feat: desktop vault settings integration - phase 40#424
Conversation
Propagate user-configurable vault settings (Phase 39) to Rust SDK and desktop app. Replaces hardcoded MAX_VERSIONS_PER_FILE and VERSION_COOLDOWN_MS with values from encrypted IPNS settings blob. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 4da251897fc5
Entire-Checkpoint: c775e7f22c78
Entire-Checkpoint: 7a368c2a110e
Entire-Checkpoint: b14b14455de5
- Add cross-language test vector for cipherbox-vault-settings-v1 - Add unit tests for derive_vault_settings_ipns_keypair - Add match arm in cross_language.rs for vault-settings info string - Tests fail because function not yet implemented (TDD RED)
- Add VAULT_SETTINGS_HKDF_INFO constant with info "cipherbox-vault-settings-v1" - Add derive_vault_settings_ipns_keypair() following existing derivation pattern - Re-export new function from crates/crypto/src/lib.rs - Cross-language parity verified via shared test vector with TypeScript
- Add VaultSettings struct with serde camelCase serialization - Add DeleteBehavior enum (Bin, Permanent) - Add default_vault_settings() returning v1 defaults - Add validate_vault_settings() with clamping and unknown-version guard - 13 unit tests covering all validation scenarios
- Add 40-01-SUMMARY.md with execution results - Update STATE.md with metrics - Update ROADMAP.md with plan progress
… flow - Add vault_settings: RwLock<VaultSettings> field to KeyState (defaults on init) - Add load_vault_settings() helper: derive IPNS -> resolve -> fetch -> ECIES unwrap -> validate - Call load_vault_settings in complete_auth_setup with graceful fallback to defaults - Update SDK state tests to assert vault_settings initialization and clear behavior Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… settings - Add max_versions_per_file and version_cooldown_ms fields to CipherBoxFS - Rename constants to DEFAULT_MAX_VERSIONS_PER_FILE and DEFAULT_VERSION_COOLDOWN_MS - Update macOS read_ops.rs to use fs.max_versions_per_file and fs.version_cooldown_ms - Update Windows write_ops.rs to use CipherBoxFS fields for versioning - Add new params to mount_filesystem on both macOS and Windows - Pass vault settings from KeyState to FUSE mount with minutes-to-ms conversion Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add 40-02-SUMMARY.md with execution results and self-check - Update STATE.md progress (90/96 plans, 94%) - Update ROADMAP.md phase 40 progress (2/2 complete) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: a4ee52a12edc
Entire-Checkpoint: 0c9b800d10dc
…c code The version cooldown check, version entry creation, and pruning logic was duplicated between read_ops.rs (macOS/Linux) and platform/windows/write_ops.rs. Extract into helpers::apply_versioning() so all platforms share identical behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 0d8a9827e403
…nt helpers - Replace custom clamp() with std u32::clamp() in vault_settings.rs - Remove unnecessary numbered comments in load_vault_settings() - Flatten redundant scope block in complete_auth_setup() - Delete unused DEFAULT_MAX_VERSIONS_PER_FILE and DEFAULT_VERSION_COOLDOWN_MS constants Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: ed8cad6e6741
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 9 minutes and 24 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughThis implementation introduces user-configurable vault settings to the desktop application. It adds HKDF domain-separated IPNS keypair derivation for vault settings, a new VaultSettings struct with validation and defaults, loads encrypted settings during desktop authentication, wires them into FUSE filesystem operations, and replaces hardcoded versioning constants with configurable values from loaded settings. Changes
Sequence Diagram(s)sequenceDiagram
participant Desktop as Desktop App
participant Auth as Auth Handler
participant Crypto as Crypto Crate
participant IPNS as IPNS Resolver
participant IPFS as IPFS Client
participant Decryption as ECIES Decrypt
participant Validation as VaultSettings<br/>Validator
participant SDK as SDK State
participant FUSE as FUSE Mount
Desktop->>Auth: complete_auth_setup()
Auth->>Crypto: derive_vault_settings_ipns_keypair(private_key)
Crypto-->>Auth: (ed25519_priv, ed25519_pub, ipns_name)
Auth->>IPNS: resolve(ipns_name)
IPNS-->>Auth: ipfs_cid
Auth->>IPFS: fetch(ipfs_cid)
IPFS-->>Auth: encrypted_content
Auth->>Decryption: ecies_unwrap(encrypted_content, private_key)
Decryption-->>Auth: json_payload
Auth->>Validation: validate_vault_settings(json_payload)
Validation-->>Auth: VaultSettings (validated & clamped)
Auth->>SDK: store vault_settings in KeyState
SDK-->>Auth: ✓
Auth->>FUSE: mount_filesystem(...,<br/>max_versions_per_file,<br/>version_cooldown_ms)
FUSE-->>Auth: ✓
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #424 +/- ##
==========================================
+ Coverage 62.27% 71.84% +9.56%
==========================================
Files 134 113 -21
Lines 10082 7160 -2922
Branches 1050 1050
==========================================
- Hits 6279 5144 -1135
+ Misses 3587 1800 -1787
Partials 216 216
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.planning/phases/40-desktop-vault-settings-integration/40-VERIFICATION.md:
- Around line 90-96: Update the "Human Verification Required" and "Gaps Summary"
sections in the 40-VERIFICATION.md report to reflect the two remaining runtime
checks still open: "FUSE mount respects custom settings" and "defaults used if
no IPNS entry"; specifically, change the "None" under "Human Verification
Required" to list those two checks as pending and adjust "Gaps Summary" from "No
gaps" to note that these runtime verifications are outstanding (so the report
doesn't claim full completion) and keep the existing statements about static
verification and graceful fallback intact.
In `@apps/desktop/src-tauri/src/commands/auth.rs`:
- Around line 95-138: Wrap the entire resolve→fetch→decrypt chain in
load_vault_settings with a tokio timeout so a slow/hung IPNS/IPFS call will
return an error and fall back to defaults; specifically, use
tokio::time::timeout(...) around the async block in load_vault_settings (the
block that calls cipherbox_api_client::ipns::resolve_ipns and
cipherbox_api_client::ipfs::fetch_content and
cipherbox_crypto::ecies::unwrap_key) and map a tokio::time::error::Elapsed into
a descriptive Err (e.g., "vault settings load timed out") so the existing match
on result uses cipherbox_core::default_vault_settings() on timeout. Ensure the
duration is reasonable (or configurable) and keep the function signature and
existing error-to-log behavior.
In `@crates/fuse/src/helpers.rs`:
- Around line 122-150: The early return when should_version is false skips
pruning existing_versions; change the logic in the function (around the
should_version check) to always enforce max_versions_per_file by trimming
existing_versions when its length > max_versions and returning the trimmed
Some(versions) plus the pruned CIDs, even if no new version is created. Use the
same pruning approach as in the later branch (build pruned: Vec<String> from
versions.split_off(max_versions).map(|v| v.cid)), log the pruning with ino and
max_versions, and then return (Some(trimmed_versions), pruned) when
should_version is false; preserve the existing debug/info messages and keep the
branch that creates a new version unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 809ef0e0-251e-4f99-9e13-148fae1167cd
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (27)
.husky/commit-msg.planning/PROJECT.md.planning/ROADMAP.md.planning/STATE.md.planning/phases/40-desktop-vault-settings-integration/40-01-PLAN.md.planning/phases/40-desktop-vault-settings-integration/40-01-SUMMARY.md.planning/phases/40-desktop-vault-settings-integration/40-02-PLAN.md.planning/phases/40-desktop-vault-settings-integration/40-02-SUMMARY.md.planning/phases/40-desktop-vault-settings-integration/40-CONTEXT.md.planning/phases/40-desktop-vault-settings-integration/40-RESEARCH.md.planning/phases/40-desktop-vault-settings-integration/40-VALIDATION.md.planning/phases/40-desktop-vault-settings-integration/40-VERIFICATION.mdapps/desktop/src-tauri/src/commands/auth.rsapps/desktop/src-tauri/src/fuse/mod.rsapps/desktop/src-tauri/src/fuse/windows/mod.rscrates/core/src/lib.rscrates/core/src/vault_settings.rscrates/crypto/src/hkdf.rscrates/crypto/src/lib.rscrates/crypto/tests/cross_language.rscrates/fuse/src/constants.rscrates/fuse/src/helpers.rscrates/fuse/src/lib.rscrates/fuse/src/platform/windows/write_ops.rscrates/fuse/src/read_ops.rscrates/sdk/src/state.rstests/vectors/crypto/hkdf.json
💤 Files with no reviewable changes (1)
- crates/fuse/src/constants.rs
Cover cooldown logic, version creation, pruning, and edge cases (empty CID, zero max versions, empty version list). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: c7e74621b1ab
- Add 10s tokio::timeout to load_vault_settings() so hung IPNS/IPFS calls fall back to defaults instead of stalling login - Always enforce max_versions pruning in apply_versioning(), even when cooldown skips version creation (handles lowered max_versions) - Update VERIFICATION.md to list two pending runtime checks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 01a69d909db0
Summary
VaultSettingstype with validation, clamping, and serde round-trip support tocipherbox-coreapply_versioning()helper to eliminate platform-specific code duplication (macOS + Windows)u32::clamp()from std, remove dead constants, strip redundant commentsTest plan
cipherbox-corevault_settings unit tests (13 tests: defaults, validation, clamping, serde round-trip, unknown version guard)cipherbox-cryptoHKDF derivation tests (determinism, domain separation, cross-language vectors)cipherbox-fusecompiles with removed constants (no dead code references)🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes
New Features
Chores