Skip to content

Add schema-version negotiation for the encrypted payload prefix (enc:v1 β†’ enc:v2) in data_migrationΒ #1032

Description

@Baskarayelu

πŸ“‹ Description

The encrypted-payload helpers in data_migration/src/lib.rs use a hardcoded ENCRYPTED_PAYLOAD_PREFIX_V1 ("enc:v1:") for export_to_encrypted_payload / import_from_encrypted_payload. There is no version negotiation: a future enc:v2 payload would fail to parse with no clear path to coexist with enc:v1.

This issue adds prefix-based schema-version negotiation so importers can accept multiple encoded-payload versions and reject unknown ones cleanly.

Why this matters: encoding formats evolve. Hardcoding a single prefix forces a flag-day migration; versioned prefixes let enc:v1 and enc:v2 coexist during rollout and fail closed on unknown versions instead of silently misparsing.

🎯 Requirements & Context

Functional requirements

  • Introduce a versioned prefix scheme (enc:v1:, enc:v2:) with an enum mapping prefix β†’ version.
  • import_from_encrypted_payload must dispatch on the prefix and reject unknown prefixes with MigrationError::IncompatibleVersion (fail closed).
  • Preserve enc:v1 behavior exactly for backward compatibility.
  • Keep the existing MAX_ENCRYPTED_PAYLOAD_BYTES size guard, recomputed per version.
  • Keep the documented caveat that the prefix is encoding-only and provides no on-chain confidentiality.

Context & constraints

  • Soroban SDK 21.7.7; additive β€” do not break existing enc:v1 round-trips.
  • Tests run with cargo test -p data_migration.

πŸ› οΈ Suggested Execution

1. Fork & branch

git checkout -b feature/migration-enc-version-negotiation

2. Implement changes

  • Add the versioned prefix dispatch in data_migration/src/lib.rs.
  • Add /// doc comments on the version negotiation and the no-confidentiality caveat.

3. Test & commit

cargo test -p data_migration
  • Cover edge cases: enc:v1 round-trip unchanged, unknown prefix rejected, truncated prefix, and oversize payload per version.

Example commit message

feat(data-migration): add enc:v1β†’enc:v2 prefix version negotiation, fail closed on unknown

βœ… Acceptance Criteria & Guidelines

Requirement Target
Versioned prefix dispatch, fail-closed on unknown Required
enc:v1 backward compatibility preserved Required
Coverage of negotiation paths β‰₯ 95%, all branches
Doc comments + no-confidentiality caveat Required
cargo test -p data_migration + cargo clippy clean Required
Timeframe 96 hours from assignment

πŸ’¬ Community & Support

Join the Remitwise contributor community on Discord: https://discord.gg/CtQuPZFMA β€” comment when you pick this up. πŸš€

Metadata

Metadata

Assignees

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions