cojson 0.17.10 → 0.17.11

package/src/coValueCore/coValueCore.ts

@@ -1,5 +1,5 @@
 import { UpDownCounter, ValueType, metrics } from "@opentelemetry/api";
-import { Result, err } from "neverthrow";
+import { Result, err, ok } from "neverthrow";
 import type { PeerState } from "../PeerState.js";
 import type { RawCoValue } from "../coValue.js";
 import type { ControlledAccountOrAgent } from "../coValues/account.js";
@@ -431,43 +431,46 @@ export class CoValueCore {
   tryAddTransactions(
     sessionID: SessionID,
     newTransactions: Transaction[],
-    givenExpectedNewHash: Hash | undefined,
     newSignature: Signature,
-    notifyMode: "immediate" | "deferred",
     skipVerify: boolean = false,
-    givenNewStreamingHash?: StreamingHash,
   ): Result<true, TryAddTransactionsError> {
-    return this.node
-      .resolveAccountAgent(
-        accountOrAgentIDfromSessionID(sessionID),
-        "Expected to know signer of transaction",
-      )
-      .andThen((agent) => {
-        if (!this.verified) {
-          return err({
-            type: "TriedToAddTransactionsWithoutVerifiedState",
-            id: this.id,
-          } satisfies TriedToAddTransactionsWithoutVerifiedStateErrpr);
-        }
+    let result: Result<SignerID | undefined, TryAddTransactionsError>;
 
-        const signerID = this.crypto.getAgentSignerID(agent);
+    if (skipVerify) {
+      result = ok(undefined);
+    } else {
+      result = this.node
+        .resolveAccountAgent(
+          accountOrAgentIDfromSessionID(sessionID),
+          "Expected to know signer of transaction",
+        )
+        .andThen((agent) => {
+          return ok(this.crypto.getAgentSignerID(agent));
+        });
+    }
 
-        const result = this.verified.tryAddTransactions(
-          sessionID,
-          signerID,
-          newTransactions,
-          givenExpectedNewHash,
-          newSignature,
-          skipVerify,
-          givenNewStreamingHash,
-        );
+    return result.andThen((signerID) => {
+      if (!this.verified) {
+        return err({
+          type: "TriedToAddTransactionsWithoutVerifiedState",
+          id: this.id,
+        } satisfies TriedToAddTransactionsWithoutVerifiedStateErrpr);
+      }
 
-        if (result.isOk()) {
-          this.updateContentAndNotifyUpdate(notifyMode);
-        }
+      const result = this.verified.tryAddTransactions(
+        sessionID,
+        signerID,
+        newTransactions,
+        newSignature,
+        skipVerify,
+      );
 
-        return result;
-      });
+      if (result.isOk()) {
+        this.updateContentAndNotifyUpdate("immediate");
+      }
+
+      return result;
+    });
   }
 
   deferredUpdates = 0;
@@ -973,7 +976,7 @@ export type InvalidSignatureError = {
   id: RawCoID;
   newSignature: Signature;
   sessionID: SessionID;
-  signerID: SignerID;
+  signerID: SignerID | undefined;
 };
 
 export type TriedToAddTransactionsWithoutVerifiedStateErrpr = {
@@ -981,8 +984,15 @@ export type TriedToAddTransactionsWithoutVerifiedStateErrpr = {
   id: RawCoID;
 };
 
+export type TriedToAddTransactionsWithoutSignerIDError = {
+  type: "TriedToAddTransactionsWithoutSignerID";
+  id: RawCoID;
+  sessionID: SessionID;
+};
+
 export type TryAddTransactionsError =
   | TriedToAddTransactionsWithoutVerifiedStateErrpr
+  | TriedToAddTransactionsWithoutSignerIDError
   | ResolveAccountAgentError
   | InvalidHashError
   | InvalidSignatureError;

package/src/coValueCore/verifiedState.ts

@@ -89,12 +89,10 @@ export class VerifiedState {
 
   tryAddTransactions(
     sessionID: SessionID,
-    signerID: SignerID,
+    signerID: SignerID | undefined,
     newTransactions: Transaction[],
-    givenExpectedNewHash: Hash | undefined,
     newSignature: Signature,
     skipVerify: boolean = false,
-    givenNewStreamingHash?: StreamingHash,
   ): Result<true, TryAddTransactionsError> {
     const result = this.sessions.addTransaction(
       sessionID,

package/src/coValues/group.ts

@@ -370,16 +370,24 @@ export class RawGroup<
     if (role === "writeOnly" || role === "writeOnlyInvite") {
       const previousRole = this.get(memberKey);
 
