Skip to content

fix: subscribe InboxV2 on routing_id, not the credential id#155

Draft
osmaczko wants to merge 1 commit into
mainfrom
fix/directv1-account-routing
Draft

fix: subscribe InboxV2 on routing_id, not the credential id#155
osmaczko wants to merge 1 commit into
mainfrom
fix/directv1-account-routing

Conversation

@osmaczko

@osmaczko osmaczko commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

InboxV2 gated inbound on the credential id (hex of the DelegateCredential TLV),
but a sender addresses the Welcome to the invitee's routing address, which the
account directory resolves to the device key HttpRegistry stores the key-package
under. The two differ, so the Welcome fell through to PayloadOutcome::Empty and
the invitee never joined. EphemeralRegistry hid this by keying key-packages on
the credential id.

This is routing-vs-credential, not account-vs-device: the TLV-wrapped credential
differs from the address even when account key == device key (testnet today), so
a client associating over HttpRegistry hits it; only the in-process
EphemeralRegistry path is unaffected.

Add IdentityProvider::routing_id() (defaults to id()); DelegateSigner derives it
from its credential (the account address once associated, else id());
Core::assemble subscribes InboxV2 on routing_id(). id() still backs the MLS
credential, member id, sender id, and decode_sender, so membership and
attribution are unchanged. Regression test direct_v1_welcome_routes_on_routing_id
over a device-key-keyed registry (as HttpRegistry) fails without the fix.

@osmaczko osmaczko force-pushed the fix/directv1-account-routing branch from 5d02196 to 9fb2ae7 Compare June 30, 2026 20:51
InboxV2 gated inbound on the credential id (hex of the DelegateCredential TLV),
but a sender addresses the Welcome to the invitee's routing address, which the
account directory resolves to the device key HttpRegistry stores the key-package
under. The two differ, so the Welcome fell through to PayloadOutcome::Empty and
the invitee never joined. EphemeralRegistry hid this by keying key-packages on
the credential id.

This is routing-vs-credential, not account-vs-device: the TLV-wrapped credential
differs from the address even when account key == device key (testnet today), so
a client associating over HttpRegistry hits it; only the in-process
EphemeralRegistry path is unaffected.

Add IdentityProvider::routing_id() (defaults to id()); DelegateSigner derives it
from its credential (the account address once associated, else id());
Core::assemble subscribes InboxV2 on routing_id(). id() still backs the MLS
credential, member id, sender id, and decode_sender, so membership and
attribution are unchanged. Regression test direct_v1_welcome_routes_on_routing_id
over a device-key-keyed registry (as HttpRegistry) fails without the fix.
@osmaczko osmaczko force-pushed the fix/directv1-account-routing branch from 9fb2ae7 to 75435b3 Compare June 30, 2026 23:45
@osmaczko osmaczko changed the title fix: deliver DirectV1 Welcome to account-associated invitees (routing_id) fix: subscribe InboxV2 on routing_id, not the credential id Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant