Sologretto/itsgoin
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
itsgoin/sessions.md
Scott Reimers b8b38a6f03 docs: Layer 1 — HPKE-sealed vouch grants via bio post 
Replace DM-wrapped VouchGrant with HPKE (RFC 9180) per-recipient
wrappers in the voucher's bio post. Recipient anonymity via HPKE key
privacy; readers trial-decrypt per persona. 48B per wrapper, one
ephemeral pubkey per batch. Scan gated to follows + manual gesture.
Bucket padding + per-publish shuffle for size/position opacity.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 07:38:12 -04:00

111 lines
7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Contributor Sessions Log
Rolling log of active sessions on the ItsGoin repository. Every contributor — Lead or Jr — appends an entry on session start and updates it on session end. Newest entries at the top.
See `CONTRIBUTING.md` for the protocol. See `AGENTS.md` for the Claude-specific session-start checklist.
---
## 2026-04-24 — primary Claude (Lead) — `docs/fof-spec-layer1-bio-grants`
**Started**: April 24 UTC
**Instance**: Scott's primary Claude (Lead)
**Issue**: none (spec refinement)
**Branch**: `docs/fof-spec-layer1-bio-grants`
**Scope**: Fold Scott + Opus's Layer 1 design answer into the spec. Vouch distribution moves from DM-wrapped `VouchGrant` to HPKE-sealed per-recipient wrappers carried in the voucher's bio post, leveraging existing bio-post CDN propagation and HPKE (RFC 9180) key privacy for recipient anonymity.
**Key design commitments added to Layer 1**:
- HPKE RFC 9180 (DHKEM X25519 + HKDF-SHA256 + ChaCha20Poly1305) for per-recipient wrappers; one ephemeral pubkey per batch; 48B per wrapper.
- HKDF `info = "itsgoin/vouch-grant/v1/" || bio_post_id` — recipient-free (non-negotiable for key privacy).
- No prefilter tag on grants (no prior shared secret); full X25519 trial at ~60µs per wrapper per persona is tolerable (≤90ms even at 512×3 worst case).
- Scan policy: auto-scan bio posts of followed personas; manual "check bio" gesture for non-followed; scan cache keyed by `(scanner_persona, bio_author, bio_epoch)`.
- Bucket-padding (64/128/256/512) and per-publish wrapper shuffle for size/position opacity.
- No separate `vouches_issued` table on the wire; bio post IS the authoritative record. Local-only `own_vouch_targets` tracks what the persona has granted.
- Incremental grant-as-comment path (Scott's suggestion for avoiding full republish) deferred; v1 ships with full republish per change.
**Completed**:
- Rewrote `docs/fof-spec/layer-1-vouch-primitive.md` end-to-end.
- README updated: Layer 1 scope line + added bio-post integration bullet.
- Self-merged to master.
**Pending**:
- Opus confirmation passes still open on other layers (WrapSlot byte layout, AEAD choice for body, padding schemes).
- Layer 26 untouched in this pass.
**Stopping point**: merged to master; branch deleted.
---
## 2026-04-23 — primary Claude (Lead) — `docs/fof-spec-skeleton`
**Started**: late April 23 UTC
**Instance**: Scott's primary Claude (Lead role)
**Issue**: none (spec-drafting work; hand-off to Opus for crypto fill-in)
**Branch**: `docs/fof-spec-skeleton`
**Scope**: Skeleton spec for Friend-of-Friend (FoF) post gating. Lays out the per-person vouch-key (`V_me`) primitive, four visibility levels (Public / Friends-only / FoF / Custom), Mode 1 (`FOF_CLOSED`) and Mode 2 (public post + FoF comments), and a six-layer implementation plan. Crypto byte layouts and algorithm specifics are marked `TBD — OPUS` for Opus to fill in.
**Completed in this session**:
- `docs/fof-spec/README.md` — top-level overview, user-facing model, design properties, layering plan, out-of-scope, glossary, integration with existing primitives.
- `docs/fof-spec/layer-1-vouch-primitive.md``V_x` keys, per-persona keyring, `VouchGrant` wire format (DM-wrapped).
- `docs/fof-spec/layer-2-mode2-fof-comments.md``CommentPolicy::FriendsOfFriends`, `pub_post` / `priv_post` / wrap-slot primitives, `group_sig` + `vouch_mac` on comments.
