direct console.* calls. All 12 pending todos verified still pending — no other changes needed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 9faf72d8548e * docs: mark 7 resolved items in security low-severity backlog Phase 9 items #13-19 all resolved across later phases: - #13 ThrottlerGuard applied to auth controller - #14 IPNS URL encoding added in Rust SDK extraction - #15 Debug eprintln! removed before Phase 9 merge - #16 Private key console.log removed in Phase 28 - #17 Ed25519 key_bytes zeroized in Rust SDK extraction - #18 Already marked resolved (PublishCoordinator) - #19 Sync errors sanitized via sanitize_error() 12 Phase 5 items (#1-12) remain open — all low severity input validation and defense-in-depth improvements. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: d2581dc98652 * docs: add Phase 34 E2E Test Expansion & Staging Baselines Consolidates 6 pending testing todos into a single phase: - AES-CTR streaming playback E2E tests - Batch download zip E2E tests - Media preview E2E test suite - Shared deleteAccount teardown across all specs - BYO-IPFS load test baselines on staging - Staging metrics baselines with Faro instrumentation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: d8dd0c8c05c8 * docs: align DEFERRED.md footer date with header Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: b6a6c2383250 --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
FSM1
added a commit
that referenced
this pull request
May 25, 2026
- Scope Tauri events per attempt via port-specific event names (review #1) - Validate POST requests with server-generated nonce (review #2) - Use absolute deadline instead of per-connection timeout (review #3) - Use actual popup counter value for cleanup (review #4) - Fail fast when all preferred ports are taken (review #6) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 172d4ce72f72
FSM1
added a commit
that referenced
this pull request
May 25, 2026
…#459) * fix(desktop): use localhost callback server for Google OAuth in Tauri Google OAuth rejects custom URI schemes like `tauri://localhost` which is what `window.location.origin` resolves to in production Tauri builds. This caused Error 400: invalid_request when attempting Google login. Replace the localStorage-polling approach with a temporary localhost HTTP server (Rust-side) that receives the OAuth redirect, extracts the id_token from the URL fragment via an injected callback page, and emits it back to the main webview via a Tauri event. - Add `start_oauth_server` Tauri command with preferred port selection (14200-14202) and random fallback - Rewrite `getGoogleCredential()` to use the callback server + Tauri event listener instead of localStorage polling - Add `core:event:default` permission for Tauri event API access - Content-Length-aware HTTP body reading for reliable POST parsing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 51734dbce9b4 * chore(release): set release targets for PR #459 * fix(desktop): address PR review comments on OAuth callback server - Scope Tauri events per attempt via port-specific event names (review #1) - Validate POST requests with server-generated nonce (review #2) - Use absolute deadline instead of per-connection timeout (review #3) - Use actual popup counter value for cleanup (review #4) - Fail fast when all preferred ports are taken (review #6) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 172d4ce72f72 * docs: implement temporary localhost HTTP server for Google OAuth callback in Tauri Entire-Checkpoint: ac0f39da9ff3 * fix(desktop): address second round of PR review comments - Update JSDoc to reflect fixed-port strategy (no dynamic/loopback) - Validate OAuth state before handling errors (prevents DoS via crafted error) - Loop-read TCP until headers are complete before parsing Content-Length - Update debug doc to match current implementation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 72dff9156bda * fix(desktop): address CodeRabbit review on OAuth callback server - Move cleanup() after state validation to prevent promise hang on mismatch - Use OsRng (CSPRNG) instead of thread_rng for nonce generation - Remove Access-Control-Allow-Origin: * from GET responses (prevents local pages from fetching callback HTML to steal the nonce) - Close OAuth popup windows on server timeout - Gate callback HTML serving to /callback path only (404 for others) - Remove stale review-cycle comment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 60247aaac75c --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.