You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make the kernel's peer identity netlayer-neutral and remove libp2p-specific
crypto from the identity/URL/error layer:
- Add remotes/kernel/identity.ts: deriveNeutralPeerId / neutralPeerIdToPublicKey
/ publicKeyToNeutralPeerId (base58btc multibase of the raw Ed25519 public key
via @noble/curves), exported from the package barrel.
- remote-comms.ts derives the neutral peerId from the seed and encrypts ocap-URL
oids with WebCrypto AES-256-GCM (crypto.subtle, key used directly, random IV)
instead of @libp2p/crypto AES_GCM/Ed25519.
- connection-factory.ts converts neutral <-> libp2p peerIds at the libp2p
boundary (dial, inbound handler, peer:disconnect); the transport layer only
ever sees neutral ids.
- kernel-errors drops its @libp2p/interface import: isRetryableNetworkError
classifies ChannelResetError and matches MuxerClosedError by name.
- ocap: URL host is now the neutral z... id; format otherwise unchanged.
Compatibility breaks by design (no migration). Verified with fresh storage.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: docs/identity-backup-recovery.md
+15-9Lines changed: 15 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,11 @@ The OCAP Kernel supports BIP39 mnemonic phrases for backing up and recovering ke
4
4
5
5
## Overview
6
6
7
+
> **Format change**: The peer ID is now the multibase base58btc encoding of the
8
+
> raw 32-byte Ed25519 public key (a `z…` string), independent of any network
9
+
> transport. Peer IDs and `ocap:` URLs issued before this change (which used the
10
+
> libp2p `12D3KooW…` peer ID form) are not compatible; recover onto fresh storage.
11
+
7
12
Each kernel has a unique identity derived from a cryptographic seed. This identity determines the kernel's peer ID, which is used for peer-to-peer communication. By default, the kernel generates a random seed on first initialization. With BIP39 support, you can:
8
13
9
14
-**Create a recoverable identity** by generating a mnemonic and using it during initialization
@@ -57,7 +62,7 @@ if (isValidMnemonic(mnemonic)) {
0 commit comments