Skip to content

docs(skills): stop teaching deprecated LockContext.identify() (#591)#642

Open
coderdan wants to merge 1 commit into
mainfrom
docs/skills-identity-and-corrections-refresh
Open

docs(skills): stop teaching deprecated LockContext.identify() (#591)#642
coderdan wants to merge 1 commit into
mainfrom
docs/skills-identity-and-corrections-refresh

Conversation

@coderdan

Copy link
Copy Markdown
Contributor

Targets the 1.0 candidate. Closes the identity-docs half of #591 and supersedes the three stale skill-refresh PRs.

What

The stash-encryption + stash-supabase skills and the @cipherstash/stack README taught the deprecated LockContext.identify() as the primary identity-aware-encryption path. identify() fetches a per-operation CTS token that was removed in protect-ffi 0.25 and is no longer used by encryption. These ship to customers (skills via the stash tarball; README with the package), so it's wrong guidance at launch.

Now they lead with the current pattern — authenticate with OidcFederationStrategy, then .withLockContext({ identityClaim }) per operation — and demote identify() to a clearly-marked deprecated note.

Why not just merge #598 / #604 / #606

Those skill-refresh PRs predate both the adapter split (they still reference @cipherstash/stack/{supabase,drizzle}, 0 references to the new @cipherstash/stack-* packages) and the contains()matches() rename (0 matches(). Each is a ~400-line near-total rewrite, so merging/rebasing would regress the package paths and the matches() surface. The current candidate skills are the source of truth for structure/paths/matches; the only RC-critical content those PRs held was the identity-docs correction (which #598 nailed), carried forward here.

I'm closing #598 / #604 / #606 as superseded.

Scope notes

Changesets: stash patch (skills) + @cipherstash/stack patch (README).

Refs #591

https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w

The stash-encryption + stash-supabase skills and the @cipherstash/stack README
led with LockContext.identify() as the primary identity-aware-encryption path.
identify() is deprecated — per-operation CTS tokens were removed in protect-ffi
0.25. Lead with the current pattern instead (OidcFederationStrategy +
.withLockContext({ identityClaim })), and demote identify() to a clearly-marked
deprecated note.

Carries forward the identity-docs correction from the now-superseded skill-refresh
PRs (#598/#604/#606), which predated the adapter split + contains→matches rename
and would otherwise regress the package paths and matches() surface. The current
candidate skills are the source of truth for structure/paths/matches; only the
identity-docs fix needed salvaging.

Skills ship in the stash tarball → stash patch; README → @cipherstash/stack patch.

Refs #591

Claude-Session: https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w
@coderdan coderdan requested a review from a team as a code owner July 13, 2026 11:47
@changeset-bot

changeset-bot Bot commented Jul 13, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 40ab142

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages
Name Type
stash Patch
@cipherstash/stack Patch
@cipherstash/basic-example Patch
@cipherstash/e2e Patch
@cipherstash/bench Patch
@cipherstash/prisma-next Patch
@cipherstash/stack-drizzle Patch
@cipherstash/stack-supabase Patch
@cipherstash/test-kit Patch
@cipherstash/prisma-next-example Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f68e1d6a-0d3d-4e1f-b88a-ff4f43e7e140

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/skills-identity-and-corrections-refresh

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Base automatically changed from feat/eql-v3-text-search-schema to main July 14, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants