Skip to content

test: prove ATProto label crypto interoperability#1911

Merged
ascorbic merged 3 commits into
feat/plugin-registry-labelling-servicefrom
feat/labeller-03-crypto-interop
Jul 10, 2026
Merged

test: prove ATProto label crypto interoperability#1911
ascorbic merged 3 commits into
feat/plugin-registry-labelling-servicefrom
feat/labeller-03-crypto-interop

Conversation

@ascorbic

@ascorbic ascorbic commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Proves ATProto label-v1 P-256 interoperability before the production signer is designed.

  • Adds a retained DRISL payload, digest, key, and cross-implementation signature vector.
  • Verifies an @atproto/crypto signature in workerd/atcute and verifies the retained workerd signature independently in Node.
  • Tests strict signed-field, DID method, signer-key equality, scalar, compact signature, high-S, DER, and malformed-input rejection.
  • Documents routine rotation and compromise ordering.
  • Clarifies the authoritative spec so atcute's high-level ECDSA API receives canonical CBOR and does not double-hash a precomputed digest.

Implements W0.4 from #1909 without adding production signer APIs or dependencies.

Related to #1909 and #694.

Type of change

  • Bug fix
  • Feature (requires maintainer-approved Discussion)
  • Refactor (no behavior change)
  • Translation
  • Documentation
  • Performance improvement
  • Tests
  • Chore (dependencies, CI, tooling)

Checklist

  • I have read CONTRIBUTING.md
  • pnpm typecheck passes
  • pnpm lint passes
  • pnpm test passes (or targeted tests for my change)
  • pnpm format has been run
  • I have added/updated tests for my changes (if applicable)
  • User-visible strings in the admin UI are wrapped for translation (if applicable). Do not include messages.po changes except in translation PRs — a workflow extracts catalogs on merge to main.
  • I have added a changeset (if this PR changes a published package)
  • New features link to an approved Discussion: https://github.com/emdash-cms/emdash/discussions/...

Full monorepo typecheck, admin i18n, a changeset, and an approved Discussion are not applicable. Targeted aggregator and atproto-test-utils typechecks pass, and no published package API changes.

AI-generated code disclosure

  • This PR includes AI-generated code — model/tool: OpenCode with GPT-5.6-sol and independent review subagents

Screenshots / test output

  • Full pnpm build passes with existing warnings
  • pnpm lint: 0 warnings and 0 errors
  • Aggregator typecheck passes
  • @emdash-cms/atproto-test-utils typecheck passes
  • Independent Node vector test: 1 passed
  • Workerd interoperability suite: 12 passed
  • oxfmt and git diff --check pass
  • Final independent security review reports no unresolved high/medium findings

Try this PR

Open a fresh playground →

A full working EmDash site, deployed from this branch. Each visit gets its own session-scoped sandbox: no login needed and no shared state. Try the admin, edit content, hit the public site.

Tracks feat/labeller-03-crypto-interop. Updated automatically when the playground redeploys.

@changeset-bot

changeset-bot Bot commented Jul 10, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: aa648b9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

Scope check

This PR changes 668 lines across 5 files. Large PRs are harder to review and more likely to be closed without review.

If this scope is intentional, no action needed. A maintainer will review it. If not, please consider splitting this into smaller PRs.

See CONTRIBUTING.md for contribution guidelines.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-demo-do aa648b9 Jul 10 2026, 12:28 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-demo-cache aa648b9 Jul 10 2026, 12:25 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
emdash-playground aa648b9 Jul 10 2026, 12:24 PM

@ascorbic
ascorbic marked this pull request as ready for review July 10, 2026 12:21
@github-actions github-actions Bot added the review/needs-review No maintainer or bot review yet label Jul 10, 2026
@ascorbic
ascorbic merged commit 5648ad0 into feat/plugin-registry-labelling-service Jul 10, 2026
8 of 9 checks passed
@ascorbic
ascorbic deleted the feat/labeller-03-crypto-interop branch July 10, 2026 12:28

@emdashbot emdashbot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a well-scoped, test-only crypto-interop gate for the labelling service. The PR deliberately does not add production signer APIs; it only retains a cross-implementation P-256 vector, proves @atproto/crypto@atcute/crypto interoperability, and tightens the spec around canonical CBOR vs. double-hashing, DID verification-method selection, and private-scalar decoding.

I read the full diff, the affected test files, the fixture, the updated plan/spec, and supporting package/vitest configuration. The approach is the right one for W0.4: pin down the cryptographic contract before building the issuance path. The tests exercise the important failure modes (double-hash, high-S, DER, malformed inputs, wrong key, duplicate/relative DID methods) and the fixture records reproducible protocol data rather than an opaque boolean.

The changed code follows the repo’s conventions: ESM imports use no extension for package deps, the JSON import uses with { type: "json" }, and there are no user-facing strings, SQL, migrations, authorization, or locale-sensitive content-table queries that would need Lingui/changeset/index discipline. @atproto/crypto and @atcute/crypto are already declared in the relevant package manifests, so no new dependency declarations are required.

I did not run the test suite, linter, or build; the PR claims the targeted suites pass and the typecheck/lint checks pass, and I did not find anything in the static code that contradicts those claims.

Overall: clean, targeted, and ready to land.

@github-actions github-actions Bot added review/approved Approved; no new commits since and removed review/needs-review No maintainer or bot review yet labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cla: signed review/approved Approved; no new commits since size/XL

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant