Alan-Jowett / sonde / 26218799993
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 129
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 82.642% (-0.6%) from 83.289%
26218799993

push

github

web-flow 
feat: PSK key escrow redesign — specs + foundational implementation (#1050)

* feat: PSK key escrow redesign — specs + foundational implementation (#962)

Redesign the PSK key escrow architecture from evolve-887's imperative
connector messages to a declarative ACTUAL_STATE/DESIRED_STATE model.
This PR contains the complete specification changes and foundational
gateway implementation.

Specification changes (15 docs, ~1,930 lines):

- \volve-962-specification.md\: Phone escrow scope fix, rotation code
  charset \[A-Z0-9]\, CBOR key realignment (DESIRED_STATE keys 28/29),
  \pending_recovery\ purge semantics, rotation rate limiting, SPA
  cross-reference, fingerprint trust model (SPA computes locally)
- Gateway trifecta: GW-2000-GW-2013 (14 requirements), §23 design,
  T-2000-T-2010 + T-2004b (15 test cases)
- \gateway-companion-api.md\: \ntity_id = hex(gateway_id)\,
  ACTUAL_STATE keys 12-27, DESIRED_STATE keys 15/21/22/28/29
- Azure handler trifecta: AZH-0600-AZH-0605
- Admin CLI trifecta: ADMIN-0900-ADMIN-0902
- Web UI trifecta: WEB-1001-WEB-1008 (SPA rotation flow)
- \security.md\ §10: escrow threat model

Implementation changes (4 files + 1 new module, ~700 lines):

- \otation.rs\ (new): \RotationPayloadV1\ decryption (X25519 + HKDF-SHA-256
  + AES-256-GCM), \RotationRateLimiter\ (3/5min/epoch), error types, tests
- \sqlite_storage.rs\: Schema migrations (\master_key_id\/\master_key_epoch\
  columns, \pending_recovery\ table, \ncrypted_seed_new\ column),
  \init_master_key_id()\, \init_rotation_code()\ with rejection sampling,
  \PendingRecoveryRecord\ CRUD operations
- \connector.rs\: \GatewayActualState\ variant (CBOR keys 15-27),
  \mit_gateway_actual_state()\, \GatewayDesiredState\ parsing (keys
  15/21/22/28/29), \RecoveredPskRecord\, node escrow key 14 changed
  from integer to bytes (\master_key_id\)
- \display_banner.rs\: \ender_fingerprint_page()\,
  \ender_rotation_code_page()\

Remaining work (follow-up PRs):
- gRPC \SubmitRotati... (continued)

710 of 1187 new or added lines in 4 files covered. (59.81%)

9 existing lines in 2 files now uncovered.

37078 of 44866 relevant lines covered (82.64%)

252.24 hits per line

Uncovered Changes

Lines Coverage File
236
67.85
 -17.94% crates/sonde-gateway/src/connector.rs
157
41.42
 crates/sonde-gateway/src/rotation.rs
75
84.92
 -0.28% crates/sonde-gateway/src/sqlite_storage.rs
9
90.24
 -3.43% crates/sonde-gateway/src/display_banner.rs

Coverage Regressions

Lines Coverage File
7
81.12
 -0.28% crates/sonde-azure-companion/src/main.rs
2
67.85
 -17.94% crates/sonde-gateway/src/connector.rs
Jobs
ID Job ID Ran Files Coverage
1 26218799993.1 129
82.64
 GitHub Action Run
Source Files on build 26218799993