fix(docs): #10 rename JWT terminology — phase 1 (3 wiki files)#23
Merged
Conversation
Partial fix for #10. Covers the 3 highest-traffic wiki files: - wiki/data-classification.md: 15 → 5 JWT mentions (remaining are legit JWT-format references with context). - wiki/key-security.md: 8 → 3. - wiki/blockchain-tee-architecture.md: 36 → 16. Remaining work tracked as follow-up: - wiki/session-token.md (14 mentions, mostly in the existing "why we don't call it JWT" section — keep as-is for rhetorical contrast). - docs/contradictions.md §1.2 (terminology contradiction): already marked RESOLVED in earlier commit (TTL/storage/terminology/pair-transport pass). - docs/spec/1-step-analysis.md (5), tech-brief.md (2), heima-open-questions.md (1), heima-cli-exploration.md (1), aiosandbox/agent-infra-sandbox-analysis.md (4): these are spec-level and mostly internal; separate PR. No code changes. Heima-side rename (coordinate with Kai) still separate. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 task
Member
Author
|
Codex review (via gstack VerdictI found one documentation accuracy issue: the edited threat-model row now applies the 30-day master-token TTL to the combined laptop/sandbox compromise case, even though sandbox child sessions are documented and implemented as shorter-lived. Aside from that docs inconsistency, the patch does not appear to break code or tests. Review comment:
— codex |
Codex P2: threat-model row covering 'laptop/sandbox' client compromise claimed ~30-day impersonation window. That's only correct for the master CLI bearer; sandbox daemon agent/child sessions are short-lived (1–24h, 4h default). Row now splits TTL by client type. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Member
Author
|
Codex re-review v2 — ✅ APPROVED
The 30-day TTL qualification landed in commit 449ee90 resolved the prior P2 finding. |
…ion-token.md User directive: keep 30-day TTL consistently across the project (shortening agent sessions is a possible future defense-in-depth tweak, but for now uniform with master per the canonical policy in wiki/session-token.md). Reverts the split-by-client-type threat-model row from v2 — now 30 days applies to both master and sandbox/agent cases, matching the wiki declaration. Code alignment (mock server): - handlers/session.rs: introduce DEFAULT_SESSION_TTL_SECONDS const (30 days); replace 3 × 86400u64 + 1 × 3600u64 magic numbers. - test_client.rs: 3 × 86400/3600 → 2_592_000 (30 days). Doc alignment: - wiki/session-token.md:244 — mock default 86400s → 2_592_000s (30 days). - docs/spec/1-step-analysis.md:124 — master auth token "15 min – 24 h" → 30-day canonical policy. - docs/spec/1-step-analysis.md:784 — master session TTL same. - docs/spec/1-step-analysis.md:787 — agent session TTL "4h default, up to 24h" → 30 days (same as master). - wiki/data-classification.md:214 — threat-model row restored to single ~30-day TTL claim. 51 tests across cli + mock-server crates all pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Member
Author
|
Correction after human review — TTL policy: 30 days everywhere Codex v1 suggested splitting master (~30d) from sandbox/agent (~1-24h) TTLs. On human review we're keeping 30 days consistently across master CLI and agent/sandbox sessions per the canonical policy in Shortening agent session TTLs is a valid future defense-in-depth tweak but is out of scope for this rename PR. New commit afd253f reverts the v2 threat-model split and aligns the rest of the project to the 30-day policy:
51 tests (cli + mock-server) green. Re-review fired. |
…0 days too Codex v3 caught one more TTL inconsistency: approve_auth_request mints child sessions with ttl = 3600u64 (1 hour) on both the Pair and Recover branches. That contradicts the 30-day canonical policy now documented throughout the project. Both `let ttl = 3600u64` sites bumped to 2_592_000 (30 days) with inline comment referencing wiki/session-token.md. 37 mock-server tests green. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hanwencheng
added a commit
that referenced
this pull request
Apr 14, 2026
Rebase of fix/issue-12 onto current main (post-PR #18 #19 #21 #23 merges) surfaced two concrete integration issues, fixed in this patch: **1. Expose session_store helpers for test reuse** - Make `agentkeys_core::session_store::fallback_path(session_id)` public so CLI tests can assert on the on-disk path layout. - Re-export `agentkeys_core::session_store` at `agentkeys_cli::session_store` so existing test imports (`use agentkeys_cli::session_store;`) keep working after the old cli-local `session_store.rs` was deleted upstream. **2. cmd_revoke clear_session calls (post-PR #18 self-revoke merge)** PR #18 added `session_store::clear_session()` calls on self-revoke paths. The new signature takes `session_id`, not 0 args. Pass `&ctx.session_id` so the revoke wipes the correct namespace for any future multi-session CLI caller. **3. Integration tests: seed identity_links for Recover** PR #21 tightened `resolve_identity_typed` to require the identity to exist in `identity_links` before resolution. Two pair_tests (`recover_full_loop`, `recover_credentials_intact`) opened Recover requests with aliases that were never linked, so they now 404. Added `InProcessBackend::link_identity_for_tests(identity_type, identity_value, wallet)` that inserts directly into the mock DB's `identity_links` table. The two failing tests now seed the alias link before the Recover flow. Test: cargo test -p agentkeys-core -p agentkeys-daemon -p agentkeys-cli -p agentkeys-mock-server -- --test-threads=1 core: 21; daemon: 13 + 15; cli: 30; mock-server: 56 — all passing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Partial fix for #10 (docs-only rename). Covers 3 highest-traffic wiki files that consistently described the 30-day AgentKeys auth bearer as a "JWT" — misleading because it implies disposable/short-lived when in fact it's a long-lived high-security credential.
Reductions
wiki/data-classification.mdwiki/key-security.mdwiki/blockchain-tee-architecture.mdRemaining occurrences are legitimate JWT-format references ("signed JWT", "JWT claims", etc.) where the format itself is being discussed, not the product-level bearer name.
Remaining work (follow-up PR)
wiki/session-token.md(14 occurrences): already has a dedicated "Why we don't call it JWT" section — most occurrences are intentional for rhetorical contrast. Will be reviewed separately.docs/spec/files (13 total): spec-level, less load-bearing; separate PR to keep this one focused.Test plan
cargo check --workspaceunaffected.Issue
Partially closes #10 (3/10 files). Remaining 7 files tracked as a follow-up.
🤖 Generated with Claude Code
Codex review (2026-04-14, 4 rounds): Accepted human policy override — 30-day TTL uniformly across master + sandbox/agent per
wiki/session-token.md:17.docs/spec/1-step-analysis.md+wiki/session-token.mddefault.let ttl = 3600u64inapprove_auth_request(Pair + Recover branches) to 30 days.51+ tests green. Codex re-review: 30-day policy is now enforced consistently.