-      this.set(memberKey, role, "trusting");
+      if (
+        previousRole === "admin" &&
+        memberKey !== this.core.node.getCurrentAgent().id
+      ) {
+        throw new Error(
+          "Administrators cannot demote other administrators in a group",
+        );
+      }
 
       if (
         previousRole === "reader" ||
         previousRole === "writer" ||
         previousRole === "admin"
       ) {
-        this.rotateReadKey();
+        this.rotateReadKey(memberKey);
       }
 
+      this.set(memberKey, role, "trusting");
       this.internalCreateWriteOnlyKeyForMember(memberKey, agent);
     } else {
       const currentReadKey = this.getCurrentReadKey();

package/src/crypto/PureJSCrypto.ts

@@ -212,7 +212,7 @@ export class PureJSCrypto extends CryptoProvider<Blake3State> {
   createSessionLog(
     coID: RawCoID,
     sessionID: SessionID,
-    signerID: SignerID,
+    signerID?: SignerID,
   ): SessionLogImpl {
     return new PureJSSessionLog(coID, sessionID, signerID, this);
   }
@@ -226,7 +226,7 @@ export class PureJSSessionLog implements SessionLogImpl {
   constructor(
     private readonly coID: RawCoID,
     private readonly sessionID: SessionID,
-    private readonly signerID: SignerID,
+    private readonly signerID: SignerID | undefined,
     private readonly crypto: PureJSCrypto,
   ) {
     this.streamingHash = this.crypto.emptyBlake3State();
@@ -263,6 +263,10 @@ export class PureJSSessionLog implements SessionLogImpl {
     skipVerify: boolean,
   ) {
     if (!skipVerify) {
+      if (!this.signerID) {
+        throw new Error("Tried to add transactions without signer ID");
+      }
+
       const checkHasher = this.crypto.cloneBlake3State(this.streamingHash);
 
       for (const tx of transactions) {

package/src/crypto/WasmCrypto.ts

@@ -205,7 +205,7 @@ export class WasmCrypto extends CryptoProvider<Blake3State> {
     }
   }
 
-  createSessionLog(coID: RawCoID, sessionID: SessionID, signerID: SignerID) {
+  createSessionLog(coID: RawCoID, sessionID: SessionID, signerID?: SignerID) {
     return new SessionLogAdapter(new SessionLog(coID, sessionID, signerID));
   }
 }

package/src/crypto/crypto.ts

@@ -306,7 +306,7 @@ export abstract class CryptoProvider<Blake3State = any> {
   abstract createSessionLog(
     coID: RawCoID,
     sessionID: SessionID,
-    signerID: SignerID,
+    signerID?: SignerID,
   ): SessionLogImpl;
 }
 

package/src/permissions.ts

@@ -31,7 +31,23 @@ export type PermissionsDef =
   | { type: "ownedByGroup"; group: RawCoID }
   | { type: "unsafeAllowAll" };
 
-export type AccountRole = "reader" | "writer" | "admin" | "writeOnly";
+export type AccountRole =
+  /**
+   * Can read the group's CoValues
+   */
+  | "reader"
+  /**
+   * Can read and write to the group's CoValues
+   */
+  | "writer"
+  /**
+   * Can read and write to the group, and change group member roles
+   */
+  | "admin"
+  /**
+   * Can only write to the group's CoValues and read their own changes
+   */
+  | "writeOnly";
 
 export type Role =
   | AccountRole

package/src/sync.ts

@@ -511,28 +511,31 @@ export class SyncManager {
         (content) => content.newTransactions,
       );
 
-      for (const dependency of getDependedOnCoValuesFromRawData(
-        msg.id,
-        msg.header,
-        sessionIDs,
-        transactions,
-      )) {
-        const dependencyCoValue = this.local.getCoValue(dependency);
+      // If we'll be performing transaction verification, ensure all the dependencies available.
+      if (!this.skipVerify) {
+        for (const dependency of getDependedOnCoValuesFromRawData(
+          msg.id,
+          msg.header,
+          sessionIDs,
+          transactions,
+        )) {
+          const dependencyCoValue = this.local.getCoValue(dependency);
+
+          if (!dependencyCoValue.hasVerifiedContent()) {
+            coValue.markMissingDependency(dependency);
 
-        if (!dependencyCoValue.hasVerifiedContent()) {
-          coValue.markMissingDependency(dependency);
+            const peers = this.getServerPeers();
 
