docs: add docs for key delegation and auth #720

coodos · 2026-01-23T18:05:51Z

Description of change

add docs for key delegation and auth

Issue Number

Type of change

Docs (changes to the documentation)

How the change has been tested

Change checklist

I have ensured that the CI Checks pass locally
I have removed any unnecessary logic
My code is well documented
I have signed my commits
My code follows the pattern of the application
I have self reviewed my code

Summary by CodeRabbit

Documentation
- Added comprehensive guides on eVault key delegation workflows and provisioning
- Added detailed documentation on W3DS Protocol signatures with examples and verification flows
- Enabled Mermaid diagram support for richer visuals and added illustrative diagrams
- Removed an outdated W3DS getting-started tutorial
- Reorganized documentation categories to improve navigation and ordering

_{✏️ Tip: You can customize this high-level summary in your review settings.}

coderabbitai · 2026-01-23T18:06:13Z

Warning

Rate limit exceeded

@coodos has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 53 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Adds new and updated documentation for Infrastructure and W3DS Protocol (including an eVault key delegation guide and a signatures spec), adjusts several docs category ordering files, and enables Mermaid diagram support in the Docusaurus config and docs package dependencies.

Changes

Cohort / File(s)	Summary
Infrastructure Documentation `docs/docs/Infrastructure/_category_.json`, `docs/docs/Infrastructure/eVault-Key-Delegation.md`	Adds an "Infrastructure" category and a detailed eVault key delegation doc describing key generation/backing, provisioning during onboarding (publicKey param), sync flows (on-creation and post-creation), actors (KeyService, Provisioner, EVault, Registry), endpoints (`PATCH /public-key`, `GET /whois`), key-binding certificate format (JWT, 1h validity), verification via Registry JWKS, examples, and sequence diagram in docs.
W3DS Protocol Documentation `docs/docs/W3DS Protocol/_category_.json`, `docs/docs/W3DS Protocol/Signatures.md`, `docs/docs/W3DS Protocol/getting-started.md`	Adds comprehensive Signatures.md covering ECDSA P-256 signatures, format detection/normalization (DER/raw/multibase/base64), public key encodings, verification workflow (resolve eVault, retrieve certs, verify JWTs, import key, verify), multiple-certificate handling, examples and diagrams; deletes prior getting-started.md; updates category position.
Documentation Category Reordering `docs/docs/Post Platform Guide/_category_.json`	Adjusts `position` from 4 → 5 to reflect new ordering.
Docusaurus Configuration & Dependencies `docs/docusaurus.config.ts`, `docs/package.json`	Enables Mermaid in markdown (`markdown.mermaid = true`), adds `@docusaurus/theme-mermaid` to `themes`, and adds dependency `@docusaurus/theme-mermaid` in `docs/package.json`.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Docs/bootstrap docusaurus #688: Overlaps changes to Docusaurus configuration and docs package (mermaid/theme) affecting the same docs infrastructure files.

Suggested reviewers

sosweetham

Poem

🐰
I hopped through docs with bits of light,
Keys tucked safe, certificates bright,
Mermaid waves drew signature art,
eVault and W3DS play their part—
A tiny hop, a doc-made heart.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description follows the template structure but lacks substantive detail—it only states 'add docs for key delegation and auth' without explaining what aspects are documented or why.	Expand the description with specific details about key delegation, authentication flows, or endpoints being documented to provide meaningful context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: add docs for key delegation and auth' clearly summarizes the main change—adding documentation for key delegation and authentication workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@docs/docs/W3DS` Protocol/Signatures.md:
- Around line 24-26: Add a fenced-code language identifier (e.g., text or
plaintext) to the signature code blocks in Signatures.md so they satisfy
markdownlint MD040 and render correctly; locate the triple-backtick blocks
containing the signature lines like "Signature:
\"MEUCIQDxK3vJZQ2F3k5L8mN9pQrS7tUvW1xY3zA5bC7dE9fG1h==\"" and the other similar
blocks (around the other mentioned signature blocks) and change ``` to ```text
for each occurrence (including the blocks referenced at the other ranges).
- Around line 59-64: Update the multibase prefix usages so they match the actual
encodings: replace any occurrence that pairs the 'z' prefix with hex payloads to
use the 'f' prefix for base16/hex (lowercase), change examples that show
z{base64-encoded-SPKI} to use the 'm' prefix for base64 (no padding), and
correct any statements that say "base58btc, but using base64 here" to choose the
intended encoding and apply its correct prefix (use 'z' for base58btc, 'm' for
base64, 'f' for base16). Ensure all examples and descriptive lines consistently
use the correct prefix for their shown payloads (e.g., hex → 'f', base64 → 'm',
base58btc → 'z') so the Signatures.md multibase examples and descriptions are
accurate.
- Around line 17-32: Replace the DER-encoded example signature with a true P1363
raw signature example: update the "Example: Signature" value so it is a base64
encoding of a 64-byte raw ECDSA P-256 signature (32-byte r followed by 32-byte
s), and ensure the surrounding text refers to "P1363 (raw 64-byte r||s) base64"
and to the signing call crypto.subtle.sign() producing that raw format; locate
the current example string near the Example block and swap it for a base64
string that decodes to 64 bytes (r||s).

In `@docs/package.json`:
- Around line 18-21: The `@docusaurus/theme-mermaid` entry currently uses a caret
range ("@docusaurus/theme-mermaid": "^3.9.2") which allows minor-version drift;
change it to the exact version string matching the other Docusaurus packages
("@docusaurus/theme-mermaid": "3.9.2") so all `@docusaurus/`* packages are pinned
to the same version, then reinstall/update lockfile (npm/yarn/pnpm) to commit
the deterministic dependency change.

🧹 Nitpick comments (1)

docs/docs/Infrastructure/eVault-Key-Delegation.md (1)

109-121: Call out the publicKey encoding in the endpoint section.

Earlier you mention multibase encoding in the diagram, but the endpoint request doesn’t specify it. Consider adding a one‑liner (e.g., “publicKey is multibase‑encoded”) to avoid ambiguity.

docs/docs/W3DS Protocol/Signatures.md

docs/package.json

nsergey82 · 2026-01-23T18:09:55Z