feat: controllable boot, hc-auth, restart-keeping-lair, seed export (Phase 3)#139
Open
zippy wants to merge 1 commit into
Open
feat: controllable boot, hc-auth, restart-keeping-lair, seed export (Phase 3)#139zippy wants to merge 1 commit into
zippy wants to merge 1 commit into
Conversation
Phase 3 support for the unyt-on-ASR migration, on the in-process direct-mode plugin + runtime. - Controllable boot: init_deferred registers the plugin without booting; HolochainPlugin::start / start_with_config(passphrase, config) boot the conductor late (e.g. once a user-typed lair password is collected). The runtime is held behind RwLock<Option<_>>; runtime() returns an owned clone; new holochain://lair-ready event emitted before EVENT_READY. - Lair-first boot: spawn lair in-proc (at the same path holochain uses for lair_root: None, so existing keystores are reused) and build the conductor with .with_keystore(..), so the hc-auth flow can sign a challenge and inject the auth material into the NetworkConfig before the network starts. - hc-auth (crates/runtime/src/hc_auth.rs): GET /now -> sign via lair -> PUT /authenticate flow; HcAuthConfig / HcAuthStatus; runtime accessors hc_auth_status / hc_auth_agent_key / hc_auth_raw_ed25519_b64url; HolochainPluginConfig::with_hc_auth. - Restart-keeping-lair: stop_conductor_only + restart_with_hc_auth rebuild the conductor on the still-running lair; plugin swap_runtime re-binds the per-window signal forwarders. - Agent identity + backup: device_agent_key() (the device seed's ed25519 key, a deterministic identity), export_agent_seed() (lair export_seed_by_tag + local decrypt), with_pending_import_seed (import as the device seed at boot), generate_agent_pub_key(). Adds deps: holochain_keystore, reqwest (rustls-tls), base64. Includes unit tests for the seed export/import round-trip (incl. a byte-exact ground-truth check) and device-key identity restore.
|
✔️ cc73dd9 - Conventional commits check succeeded. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The "controllable-boot" layer for unyt-on-ASR: splits the lair keystore from the conductor so the conductor can be authenticated, restarted, and seeded under runtime control. Stacked on #138.
What's in it
Runtime::new_with_boot_config(RuntimeBootConfig{ data_root_path, network, hc_auth, pending_import_seed }). Spawns lair in-proc first, optionally runs the hc-auth flow, then builds the conductor with.with_keystore(...)on that same lair. The existingnew/new_with_network_confignow funnel through it (no API break).crates/runtime/src/hc_auth.rs) — get-or-create a persistent Ed25519 agent key in lair,GET /nowchallenge, sign via lair,PUT /authenticate→ status, build base64 auth material and inject intoNetworkConfig.base64_auth_material_{bootstrap,relay}. Auth-server failures returnOk(Failed(..))so the conductor still boots.stop_conductor_only(disables apps first) +restart_with_hc_authreturns a freshRuntimeon the same lair; pluginswap_runtimere-binds bound windows' signal forwarders to it.export_agent_seed(inverse of import, viaexport_seed_by_tag+ local box-decrypt),import_seed_into_lair,device_agent_key(the device seed's ed25519 key = deterministic identity for agent-key backup/restore).init_deferred(config)registers the plugin without booting; the host callsHolochainPlugin::start(passphrase)/start_with_config(...)once a (possibly user-typed) lair password is collected.start_lockserializes concurrent unlocks; a failed unlock is retryable. NewEVENT_LAIR_READY.Review notes
reqwest(rustls-tls, to match the workspace crypto stack) +base64;holochain_keystorepinned at0.6.1(candidate to move to a workspace dep).export_agent_seedhas a byte-exact round-trip test. The hc-auth HTTP flow andrestart_with_hc_auth/swap_runtimeare not yet covered by automated tests (would need a mock auth server).hc_auth.rsis ported from the unytcotauri-plugin-holochainfork (feat/hc-auth), adapted to this crate'sRuntimeError.Test plan
cargo test -p holochain-conductor-runtime(includes the seed round-trip test).