feat: signing and verification of memory invocations (#433)

Author: Gozala

.prettierignore

@@ -1,3 +1,4 @@
+// @ts-nocheck
 import browser from "webextension-polyfill";
 
 browser.runtime.onInstalled.addListener(() => {

.prettierrc.json

@@ -22,6 +22,7 @@ import {
 import { storage } from "./storage.ts";
 import { syncRecipeBlobby } from "./syncRecipe.ts";
 import { getSpace, Space } from "@commontools/runner";
+import { DID, Identity, Signer } from "@commontools/identity";
 
 export type Charm = {
   [NAME]?: string;
@@ -85,11 +86,25 @@ export class CharmManager {
   private charms: Cell<Cell<Charm>[]>;
   private pinnedCharms: Cell<Cell<Charm>[]>;
 
-  constructor(private spaceId: string) {
+  static async open(
+    { space, signer }: { space: DID; signer?: Signer },
+  ) {
+    return new this(
+      space,
+      signer ?? await Identity.fromPassphrase("charm manager"),
+    );
+  }
+
+  constructor(
+    private spaceId: string,
+    private signer: Signer,
+  ) {
     this.space = getSpace(this.spaceId);
     this.charmsDoc = getDoc<DocLink[]>([], "charms", this.space);
     this.pinned = getDoc<DocLink[]>([], "pinned-charms", this.space);
     this.charms = this.charmsDoc.asCell([], undefined, charmListSchema);
+
+    storage.setSigner(signer);
     this.pinnedCharms = this.pinned.asCell([], undefined, charmListSchema);
   }
 

typescript/packages/clipper-extension/src/background.ts

@@ -15,11 +15,13 @@ import {
   Space,
   useCancelGroup,
 } from "@commontools/runner";
+
 import { isStatic, markAsStatic } from "@commontools/builder";
 import { StorageProvider, StorageValue } from "./storage/base.ts";
 import { RemoteStorageProvider } from "./storage/remote.ts";
 import { debug } from "@commontools/html"; // FIXME(ja): can we move debug to somewhere else?
 import { InMemoryStorageProvider } from "./storage/memory.ts";
+import { Signer } from "@commontools/identity";
 
 export function log(fn: () => any[]) {
   debug(() => {
@@ -52,6 +54,8 @@ export interface Storage {
    */
   setRemoteStorage(url: URL): void;
 
+  setSigner(signer: Signer): void;
+
   /**
    * Load cell from storage. Will also subscribe to new changes.
    *
@@ -157,6 +161,8 @@ class StorageImpl implements Storage {
   private storageProviders = new Map<Space, StorageProvider>();
   private remoteStorageUrl: URL | undefined;
 
+  private signer: Signer | undefined;
+
   // Map from entity ID to doc, set at stage 2, i.e. already while loading
   private docsById = new Map<string, DocImpl<any>>();
 
@@ -196,6 +202,10 @@ class StorageImpl implements Storage {
     this.remoteStorageUrl = url;
   }
 
+  setSigner(signer: Signer): void {
+    this.signer = signer;
+  }
+
   syncCellById<T>(
     space: Space,
     id: EntityId | string,
@@ -240,6 +250,7 @@ class StorageImpl implements Storage {
   // TODO(seefeld,gozala): Should just be one again.
   private _getStorageProviderForSpace(space: Space): StorageProvider {
     if (!space) throw new Error("No space set");
+    if (!this.signer) throw new Error("No signer set");
 
     let provider = this.storageProviders.get(space);
 
