archetech / archon / 28137152414
92%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 51
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.607% (-1.6%) from 87.254%
28137152414

push

github

web-flow 
feat: DIDComm Phase 8 — route all sends through the service (Tor egress) (#643)

* feat: DIDComm Phase 8 — route all sends through the service (Tor egress)

The keymaster no longer dials recipients directly. All outbound delivery goes
through the DIDComm service, the single egress point and the only component with
Tor access — so the CLI and in-browser wallet can reach .onion recipients, and
the keymaster never performs network egress.

Split: keymaster = crypto (sendDidComm/send_didcomm pack, resolve, Forward-wrap,
producing a sealed envelope + destination URL); service = transport.

- didcomm service: POST /api/v1/deliver — signed-challenge auth (sender proves
  DID control, reusing the existing challenge mechanism), SSRF guard (clearnet
  must be https + non-private; ARCHON_DIDCOMM_ALLOW_PRIVATE_EGRESS for dev/test),
  and .onion delivery over a SOCKS5 Tor proxy via fetch-socks
  (ARCHON_DIDCOMM_TOR_PROXY, default tor:9050). Adds fetch-socks dep.
- keymaster (JS + Python): sendDidComm requires a configured service
  (didcommServiceURL / ARCHON_DIDCOMM_SERVICE_URL); no service => hard error, no
  direct-dial fallback. Wired through both CLIs, the keymaster REST service, and
  the Python keymaster_service.
- compose: didcomm gets ARCHON_DIDCOMM_TOR_PROXY; both keymaster flavors get
  ARCHON_DIDCOMM_SERVICE_URL=http://didcomm:4236. sample.env documents all three.
- docs: design-doc Phase 8 marked done (also corrects a stale PyNaCl note in the
  Phase 7 entry — the Python port has no PyNaCl).

Tests: relay e2e routes every send through /deliver (incl. mediator/forward +
credential exchange); a unit test asserts the no-service hard error. JS build +
both service typechecks + lint clean; JS didcomm suites + Python (161) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* refactor: derive DIDComm egress from the node URL (no extra env var)

Per review: the keymaster has only its archon node URL — it must not know the
DIDComm se... (continued)

2633 of 3273 branches covered (80.45%)

Branch coverage included in aggregate %.

1 of 15 new or added lines in 1 file covered. (6.67%)

99 existing lines in 3 files now uncovered.

5361 of 6065 relevant lines covered (88.39%)

883.1 hits per line

Uncovered Changes

Lines Coverage File
14
87.4
 -3.9% packages/keymaster/src/keymaster.ts

Coverage Regressions

Lines Coverage File
90
87.4
 -3.9% packages/keymaster/src/keymaster.ts
8
74.66
 -4.96% packages/cipher/dist/esm/didcomm.js
1
45.69
 -2.59% services/didcomm/server/src/store.ts
Jobs
ID Job ID Ran Files Coverage
1 28137152414.1 102
86.63
 GitHub Action Run
Source Files on build 28137152414