chore(vendor): bump sphere-sdk to 116b8d9 (PR #385 identity-keys cache-only)#334
Open
vrogojin wants to merge 2 commits into
Open
chore(vendor): bump sphere-sdk to 116b8d9 (PR #385 identity-keys cache-only)#334vrogojin wants to merge 2 commits into
vrogojin wants to merge 2 commits into
Conversation
…e-only) Pulls fix(profile)(security): keep identity / seed material out of OrbitDB. Identity keys (mnemonic, master_key, chain_code, derivation_path, ...) are now cache-only — never written to OrbitDB → never replicated to IPFS. Source: sphere-sdk fix/profile-identity-keys-cache-only @ 116b8d9 PR: unicity-sphere/sphere-sdk#385 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds commit 96991eb on PR #385: fix(profile)(security): lazy-backfill identity keys from fallback into primary Without this, post-deploy existing wallets continue to emit "[Sphere] Identity read for ... missing from primary storage; consulting fallbackStorage" on every boot — even though the wallet works correctly. The backfill silences the warning for legacy wallets by writing the fallback value into the Profile localCache on first successful fallback consult; subsequent boots find it in primary on the first try. Source: sphere-sdk fix/profile-identity-keys-cache-only @ 96991eb PR: unicity-sphere/sphere-sdk#385 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Vendors sphere-sdk PR #385: fix(profile)(security): keep identity / seed material out of OrbitDB.
Identity keys (
mnemonic,master_key,chain_code,derivation_path,base_path,derivation_mode,wallet_source,current_address_index) are now cache-only — never written to OrbitDB → never replicated to IPFS via the snapshot CAR pin path.Closes the leak window that Audit #333 C1 left open at the
encrypt()boundary: pre-fix, aftersetIdentityattached a key, identity writes would have been encrypted and pushed to OrbitDB. Even encrypted, that lowers the threat model from "compromise the device" to "brute-force a password against an IPFS-pinned ciphertext".Source
fix/profile-identity-keys-cache-only116b8d9Test plan
[Sphere] Identity read for "master_key" missing from primary storagewarnings stop appearing in the browser console at https://sphere-telco-test.dyndns.org for new Profile-mode wallets created post-deploy.🤖 Generated with Claude Code