@@ -258,6 +269,7 @@ class StorageImpl implements Storage {
         provider = new RemoteStorageProvider({
           address: new URL("/api/storage/memory", this.remoteStorageUrl!),
           space: space.uri as `did:${string}:${string}`,
+          as: this.signer,
         });
       } else if (type === "memory") {
         provider = new InMemoryStorageProvider(space.uri);
@@ -578,7 +590,7 @@ class StorageImpl implements Storage {
         }
       }
       log(
-        () => ["loading", [...loading].map((c) => JSON.stringify(c.entityId))],
+        () => ["loading", [...loading].map((c) => JSON.stringify(c.entityId))]
       );
       log(() => [
         "docIsLoading",

typescript/packages/common-charm/src/charm.ts

@@ -5,11 +5,14 @@ import type {
   Entity,
   JSONValue,
   MemorySpace,
+  Protocol,
+  UCAN,
 } from "@commontools/memory/interface";
 import * as Memory from "@commontools/memory/consumer";
 import { assert } from "@commontools/memory/fact";
 import * as Changes from "@commontools/memory/changes";
 export * from "@commontools/memory/interface";
+import * as Codec from "@commontools/memory/codec";
 
 /**
  * Represents a state of the memory space.
@@ -36,36 +39,36 @@ interface MemoryState<Space extends MemorySpace = MemorySpace> {
  * ed25519 key derived from the sha256 of the "common knowledge".
  */
 const HOME = "did:key:z6Mko2qR9b8mbdPnaEKXvcYwdK7iDnRkh8mEcEP2719aCu6P";
-/**
- * ed25519 key derived from the sha256 of the "common operator".
- */
-const AS = "did:key:z6Mkge3xkXc4ksLsf8CtRxunUxcX6dByT4QdWCVEHbUJ8YVn";
+
 export class RemoteStorageProvider implements StorageProvider {
   connection: WebSocket | null = null;
   address: URL;
   workspace: MemorySpace;
   the: string;
   state: Map<MemorySpace, MemoryState> = new Map();
-  session: Memory.MemorySession;
+  session: Memory.MemorySession<MemorySpace>;
 
   /**
    * queue that holds commands that we read from the session, but could not
    * send because connection was down.
    */
-  queue: Set<Memory.ConsumerCommand<Memory.Protocol>> = new Set();
+  queue: Set<UCAN<Memory.ConsumerCommandInvocation<Memory.Protocol>>> =
+    new Set();
   writer: WritableStreamDefaultWriter<Memory.ProviderCommand<Memory.Protocol>>;
-  reader: ReadableStreamDefaultReader<Memory.ConsumerCommand<Memory.Protocol>>;
+  reader: ReadableStreamDefaultReader<
+    UCAN<Memory.ConsumerCommandInvocation<Memory.Protocol>>
+  >;
 
   connectionCount = 0;
 
   constructor({
     address,
-    as = AS,
+    as,
     space = HOME,
     the = "application/json",
   }: {
     address: URL;
-    as?: Memory.Principal;
+    as: Memory.Signer;
     space?: MemorySpace;
     the?: string;
   }) {
@@ -74,6 +77,7 @@ export class RemoteStorageProvider implements StorageProvider {
     this.the = the;
 
     const session = Memory.create({ as });
+
     this.reader = session.readable.getReader();
     this.writer = session.writable.getWriter();
     this.session = session;
@@ -199,6 +203,7 @@ export class RemoteStorageProvider implements StorageProvider {
       local.set(of, fact);
       facts.push(fact);
     }
+    
 
     const result = await memory.transact({ changes: Changes.from(facts) });
 
@@ -233,7 +238,7 @@ export class RemoteStorageProvider implements StorageProvider {
   }
 
   receive(data: string) {
-    return this.writer.write(JSON.parse(data));
+    return this.writer.write(Codec.Receipt.fromString(data));
   }
 
   handleEvent(event: MessageEvent) {
@@ -283,7 +288,7 @@ export class RemoteStorageProvider implements StorageProvider {
     while (this.connection === socket) {
       // First drain the queued commands if we have them.
       for (const command of queue) {
-        socket.send(JSON.stringify(command));
+        socket.send(Codec.UCAN.toString(command));
         queue.delete(command);
       }
 
