docs(skills): stop teaching deprecated LockContext.identify() (#591)#642
docs(skills): stop teaching deprecated LockContext.identify() (#591)#642coderdan wants to merge 1 commit into
Conversation
The stash-encryption + stash-supabase skills and the @cipherstash/stack README
led with LockContext.identify() as the primary identity-aware-encryption path.
identify() is deprecated — per-operation CTS tokens were removed in protect-ffi
0.25. Lead with the current pattern instead (OidcFederationStrategy +
.withLockContext({ identityClaim })), and demote identify() to a clearly-marked
deprecated note.
Carries forward the identity-docs correction from the now-superseded skill-refresh
PRs (#598/#604/#606), which predated the adapter split + contains→matches rename
and would otherwise regress the package paths and matches() surface. The current
candidate skills are the source of truth for structure/paths/matches; only the
identity-docs fix needed salvaging.
Skills ship in the stash tarball → stash patch; README → @cipherstash/stack patch.
Refs #591
Claude-Session: https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w
🦋 Changeset detectedLatest commit: 40ab142 The changes in this PR will be included in the next version bump. This PR includes changesets to release 10 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Targets the 1.0 candidate. Closes the identity-docs half of #591 and supersedes the three stale skill-refresh PRs.
What
The
stash-encryption+stash-supabaseskills and the@cipherstash/stackREADME taught the deprecatedLockContext.identify()as the primary identity-aware-encryption path.identify()fetches a per-operation CTS token that was removed in protect-ffi 0.25 and is no longer used by encryption. These ship to customers (skills via thestashtarball; README with the package), so it's wrong guidance at launch.Now they lead with the current pattern — authenticate with
OidcFederationStrategy, then.withLockContext({ identityClaim })per operation — and demoteidentify()to a clearly-marked deprecated note.Why not just merge #598 / #604 / #606
Those skill-refresh PRs predate both the adapter split (they still reference
@cipherstash/stack/{supabase,drizzle}, 0 references to the new@cipherstash/stack-*packages) and thecontains()→matches()rename (0matches(). Each is a ~400-line near-total rewrite, so merging/rebasing would regress the package paths and thematches()surface. The current candidate skills are the source of truth for structure/paths/matches; the only RC-critical content those PRs held was the identity-docs correction (which #598 nailed), carried forward here.I'm closing #598 / #604 / #606 as superseded.
Scope notes
packages/protect/README.mdstill referencesidentify()but is the legacy package — left as a follow-up, not RC-critical.encryption/index.tsauthStrategychange is already on the candidate; the "vacuously-passing" unitlock-context.test.tsis now superseded by test(stack): federate a Clerk M2M JWT for the identity suites; wire into CI #620's realmatrix-identityintegration coverage — the leftover redundant unit test is a hygiene item for Extend no-skip enforcement to the unit vitest config #628 (unit no-skip gate).Changesets:
stashpatch (skills) +@cipherstash/stackpatch (README).Refs #591
https://claude.ai/code/session_01MxTTPaPP16m6br7Hoab94w