fix(sdk/ts): address relay by base58 cryptoId, not base64 public key#226
Conversation
The relay's canonical routing/identity id is the base58 cryptoId (the Solana address = base58 of the 32-byte Ed25519 public key), per the backend spec (crypto-identity.md, identity-registry.md). The TS SDK was addressing messages by the base64 Ed25519 public key (`signer.publicKeyBase64`) for `from`/`to`, mailbox list, key publish, and group-member handoff. The relay accepted it (it treats the address as an opaque mailbox key), which masked the non-conformance — but a strict, spec-conformant consumer (the Rust SDK / openhuman) base58-decodes the id to recover the public key, and a base64 string fails to decode (illegal base58 chars) → it can't verify signatures, open a Signal session, or route a reply. Cross-SDK interop (TS agent ↔ Rust agent) broke. Normalize the identity/relay-id surface to base58 cryptoId (`signer.agentId`): - messaging: from/to, resolveRecipientKey (a base64 messaging-key input is now normalized to its cryptoId), readMessages/list, publishKeys address. - encryption: EncryptionContext.address + envelope to/from decode via the new crypto.cryptoIdToPublicKey (base58 → raw Ed25519 bytes → X25519 for ECDH). - group: address the 1:1 key handoff by the member's base58 cryptoId. - cli: harness-wrapper / workflows / status use agentId. Crucially KEEP base64 for Signal key material and ciphertext — the published `identityKey` field stays the base64 Ed25519 key (a peer decodes it to bootstrap X3DH; it is not a routing address). Base58 = "who" (address); base64 = "the bytes". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
|
@sanil-23 is attempting to deploy a commit to the Vezures Team on Vercel. A member of the Team first needs to authorize it. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAgent addressing across the TypeScript SDK is migrated from base64 Ed25519 public keys to base58 cryptoId ( ChangesCryptoId-based addressing migration
Estimated code review effort: 4 (Complex) | ~60 minutes Sequence Diagram(s)sequenceDiagram
participant Sender
participant EncryptionContext
participant CryptoUtils
participant KeyServer
participant Recipient
Sender->>EncryptionContext: sendMessage(to=recipient.agentId)
EncryptionContext->>CryptoUtils: cryptoIdToPublicKey(envelope.to)
CryptoUtils-->>EncryptionContext: recipient Ed25519 public key
EncryptionContext->>KeyServer: fetch/publish bundle (address=agentId, identityKey=publicKeyBase64)
EncryptionContext-->>Sender: encrypted envelope (from=signer.agentId)
Sender->>Recipient: deliver envelope
Recipient->>EncryptionContext: decryptEnvelope(envelope)
EncryptionContext->>CryptoUtils: cryptoIdToPublicKey(envelope.from)
CryptoUtils-->>EncryptionContext: sender Ed25519 public key
EncryptionContext-->>Recipient: decrypted message
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Comment |
…elay-ids # Conflicts: # sdk/typescript/src/messaging/encryption.ts
Problem
The relay's canonical routing/identity id is the base58 cryptoId (the Solana address = base58 of the 32-byte Ed25519 public key), per the backend spec (
crypto-identity.md:7,identity-registry.md:44). The TS SDK was addressing messages by the base64 Ed25519 public key (signer.publicKeyBase64) forfrom/to, mailboxlist, key-publish address, and group-member handoff.The relay accepted it because it treats the address as an opaque mailbox key — which masked the non-conformance. But a strict, spec-conformant consumer (the Rust SDK / openhuman) base58-decodes the id to recover the public key, and a base64 string fails to decode (base64's alphabet includes
+///=and0/O/I/l, which base58 forbids) → it can't verify signatures, open a Signal session, or route a reply. Cross-SDK interop (TS agent ↔ Rust agent) broke.Fix
Normalize the identity/relay-id surface to base58 cryptoId (
signer.agentId):from/to,resolveRecipientKey(a base64 messaging-key input is now normalized to its cryptoId),readMessages/list,publishKeysaddress.EncryptionContext.address+ envelopeto/fromdecode via the newcrypto.cryptoIdToPublicKey(base58 → raw Ed25519 bytes → X25519 for ECDH).harness-wrapper/workflows/statususeagentId.Crucially base64 is preserved for Signal key material + ciphertext — the published
identityKeyfield stays the base64 Ed25519 key (a peer decodes it to bootstrap X3DH; it is not a routing address). Mental model: base58 = "who" (address); base64 = "the bytes".Testing
tscclean; 354 unit tests pass (98 staging tests skipped — need network). Tests updated to assert base58 addressing (agent-messaging,encrypted-messaging,cli,codex-cli).🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Bug Fixes