- `docs/fof-spec/layer-3-mode1-fof-closed.md``PostVisibility::FoFClosed`, wrap-slot byte layout, anonymous 2B prefilter, power-of-2 slot padding.
- `docs/fof-spec/layer-4-keypair-rotation.md``PostKeyRotation` record, explicit `pub_post_index` on comments, per-post re-gating.
- `docs/fof-spec/layer-5-prefilter-and-cache.md``vouch_unlock_cache`, `vouch_unreadable_posts`, author-direct fast path, keyring-change retry sweep.
- `docs/fof-spec/layer-6-revocation.md` — stub; candidate designs AD; Lead leaning is coarse-rotation with UX polish (Candidate D); revisit after 30 days of production data.
**Pending after this PR merges**:
- Opus review pass: fill in `TBD — OPUS` markers (AEAD specifier, key sizes, WrapSlot byte layout, prefilter tag algorithm confirmation, epoch granularity, etc.).
- Lead re-review after Opus fills in crypto.
- Per-layer branch schedule for implementation (Layer 1 ships first, independently exercised).
**Stopping point**: session ending after Lead self-merges `docs/fof-spec-skeleton` to master. Branch to be deleted locally + remote.
---
## 2026-04-23 — primary Claude (Lead) — `chore/workflow-adoption`
**Started**: late April 23 UTC
**Instance**: Scott's primary Claude (Lead role per `feedback_senior_role.md`)
**Issue**: none yet (inaugural PR; this is the chicken-and-egg case noted in CONTRIBUTING.md)
**Branch**: `chore/workflow-adoption`
**Scope**: Introduce the multi-contributor workflow to the repo. Creates `CONTRIBUTING.md`, `AGENTS.md`, and this file (`sessions.md`) with a seed entry.
**Pre-existing state at session start**:
- v0.6.2 shipped end-to-end earlier today: APK, AppImage, CLI, anchor (PID 3475521, up since ~17:39 UTC).
- Last merged-to-master commit before this branch: `2ce668a` — People-tab rewrite (recency sort, profile-post Discover, bio modal, ignore primitive, per-author feed filter).
- Active artifacts on `itsgoin.com/public_html/`: `itsgoin-0.6.2.apk` (183.7 MB), `itsgoin_0.6.2_amd64.AppImage` (177.7 MB), `itsgoin-cli-0.6.2-linux-amd64` (40.8 MB).
- No other contributors active.
**Completed in this session (before this commit)**:
- Designed the Lead role + amendments to the base workflow (hotfix carve-out, partnered build/deploy go-no-go, Lead-pulls-queue review pattern, re-evaluation triggers, Scott's contributor-alignment role, Lead self-merge authority).
- Saved `feedback_senior_role.md` to instance memory.
- Wrote `CONTRIBUTING.md`, `AGENTS.md`, `sessions.md` (this file). Originally drafted the agent guide as `CLAUDE.md` but that filename is `.gitignore`d at the repo root because it has historically been a credential-leak vector; switched to `AGENTS.md` with an explicit security banner.
- Iterated on Scott's role: initial draft put him in the PR-routing / build-authorizer position; revised to watch contributor alignment + partner on ship, Lead self-merges.
**Pending after this PR merges**:
- Phase 0 prereqs from `CONTRIBUTING.md`: Forgejo CI (`cargo check --workspace` + `cargo test -p itsgoin-core` on push + PR), branch protection on master (require PR + 1 review + green CI), second Forgejo account + SSH key for Jr Claude(s). Scott coordinates.
**Stopping point**: session ending — Lead self-merged this PR to master (inaugural exercise of the self-merge authority the PR itself establishes, per Amendment 6). Branch `chore/workflow-adoption` deleted locally + remote.
---
<!-- New entries go above this line, newest first. Template:
## YYYY-MM-DD — <instance> (<role>) — `<branch-name>`
**Started**: <time UTC>
**Instance**: <identifier>
**Issue**: #<num> <title>
**Branch**: <branch-name>
**Scope**: <one-line summary>
**Completed**:
- <point>
**Pending / blockers**:
- <point>
**Stopping point**: <exactly where work was left>
---
-->
Reference in a new issue View git blame Copy permalink