docs(arch): ADR-030..033 — repo/adapter pattern, PeerEntry, CredentialStore, forwarded-for
Land the storage and auth strategy research (findings.md) as four accepted ADRs and amend the core and call specs to match: - ADR-030: PeerEntry and Identity.id decoupling. Replaces authorized_fingerprints with peers: Vec<PeerEntry>; Identity.id becomes the stable peer_id, decoupled from the rotating fingerprint. Supersedes ADR-029 Assumption 1's UUID source (one-way door preserved, source changes). Resolves OQ-33 and the storage-boundary half of OQ-34. Records the API-key asymmetry as deliberate (OQ-35). - ADR-031: CredentialStore repo trait + InMemoryCredentialStore default adapter in core. Second repo trait alongside IdentityProvider. Vault encrypts; the store persists the EncryptedData blob; assembly layer loads into Capabilities. EncryptedData core mirror includes salt for wire-format compat. - ADR-032: Forwarded-for identity. forwarded_for field on call.requested and OperationContext — metadata only, never read by AccessControl::check (enforced structurally via the check signature). The from_call handler populates it. Wire-format one-way door, folded into the ADR-029 migration window. - ADR-033: Storage boundary and repo/adapter pattern. Core defines repo traits + in-memory defaults; persistence adapters are separate crates; assembly layer wires. Resolves OQ-34. Concrete adapter shapes deferred for exploration (OQ-36). Amends auth.md, config.md, operation-registry.md, client-and-adapters.md, open-questions.md, README.md, crates/core/README.md. Marks ADR-029 Accepted (Assumption 1 carries the ADR-030 superseded note). Marks the research findings doc reviewed.
This commit is contained in:
@@ -1,11 +1,14 @@
|
||||
---
|
||||
status: draft
|
||||
status: reviewed
|
||||
last_updated: 2026-06-27
|
||||
---
|
||||
|
||||
# Storage and Auth Strategy
|
||||
|
||||
**Status**: Draft for iteration
|
||||
**Status**: Conclusions landed as ADR-030, ADR-031, ADR-032, ADR-033. This
|
||||
document is the research that informed those ADRs; the ADRs and the amended
|
||||
specs (`auth.md`, `config.md`, `client-and-adapters.md`,
|
||||
`operation-registry.md`) are now the authoritative source.
|
||||
**Date**: 2026-06-27
|
||||
**Scope**: Cross-cutting — storage decomposition, auth/ACL model, repo/adapter
|
||||
pattern, SQLite+honker as foundation, metagraph as tool. Synthesizes the
|
||||
@@ -14,7 +17,7 @@ OQ-33/34 resolution.
|
||||
|
||||
This document consolidates a multi-thread discussion into an architectural
|
||||
strategy for storage and auth in the alknet crate graph. It is not an ADR —
|
||||
it's the research that will inform ADRs and spec amendments.
|
||||
it's the research that informed ADRs and spec amendments.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user