Sologretto/itsgoin
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
itsgoin/sessions.md
Scott Reimers b8b38a6f03 docs: Layer 1 — HPKE-sealed vouch grants via bio post 
Replace DM-wrapped VouchGrant with HPKE (RFC 9180) per-recipient
wrappers in the voucher's bio post. Recipient anonymity via HPKE key
privacy; readers trial-decrypt per persona. 48B per wrapper, one
ephemeral pubkey per batch. Scan gated to follows + manual gesture.
Bucket padding + per-publish shuffle for size/position opacity.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 07:38:12 -04:00

7 KiB
Raw Blame History

Contributor Sessions Log

Rolling log of active sessions on the ItsGoin repository. Every contributor — Lead or Jr — appends an entry on session start and updates it on session end. Newest entries at the top.

See CONTRIBUTING.md for the protocol. See AGENTS.md for the Claude-specific session-start checklist.

2026-04-24 — primary Claude (Lead) — docs/fof-spec-layer1-bio-grants

Started: April 24 UTC Instance: Scott's primary Claude (Lead) Issue: none (spec refinement) Branch: docs/fof-spec-layer1-bio-grants Scope: Fold Scott + Opus's Layer 1 design answer into the spec. Vouch distribution moves from DM-wrapped VouchGrant to HPKE-sealed per-recipient wrappers carried in the voucher's bio post, leveraging existing bio-post CDN propagation and HPKE (RFC 9180) key privacy for recipient anonymity.

Key design commitments added to Layer 1:

  • HPKE RFC 9180 (DHKEM X25519 + HKDF-SHA256 + ChaCha20Poly1305) for per-recipient wrappers; one ephemeral pubkey per batch; 48B per wrapper.
  • HKDF info = "itsgoin/vouch-grant/v1/" || bio_post_id — recipient-free (non-negotiable for key privacy).
  • No prefilter tag on grants (no prior shared secret); full X25519 trial at ~60µs per wrapper per persona is tolerable (≤90ms even at 512×3 worst case).
  • Scan policy: auto-scan bio posts of followed personas; manual "check bio" gesture for non-followed; scan cache keyed by (scanner_persona, bio_author, bio_epoch).
  • Bucket-padding (64/128/256/512) and per-publish wrapper shuffle for size/position opacity.
  • No separate vouches_issued table on the wire; bio post IS the authoritative record. Local-only own_vouch_targets tracks what the persona has granted.
  • Incremental grant-as-comment path (Scott's suggestion for avoiding full republish) deferred; v1 ships with full republish per change.

Completed:

  • Rewrote docs/fof-spec/layer-1-vouch-primitive.md end-to-end.
  • README updated: Layer 1 scope line + added bio-post integration bullet.
  • Self-merged to master.

Pending:

  • Opus confirmation passes still open on other layers (WrapSlot byte layout, AEAD choice for body, padding schemes).
  • Layer 26 untouched in this pass.

Stopping point: merged to master; branch deleted.

2026-04-23 — primary Claude (Lead) — docs/fof-spec-skeleton

Started: late April 23 UTC Instance: Scott's primary Claude (Lead role) Issue: none (spec-drafting work; hand-off to Opus for crypto fill-in) Branch: docs/fof-spec-skeleton Scope: Skeleton spec for Friend-of-Friend (FoF) post gating. Lays out the per-person vouch-key (V_me) primitive, four visibility levels (Public / Friends-only / FoF / Custom), Mode 1 (FOF_CLOSED) and Mode 2 (public post + FoF comments), and a six-layer implementation plan. Crypto byte layouts and algorithm specifics are marked TBD — OPUS for Opus to fill in.

Completed in this session:

  • docs/fof-spec/README.md — top-level overview, user-facing model, design properties, layering plan, out-of-scope, glossary, integration with existing primitives.
  • docs/fof-spec/layer-1-vouch-primitive.mdV_x keys, per-persona keyring, VouchGrant wire format (DM-wrapped).
  • docs/fof-spec/layer-2-mode2-fof-comments.mdCommentPolicy::FriendsOfFriends, pub_post / priv_post / wrap-slot primitives, group_sig + vouch_mac on comments.
  • docs/fof-spec/layer-3-mode1-fof-closed.mdPostVisibility::FoFClosed, wrap-slot byte layout, anonymous 2B prefilter, power-of-2 slot padding.
  • docs/fof-spec/layer-4-keypair-rotation.mdPostKeyRotation record, explicit pub_post_index on comments, per-post re-gating.
  • docs/fof-spec/layer-5-prefilter-and-cache.mdvouch_unlock_cache, vouch_unreadable_posts, author-direct fast path, keyring-change retry sweep.
  • docs/fof-spec/layer-6-revocation.md — stub; candidate designs AD; Lead leaning is coarse-rotation with UX polish (Candidate D); revisit after 30 days of production data.

Pending after this PR merges:

  • Opus review pass: fill in TBD — OPUS markers (AEAD specifier, key sizes, WrapSlot byte layout, prefilter tag algorithm confirmation, epoch granularity, etc.).
  • Lead re-review after Opus fills in crypto.
  • Per-layer branch schedule for implementation (Layer 1 ships first, independently exercised).

Stopping point: session ending after Lead self-merges docs/fof-spec-skeleton to master. Branch to be deleted locally + remote.

2026-04-23 — primary Claude (Lead) — chore/workflow-adoption

Started: late April 23 UTC Instance: Scott's primary Claude (Lead role per feedback_senior_role.md) Issue: none yet (inaugural PR; this is the chicken-and-egg case noted in CONTRIBUTING.md) Branch: chore/workflow-adoption Scope: Introduce the multi-contributor workflow to the repo. Creates CONTRIBUTING.md, AGENTS.md, and this file (sessions.md) with a seed entry.

Pre-existing state at session start:

  • v0.6.2 shipped end-to-end earlier today: APK, AppImage, CLI, anchor (PID 3475521, up since ~17:39 UTC).
  • Last merged-to-master commit before this branch: 2ce668a — People-tab rewrite (recency sort, profile-post Discover, bio modal, ignore primitive, per-author feed filter).
  • Active artifacts on itsgoin.com/public_html/: itsgoin-0.6.2.apk (183.7 MB), itsgoin_0.6.2_amd64.AppImage (177.7 MB), itsgoin-cli-0.6.2-linux-amd64 (40.8 MB).
  • No other contributors active.

Completed in this session (before this commit):

  • Designed the Lead role + amendments to the base workflow (hotfix carve-out, partnered build/deploy go-no-go, Lead-pulls-queue review pattern, re-evaluation triggers, Scott's contributor-alignment role, Lead self-merge authority).
  • Saved feedback_senior_role.md to instance memory.
  • Wrote CONTRIBUTING.md, AGENTS.md, sessions.md (this file). Originally drafted the agent guide as CLAUDE.md but that filename is .gitignored at the repo root because it has historically been a credential-leak vector; switched to AGENTS.md with an explicit security banner.
  • Iterated on Scott's role: initial draft put him in the PR-routing / build-authorizer position; revised to watch contributor alignment + partner on ship, Lead self-merges.

Pending after this PR merges:

  • Phase 0 prereqs from CONTRIBUTING.md: Forgejo CI (cargo check --workspace + cargo test -p itsgoin-core on push + PR), branch protection on master (require PR + 1 review + green CI), second Forgejo account + SSH key for Jr Claude(s). Scott coordinates.

Stopping point: session ending — Lead self-merged this PR to master (inaugural exercise of the self-merge authority the PR itself establishes, per Amendment 6). Branch chore/workflow-adoption deleted locally + remote.