-          const peers = this.getServerPeers();
+            // if the peer that sent the content is a client, we add it to the list of peers
+            // to also ask them for the dependency
+            if (peer?.role === "client") {
+              peers.push(peer);
+            }
 
-          // if the peer that sent the content is a client, we add it to the list of peers
-          // to also ask them for the dependency
-          if (peer?.role === "client") {
-            peers.push(peer);
+            dependencyCoValue.load(peers);
+          } else if (!dependencyCoValue.isAvailable()) {
+            coValue.markMissingDependency(dependency);
           }
-
-          dependencyCoValue.load(peers);
-        } else if (!dependencyCoValue.isAvailable()) {
-          coValue.markMissingDependency(dependency);
         }
       }
 
@@ -592,60 +595,61 @@ export class SyncManager {
         continue;
       }
 
-      const accountId = accountOrAgentIDfromSessionID(sessionID);
+      // If we'll be performing transaction verification, ensure the account is available.
+      if (!this.skipVerify) {
+        const accountId = accountOrAgentIDfromSessionID(sessionID);
 
-      if (isAccountID(accountId)) {
-        const account = this.local.getCoValue(accountId);
+        if (isAccountID(accountId)) {
+          const account = this.local.getCoValue(accountId);
 
-        // We can't verify the transaction without the account, so we delay the session content handling until the account is available
-        if (!account.isAvailable()) {
-          // This covers the case where we are getting a new session on an already loaded coValue
-          // where we need to load the account to get their public key
-          if (!coValue.missingDependencies.has(accountId)) {
-            const peers = this.getServerPeers();
+          // We can't verify the transaction without the account, so we delay the session content handling until the account is available
+          if (!account.isAvailable()) {
+            // This covers the case where we are getting a new session on an already loaded coValue
+            // where we need to load the account to get their public key
+            if (!coValue.missingDependencies.has(accountId)) {
+              const peers = this.getServerPeers();
 
-            if (peer?.role === "client") {
-              // if the peer that sent the content is a client, we add it to the list of peers
-              // to also ask them for the dependency
-              peers.push(peer);
-            }
+              if (peer?.role === "client") {
+                // if the peer that sent the content is a client, we add it to the list of peers
+                // to also ask them for the dependency
+                peers.push(peer);
+              }
 
-            account.load(peers);
-          }
+              account.load(peers);
+            }
 
-          // We need to wait for the account to be available before we can verify the transaction
-          // Currently doing this by delaying the handleNewContent for the session to when we have the account
-          //
-          // This is not the best solution, because the knownState is not updated and the ACK response will be given
-          // by excluding the session.
-          // This is good enough implementation for now because the only case for the account to be missing are out-of-order
-          // dependencies push, so the gap should be short lived.
-          //
-          // When we are going to have sharded-peers we should revisit this, and store unverified sessions that are considered as part of the
-          // knwonState, but not actively used until they can be verified.
-          void account.waitForAvailable().then(() => {
-            this.handleNewContent(
-              {
-                action: "content",
-                id: coValue.id,
-                new: {
-                  [sessionID]: newContentForSession,
+            // We need to wait for the account to be available before we can verify the transaction
+            // Currently doing this by delaying the handleNewContent for the session to when we have the account
+            //
+            // This is not the best solution, because the knownState is not updated and the ACK response will be given
+            // by excluding the session.
+            // This is good enough implementation for now because the only case for the account to be missing are out-of-order
+            // dependencies push, so the gap should be short lived.
+            //
+            // When we are going to have sharded-peers we should revisit this, and store unverified sessions that are considered as part of the
+            // knwonState, but not actively used until they can be verified.
+            void account.waitForAvailable().then(() => {
+              this.handleNewContent(
+                {
+                  action: "content",
+                  id: coValue.id,
+                  new: {
+                    [sessionID]: newContentForSession,
+                  },
+                  priority: msg.priority,
                 },
-                priority: msg.priority,
-              },
-              from,
-            );
-          });
-          continue;
+                from,
+              );
+            });
+            continue;
+          }
         }
       }
 
       const result = coValue.tryAddTransactions(
         sessionID,
         newTransactions,
-        undefined,
         newContentForSession.lastSignature,
-        "immediate",
         this.skipVerify,
       );
 

package/src/tests/PureJSCrypto.test.ts

@@ -4,6 +4,7 @@ import {
   setCurrentTestCryptoProvider,
   setupTestNode,
   setupTestAccount,
+  randomAgentAndSessionID,
 } from "./testUtils";
 import { PureJSCrypto } from "../crypto/PureJSCrypto";
 import { stableStringify } from "../jsonStringify";
@@ -113,9 +114,7 @@ describe("PureJSCrypto", () => {
           madeAt: Date.now(),
         },
       ],
-      "hash_z12345678",
       "signature_z12345678",
-      "immediate",
       true,
     );
 
