docs(spec): B2 wallet device registry — design + plan (for review)#47
Merged
Conversation
Stateless, encrypted, blind-relay device registry: your machines appear everywhere by name with no add-machine and no SAS. Decisions: encrypted (relay fully blind), relay stays STATELESS (in-memory soft-state riding the live agent registration, rebuilt on reconnect), zero-touch enrollment + notify. AEAD (ChaCha20-Poly1305, machine_id AAD) gives encryption AND authenticity, so the relay verifies nothing. Discovery-only — B1.4 acceptance + LAN-direct unchanged; pair/add-machine kept for cross-wallet. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The next iteration: B2 — wallet device registry. Pays off the wallet identity (B1) and
kills the re-pair-every-machine friction. Spec + plan only, no code — for your review
before implementation (it touches
mir-signal, so a deploy is your hand).The idea
Add a device = have the wallet (passkey-sync or
mir wallet import-phrase) + start serving →it appears, by name, on all your devices, attachable with no pairing, no add-machine.
Locked decisions (from brainstorm)
registration (rebuilt on reconnect), not a database. No disk, no persistence.
others print a one-line "new device joined" notice.
Why it stays true to the thesis
ChaCha20-Poly1305 with
machine_idas AAD gives encryption AND authenticity for free: aforged blob from a non-wallet-holder fails to open and is silently dropped, so the relay
verifies nothing, decrypts nothing, persists nothing — blind and stateless. Discovery
only: B1.4 acceptance and offline LAN-direct are untouched;
pair/add-machinestay forcross-wallet (Track D).
Trade-off (accepted)
Online-only discovery — a powered-off machine isn't listed until it reconnects (you can't
attach to it anyway). Revocation = power off / rotate the wallet (no persistent tombstone).
Slices
B2.0 crypto (Go+JS+vector) · B2.1 relay (blind/stateless) · B2.2 agent publishes + auto-serves
own wallet · B2.3 client discover/merge/notify · B2.4 browser auto-list · B2.5 e2e + deploy.
Review the spec/plan; say kör and I start with B2.0 (crypto, no infra) and work up — the
mir-signaldeploy in B2.5 is your hand.🤖 Generated with Claude Code