test: prove ATProto label crypto interoperability#1911
Conversation
|
Scope checkThis PR changes 668 lines across 5 files. Large PRs are harder to review and more likely to be closed without review. If this scope is intentional, no action needed. A maintainer will review it. If not, please consider splitting this into smaller PRs. See CONTRIBUTING.md for contribution guidelines. |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-demo-do | aa648b9 | Jul 10 2026, 12:28 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-demo-cache | aa648b9 | Jul 10 2026, 12:25 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-playground | aa648b9 | Jul 10 2026, 12:24 PM |
5648ad0
into
feat/plugin-registry-labelling-service
There was a problem hiding this comment.
This is a well-scoped, test-only crypto-interop gate for the labelling service. The PR deliberately does not add production signer APIs; it only retains a cross-implementation P-256 vector, proves @atproto/crypto ↔ @atcute/crypto interoperability, and tightens the spec around canonical CBOR vs. double-hashing, DID verification-method selection, and private-scalar decoding.
I read the full diff, the affected test files, the fixture, the updated plan/spec, and supporting package/vitest configuration. The approach is the right one for W0.4: pin down the cryptographic contract before building the issuance path. The tests exercise the important failure modes (double-hash, high-S, DER, malformed inputs, wrong key, duplicate/relative DID methods) and the fixture records reproducible protocol data rather than an opaque boolean.
The changed code follows the repo’s conventions: ESM imports use no extension for package deps, the JSON import uses with { type: "json" }, and there are no user-facing strings, SQL, migrations, authorization, or locale-sensitive content-table queries that would need Lingui/changeset/index discipline. @atproto/crypto and @atcute/crypto are already declared in the relevant package manifests, so no new dependency declarations are required.
I did not run the test suite, linter, or build; the PR claims the targeted suites pass and the typecheck/lint checks pass, and I did not find anything in the static code that contradicts those claims.
Overall: clean, targeted, and ready to land.
What does this PR do?
Proves ATProto label-v1 P-256 interoperability before the production signer is designed.
@atproto/cryptosignature in workerd/atcute and verifies the retained workerd signature independently in Node.Implements W0.4 from #1909 without adding production signer APIs or dependencies.
Related to #1909 and #694.
Type of change
Checklist
pnpm typecheckpassespnpm lintpassespnpm testpasses (or targeted tests for my change)pnpm formathas been runmessages.pochanges except in translation PRs — a workflow extracts catalogs on merge tomain.Full monorepo typecheck, admin i18n, a changeset, and an approved Discussion are not applicable. Targeted aggregator and atproto-test-utils typechecks pass, and no published package API changes.
AI-generated code disclosure
Screenshots / test output
pnpm buildpasses with existing warningspnpm lint: 0 warnings and 0 errors@emdash-cms/atproto-test-utilstypecheck passesgit diff --checkpassTry this PR
Open a fresh playground →
A full working EmDash site, deployed from this branch. Each visit gets its own session-scoped sandbox: no login needed and no shared state. Try the admin, edit content, hit the public site.
Tracks
feat/labeller-03-crypto-interop. Updated automatically when the playground redeploys.