@@ -128,3 +127,27 @@ describe("PureJSCrypto", () => {
     expect(map.get("count")).toEqual(0);
   });
 });
+
+describe("PureJSSessionLog", () => {
+  it("fails to verify signatures without a signer ID", async () => {
+    const agentSecret = jsCrypto.newRandomAgentSecret();
+    const sessionID = jsCrypto.newRandomSessionID(
+      jsCrypto.getAgentID(agentSecret),
+    );
+
+    const sessionLog = jsCrypto.createSessionLog("co_z12345678", sessionID);
+    expect(() =>
+      sessionLog.tryAdd(
+        [
+          {
+            privacy: "trusting",
+            changes: stableStringify([{ op: "set", key: "count", value: 1 }]),
+            madeAt: Date.now(),
+          },
+        ],
+        "signature_z12345678",
+        false,
+      ),
+    ).toThrow("Tried to add transactions without signer ID");
+  });
+});

package/src/tests/WasmCrypto.test.ts

@@ -113,9 +113,7 @@ describe("WasmCrypto", () => {
           madeAt: Date.now(),
         },
       ],
-      "hash_z12345678",
       "signature_z12345678",
-      "immediate",
       true,
     );
 

package/src/tests/coValueCore.test.ts

@@ -76,9 +76,7 @@ test("transactions with wrong signature are rejected", () => {
   const result = newEntry.tryAddTransactions(
     node.currentSessionID,
     [transaction],
-    undefined,
     signature,
-    "immediate",
   );
 
   expect(result.isErr()).toBe(true);
@@ -301,9 +299,7 @@ test("getValidTransactions should skip private transactions with invalid JSON",
     .tryAddTransactions(
       fixtures.session,
       [fixtures.transaction],
-      undefined,
       fixtures.signature,
-      "immediate",
     )
     ._unsafeUnwrap();
 

package/src/tests/group.addMember.test.ts

@@ -2,7 +2,6 @@ import { beforeEach, describe, expect, test } from "vitest";
 import { expectMap } from "../coValue.js";
 import {
   SyncMessagesLog,
-  TEST_NODE_CONFIG,
   loadCoValueOrFail,
   setupTestAccount,
   setupTestNode,
@@ -220,68 +219,75 @@ describe("Group.addMember", () => {
     expect(personOnReaderNode.get("name")).toEqual(undefined);
   });
 
