Skip to content

State Types - NodeState struct definitions #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
m-005 wants to merge 2 commits into from
Closed

State Types - NodeState struct definitions #36

m-005 wants to merge 2 commits into from

Conversation

@m-005
Copy link
Member

@m-005 m-005 commented Jan 21, 2026
edited
Loading

Part 3 of the Foundation stage for objects-node daemon.

Changes

Adds state type definitions for persistent node state:

  • NodeState - Persistent state with node keypair and optional identity
    • Uses SecretKey from objects-transport (Iroh Ed25519 key)
    • Optional IdentityInfo for registered OBJECTS identities
  • IdentityInfo - RFC-001 identity linking:
    • Identity ID (obj_ + base58 hash)
    • Registered handle
    • 8-byte nonce for ID derivation
    • Signer type (Passkey or Wallet)

Security

Comprehensive documentation on security requirements:

  • State files must use 600 permissions (owner read/write only)
  • Node key must be kept secure and never committed to version control
  • Supports anonymous mode (no identity) for nodes that don't publish assets

Testing

  • Serialization round-trip tests
  • Identity persistence tests
  • Both Passkey and Wallet signer types validated

Part of the Foundation stage (3/4). Builds on: #47. Next: State Persistence (#37).

This was referenced Jan 21, 2026
Closed
Closed
Closed
m-005 added a commit that referenced this pull request Jan 21, 2026
@m-005
Config Loading - TOML file I/O and env overrides
c44f1b6 
Part 2 of the Foundation stage for objects-node daemon.

## Changes

Implements configuration loading and validation:

- ConfigError enum with proper error types (IO, Parse, Validation)
- from_env() - Load configuration from environment variables only
- load_or_create() - Load from TOML file or create with defaults
- load() and save() - TOML file I/O with parent directory creation
- validate() - Comprehensive validation:
  - API port in valid range (1024-65535)
  - Valid IP address for bind address
  - HTTPS-only relay URLs
  - RFC-002 compliant discovery topic format
- Environment variable overrides with proper precedence

## Testing

Uses temp-env for safe environment variable testing (no unsafe blocks):
- Config file creation and loading
- Environment variable override tests
- Validation error cases (invalid port, IP, URL, topic)
- Round-trip serialization

## Dependencies

- Added temp-env for safe test environment manipulation
- Added tempfile for temporary test directories

Part of the Foundation stage (2/4). Builds on: #34. Next: State Types (#36).

Pull Request: #39
m-005 added a commit that referenced this pull request Jan 21, 2026
@m-005
State Persistence - File I/O and keypair generation
ed0b028 
Part 4 of the Foundation stage for objects-node daemon.

## Changes

Implements state persistence with secure file I/O:

- StateError enum with proper error handling (IO, Parse, Permission errors)
- load_or_create() - Load from file or generate new keypair if missing
- load() and save() - JSON file I/O with secure permissions
- generate_new() - Cryptographically secure keypair generation using rand::rng()
- ensure_permissions() - Parent directory creation and validation
- Unix file permissions enforced (600) on state files

## Security

- State files automatically created with 600 permissions (owner read/write only)
- Parent directories created recursively as needed
- Validation prevents writing to invalid paths (e.g., when parent is a file)
- Uses cryptographically secure random number generation

## Testing

Comprehensive test coverage:
- File creation and loading
- Round-trip serialization with and without identity
- Unix file permission verification (600)
- Parent directory creation
- Error cases (missing files, invalid paths)

## Dependencies

- Added rand to main dependencies for secure key generation

Part of the Foundation stage (4/4). Builds on: #36. 

Foundation stage complete\! Config and state management fully implemented with 22 passing tests.
@m-005 m-005 force-pushed the spr/m-005/state-types-nodestate-struct-definitions branch from 2dd8728 to 2fcb887 Compare January 21, 2026 03:42
@m-005 m-005 changed the base branch from spr/m-005/main.state-types-nodestate-struct-definitions to spr/m-005/config-loading-toml-file-io-and-env-overrides January 21, 2026 03:45
@m-005 m-005 force-pushed the spr/m-005/config-loading-toml-file-io-and-env-overrides branch from f3b3890 to 005b091 Compare January 21, 2026 03:47
@OBJECTSHQ OBJECTSHQ deleted a comment from claude bot Jan 21, 2026
@m-005 m-005 force-pushed the spr/m-005/state-types-nodestate-struct-definitions branch from 2fcb887 to 4daee81 Compare January 23, 2026 23:22
@m-005 m-005 force-pushed the spr/m-005/config-loading-toml-file-io-and-env-overrides branch from 005b091 to f6abbbc Compare January 23, 2026 23:22
@claude
Copy link

claude bot commented Jan 23, 2026

Code Review

Found 2 issues:

