padreug

padreug commented on issue aiolabs/nsecbunkerd#25

2026-06-19 20:55:15 +00:00

Design discussion / RFC: enforce token + grant lifecycle at sign time (the root behind #24)

Option D (leaning D1) implemented and deployed to all servers via #27 (merge 992c6a8):

padreug commented on issue aiolabs/nsecbunkerd#24

2026-06-19 20:55:10 +00:00

Token expiresAt (TTL) is not enforced post-bind — sign-time ACL ignores it

Fixed by #27 (merge 992c6a8), deployed to all servers 2026-06-19.

padreug commented on pull request aiolabs/nsecbunkerd#27

2026-06-19 16:51:28 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

Correction: on LNbits-connected instances, the remediation is targeted delete only — never a full wipe

padreug opened issue aiolabs/nsecbunkerd#31

2026-06-19 16:32:56 +00:00

Remove the redundant, always-failing npm run prisma:migrate step in start.js

padreug pushed to dev at aiolabs/nsecbunkerd

2026-06-19 16:05:20 +00:00

992c6a8d4a Merge pull request 'fix(acl): enforce token grant lifecycle live at sign time (#24, #25)' (#27) from issue-25-live-grant-lifecycle into dev

7dcf97a296 refactor(acl)(#27 review): remove dead reject-all sentinel

e2cf10a66d test(acl)(#25): extract pure grantIsLive/liveWhere + unit tests

85e781dfa9 fix(acl)(#24,#25): enforce token expiry+revoke live at sign time

6397c7988d feat(schema)(#25): Request.keyUserId + SigningCondition lifecycle for live grant eval

Compare 7 commits »

padreug deleted branch issue-25-live-grant-lifecycle from aiolabs/nsecbunkerd

2026-06-19 16:05:20 +00:00

padreug merged pull request aiolabs/nsecbunkerd#27

2026-06-19 16:05:19 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

padreug commented on pull request aiolabs/nsecbunkerd#27

2026-06-19 15:57:25 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

Note: the "clean DB assumed" stance has a shelf life (it ends at launch / #18)

padreug commented on pull request aiolabs/nsecbunkerd#27

2026-06-19 14:02:49 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

Thanks — sharp review. Addressed below; pushed 7dcf97a.

padreug pushed to issue-25-live-grant-lifecycle at aiolabs/nsecbunkerd

2026-06-19 14:02:18 +00:00

7dcf97a296 refactor(acl)(#27 review): remove dead reject-all sentinel

padreug commented on pull request aiolabs/nsecbunkerd#27

2026-06-19 13:57:51 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

Review — approve with nits

padreug opened issue aiolabs/nsecbunkerd#30

2026-06-19 13:30:21 +00:00

flake devShell exports prisma-engines 7.x — breaks prisma migrate/validate in the dev shell

padreug opened issue aiolabs/nsecbunkerd#29

2026-06-19 13:30:02 +00:00

Add a DB-backed test harness + integration tests for checkIfPubkeyAllowed

padreug opened issue aiolabs/nsecbunkerd#28

2026-06-19 13:29:51 +00:00

Enforce PolicyRule.maxUsageCount live at sign time (needs a durable signing log)

padreug created pull request aiolabs/nsecbunkerd#27

2026-06-19 13:17:59 +00:00

fix(acl): enforce token grant lifecycle live at sign time (#24, #25)

padreug created branch issue-25-live-grant-lifecycle in aiolabs/nsecbunkerd

2026-06-19 13:17:25 +00:00

padreug pushed to issue-25-live-grant-lifecycle at aiolabs/nsecbunkerd

2026-06-19 13:17:25 +00:00

e2cf10a66d test(acl)(#25): extract pure grantIsLive/liveWhere + unit tests

85e781dfa9 fix(acl)(#24,#25): enforce token expiry+revoke live at sign time

6397c7988d feat(schema)(#25): Request.keyUserId + SigningCondition lifecycle for live grant eval

a707d203a1 docs(#25): source-verified ACL prior-art survey + keep-our-fork decision

8326a16ea9 docs(#25): add lnbits/nostr_bunker comparison (prior art)

Compare 5 commits »

padreug commented on issue aiolabs/nsecbunkerd#25

2026-06-19 12:42:22 +00:00

Design discussion / RFC: enforce token + grant lifecycle at sign time (the root behind #24)

Prior-art survey, source-verified — the complete picture

padreug opened issue aiolabs/nsecbunkerd#26

2026-06-19 12:41:41 +00:00

NDK NIP-46 backend: get_public_key bypasses the permit callback — pubkey disclosure is ungated/unauditable through our ACL seam

padreug commented on issue aiolabs/nsecbunkerd#25

2026-06-19 08:41:17 +00:00

Design discussion / RFC: enforce token + grant lifecycle at sign time (the root behind #24)

Correction: on LNbits-connected instances, the remediation is targeted delete only — never a full wipe

Note: the "clean DB assumed" stance has a shelf life (it ends at launch / #18)

Review — approve with nits

Prior-art survey, source-verified — the complete picture

Prior art #2: Letdown2491/signet — a re-architecture of our own codebase, and a cautionary one

Prior art #2: `Letdown2491/signet` — a re-architecture of our own codebase, and a cautionary one