-  test("an admin should not be able downgrade an admin", async () => {
-    const admin = await setupTestAccount({
-      connected: true,
-    });
-
-    const otherAdmin = await setupTestAccount({
-      connected: true,
-    });
-
-    const group = admin.node.createGroup();
-    const person = group.createMap({
-      name: "John Doe",
-    });
-
-    const otherAdminOnAdminNode = await loadCoValueOrFail(
-      admin.node,
-      otherAdmin.accountID,
-    );
-    group.addMember(otherAdminOnAdminNode, "admin");
-
-    // Try to downgrade other admin
-    try {
-      group.addMember(otherAdminOnAdminNode, "writer");
-    } catch (e) {
-      expect(e).toBeDefined();
-    }
-
-    expect(group.roleOf(otherAdmin.accountID)).toEqual("admin");
-
-    // Verify other admin still has admin access by adding a new member
-    const reader = await setupTestAccount({
-      connected: true,
-    });
-
-    const readerOnOtherAdminNode = await loadCoValueOrFail(
-      otherAdmin.node,
-      reader.accountID,
-    );
-    group.addMember(readerOnOtherAdminNode, "reader");
-
-    const personOnReaderNode = await loadCoValueOrFail(reader.node, person.id);
-
-    await waitFor(() => {
-      expect(
-        expectMap(personOnReaderNode.core.getCurrentContent()).get("name"),
-      ).toEqual("John Doe");
-    });
-  });
-
-  test("an admin should be able downgrade themselves", async () => {
-    const admin = await setupTestAccount({
-      connected: true,
-    });
-
-    const group = admin.node.createGroup();
-
-    const account = await loadCoValueOrFail(admin.node, admin.accountID);
-
-    // Downgrade self to writer
-    group.addMember(account, "writer");
-    expect(group.roleOf(admin.accountID)).toEqual("writer");
-  });
+  test.each(["writer", "reader", "writeOnly"] as const)(
+    "an admin should not be able to downgrade an admin to %s",
+    async (targetRole) => {
+      const admin = await setupTestAccount({
+        connected: true,
+      });
+
+      const otherAdmin = await setupTestAccount({
+        connected: true,
+      });
+
+      const group = admin.node.createGroup();
+      const person = group.createMap({
+        name: "John Doe",
+      });
+
+      const otherAdminOnAdminNode = await loadCoValueOrFail(
+        admin.node,
+        otherAdmin.accountID,
+      );
+      group.addMember(otherAdminOnAdminNode, "admin");
+
+      // Try to downgrade other admin
+      expect(() => group.addMember(otherAdminOnAdminNode, targetRole)).toThrow(
+        "Administrators cannot demote other administrators in a group",
+      );
+
+      expect(group.roleOf(otherAdmin.accountID)).toEqual("admin");
+
+      // Verify other admin still has admin access by adding a new member
+      const reader = await setupTestAccount({
+        connected: true,
+      });
+
+      const readerOnOtherAdminNode = await loadCoValueOrFail(
+        otherAdmin.node,
+        reader.accountID,
+      );
+      group.addMember(readerOnOtherAdminNode, "reader");
+
+      const personOnReaderNode = await loadCoValueOrFail(
+        reader.node,
+        person.id,
+      );
+
+      await waitFor(() => {
+        expect(
+          expectMap(personOnReaderNode.core.getCurrentContent()).get("name"),
+        ).toEqual("John Doe");
+      });
+    },
+  );
+
+  test.each(["writer", "reader", "writeOnly"] as const)(
+    "an admin should be able downgrade themselves to %s",
+    async (targetRole) => {
+      const admin = await setupTestAccount({
+        connected: true,
+      });
+
+      const group = admin.node.createGroup();
+
+      const account = await loadCoValueOrFail(admin.node, admin.accountID);
+
+      // Downgrade self to target role
+      group.addMember(account, targetRole);
+      expect(group.roleOf(admin.accountID)).toEqual(targetRole);
+    },
+  );
 
   test("an admin should be able downgrade a writeOnly to reader", async () => {
     const admin = await setupTestAccount({

package/src/tests/sync.load.test.ts

@@ -9,6 +9,7 @@ import {
   SyncMessagesLog,
   TEST_NODE_CONFIG,
   blockMessageTypeOnOutgoingPeer,
+  getSyncServerConnectedPeer,
   loadCoValueOrFail,
   setupTestAccount,
   setupTestNode,
@@ -1034,4 +1035,55 @@ describe("loading coValues from server", () => {
 
     vi.useRealTimers();
   });
+
+  test("should not request dependencies if transaction verification is disabled", async () => {
+    // Create a disconnected client
+    const { node: client, accountID } = await setupTestAccount({
+      connected: false,
+    });
+    const account = client.expectCurrentAccount(accountID);
+
+    // Prepare a group -- this will be a non-account dependency of a forthcoming map.
+    const group = client.createGroup();
+    group.addMember("everyone", "writer");
+
+    // Create a sync server and disable transaction verification
+    const syncServer = await setupTestAccount({ isSyncServer: true });
+    syncServer.node.syncManager.disableTransactionVerification();
+
+    // Connect the client, but don't setup syncing just yet...
+    const { peer } = getSyncServerConnectedPeer({
+      peerId: client.getCurrentAgent().id,
+      syncServer: syncServer.node,
+    });
+
+    // Disable reconciliation while we setup syncing because we don't want the
+    // server to know about our forthcoming map's dependencies (group + account).
+    const blocker = blockMessageTypeOnOutgoingPeer(peer, "load", {});
+    client.syncManager.addPeer(peer);
+    blocker.unblock();
+
+    // Create a map and set a value on it.
+    // If transaction verification were enabled, this would trigger LOAD messages
+    // from the server to the client asking for the group and account. However, we
+    // don't expect to see those messages since we disabled transaction verification.
+    const map = group.createMap();
+    map.set("hello", "world");
+    await map.core.waitForSync();
+
+    const syncMessages = SyncMessagesLog.getMessages({
+      Account: account.core,
+      Group: group.core,
+      Map: map.core,
+    });
+    expect(
+      syncMessages.some(
+        (msg) => msg.includes("LOAD Account") || msg.includes("LOAD Group"),
+      ),
+    ).toBe(false);
+
+    // Verify the map is available on the server (transaction was accepted)
+    const mapOnServerCore = await syncServer.node.loadCoValueCore(map.core.id);
+    expect(mapOnServerCore.isAvailable()).toBe(true);
+  });
 });