Issue 1: CLAUDE.md compliance - Use shared test utility

File: bins/objects-node/src/state.rs (lines 82, 105)

The tests should use objects_test_utils::transport::secret_key() instead of calling SecretKey::generate(&mut rand::rng()) directly.

Per CLAUDE.md:

Use shared test utilities from objects-test-utils instead of duplicating helpers.

  • transport - Endpoint and network config factories

The transport::secret_key() utility exists for exactly this purpose.

Suggested fix:

let node_key = transport::secret_key();

Issue 2: Missing signer_public_key field in IdentityInfo

File: bins/objects-node/src/state.rs (lines 50-73)

The IdentityInfo struct stores the nonce field with documentation stating it is "required for verification of the identity ID" (line 65), but is missing the signer_public_key field which is also required.

Per RFC-001 and IdentityId::derive(), identity IDs are derived from:

identity_id = "obj_" || base58(truncate(sha256(signer_public_key || nonce), 15))

Without the signer_public_key, it is impossible to verify the identity ID derivation. The verify_id_derivation() function requires both the public key and nonce to re-derive and verify the identity ID.

Suggested fix:
Add a signer_public_key: [u8; 33] field to the IdentityInfo struct to enable identity ID verification.

@claude
Copy link

claude bot commented Jan 23, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

@m-005 m-005 force-pushed the spr/m-005/config-loading-toml-file-io-and-env-overrides branch from f6abbbc to b73bee5 Compare January 24, 2026 00:19
@m-005 m-005 force-pushed the spr/m-005/state-types-nodestate-struct-definitions branch from 4daee81 to 399db79 Compare January 24, 2026 00:19
@m-005 m-005 force-pushed the spr/m-005/config-loading-toml-file-io-and-env-overrides branch from b73bee5 to 18552c0 Compare January 24, 2026 11:31
@m-005 m-005 force-pushed the spr/m-005/state-types-nodestate-struct-definitions branch from 399db79 to 6650f30 Compare January 24, 2026 11:31
m-005 added 2 commits January 24, 2026 06:33
@m-005
Config Loading - TOML file I/O and env overrides
42eff09 
Pull Request: #46
@m-005
State Types - NodeState struct definitions
531e040 
Part 3 of the Foundation stage for objects-node daemon.

## Changes

Adds state type definitions for persistent node state:

- NodeState - Persistent state with node keypair and optional identity
  - Uses SecretKey from objects-transport (Iroh Ed25519 key)
  - Optional IdentityInfo for registered OBJECTS identities
- IdentityInfo - RFC-001 identity linking:
  - Identity ID (obj_ + base58 hash)
  - Registered handle
  - 8-byte nonce for ID derivation
  - Signer type (Passkey or Wallet)

## Security

Comprehensive documentation on security requirements:
- State files must use 600 permissions (owner read/write only)
- Node key must be kept secure and never committed to version control
- Supports anonymous mode (no identity) for nodes that don't publish assets

## Testing

- Serialization round-trip tests
- Identity persistence tests
- Both Passkey and Wallet signer types validated
@m-005 m-005 force-pushed the spr/m-005/state-types-nodestate-struct-definitions branch from 6650f30 to 531e040 Compare January 24, 2026 11:34
@m-005 m-005 force-pushed the spr/m-005/config-loading-toml-file-io-and-env-overrides branch from 18552c0 to 42eff09 Compare January 24, 2026 11:34
@m-005 m-005 changed the base branch from spr/m-005/config-loading-toml-file-io-and-env-overrides to push-oxsqyvmwrqyl January 24, 2026 11:43
@m-005 m-005 deleted the branch push-oxsqyvmwrqyl January 24, 2026 11:52
@m-005 m-005 closed this Jan 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@m-005