@@ -299,7 +304,7 @@ export class RemoteStorageProvider implements StorageProvider {
       // Now we make that our socket is still a current connection as we may
       // have lost connection while waiting to read a command.
       if (this.connection === socket) {
-        socket.send(JSON.stringify(command));
+        socket.send(Codec.UCAN.toString(command));
       } // If it is no longer our connection we simply add the command into a
       // queue so it will be send once connection is reopen.
       else {
@@ -391,7 +396,7 @@ export interface Subscriber {
 class Query<Space extends MemorySpace> {
   reader: ReadableStreamDefaultReader;
   constructor(
-    public query: Memory.QueryView<Space>,
+    public query: Memory.QueryView<Space, Protocol<Space>>,
     public subscribers: Set<Subscriber> = new Set(),
   ) {
     this.reader = query.subscribe().getReader();

typescript/packages/common-charm/src/storage.ts

@@ -4,8 +4,10 @@ import { storage } from "../src/storage.ts";
 import { StorageProvider } from "../src/storage/base.ts";
 import { InMemoryStorageProvider } from "../src/storage/memory.ts";
 import { createRef, DocImpl, getDoc, getSpace } from "@commontools/runner";
+import { Identity } from "@commontools/identity";
 
 storage.setRemoteStorage(new URL("memory://"));
+storage.setSigner(await Identity.fromPassphrase("test operator"));
 
 describe("Storage", () => {
   let storage2: StorageProvider;

typescript/packages/common-charm/src/storage/remote.ts

@@ -11,8 +11,8 @@ import { DocImpl, getDoc } from "../common-runner/src/doc.ts";
 import { EntityId } from "../common-runner/src/doc-map.ts";
 import { storage } from "../common-charm/src/storage.ts";
 import { getSpace, Space } from "../common-runner/src/space.ts";
+import { Identity } from "../common-identity/src/index.ts";
 
-const replica = "ellyse7";
 const TOOLSHED_API_URL = "https://toolshed.saga-castor.ts.net/";
 
 // simple log function
@@ -26,7 +26,7 @@ function createCell(space: Space): Cell<Charm> {
   const myCharm: Charm = {
     NAME: "mycharm",
     UI: "someui",
-    "somekey": "some value",
+    somekey: "some value",
   };
 
   // make this a DocImpl<Charm> because we need to return a Cell<Charm> since
@@ -40,12 +40,16 @@ function createCell(space: Space): Cell<Charm> {
 }
 
 async function main() {
+  const authority = await Identity.fromPassphrase("charm manager");
   // create a charm manager to start things off
-  const charmManager = new CharmManager(replica);
+  const charmManager = await CharmManager.open({
+    space: authority.did(),
+    signer: authority,
+  });
   log(charmManager, "charmManager");
 
   // let's try to create a cell
-  const space: Space = getSpace(replica);
+  const space: Space = getSpace(authority.did());
   const cell: Cell<Charm> = createCell(space);
   log(cell.get(), "cell value from Cell.get()");
 

typescript/packages/common-charm/test/storage.test.ts

@@ -7,6 +7,7 @@ import {
   storage,
 } from "@commontools/charm";
 import { getEntityId, isStream } from "@commontools/runner";
+import { Identity } from "@commontools/identity";
 
 let { space, charmId, recipeFile, cause } = parse(Deno.args);
 
@@ -17,10 +18,12 @@ storage.setRemoteStorage(new URL(toolshedUrl));
 setBobbyServerUrl(toolshedUrl);
 
 async function main() {
-  if (!space) space = "common-cli";
   console.log("params:", { space, charmId, recipeFile, cause });
-
-  const manager = new CharmManager(space);
+  const identity = await Identity.fromPassphrase("common-cli");
+  const manager = await CharmManager.open({
+    space: space ?? identity.did(),
+    signer: identity,
+  });
   const charms = await manager.getCharms();
 
   charms.sink((charms) => {