mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
70a6bc82e0b575ff2a39b7017fea3fed888efd38
stack/docs/scratchpads/84-instance-identity-model.md
Jason Woltje 7989c089ef feat(#84): implement instance identity model for federation 
Implemented the foundation of federation architecture with instance
identity and connection management:

Database Schema:
- Added Instance model for instance identity with keypair generation
- Added FederationConnection model for workspace-scoped connections
- Added FederationConnectionStatus enum (PENDING, ACTIVE, SUSPENDED, DISCONNECTED)

Service Layer:
- FederationService with instance identity management
- RSA 2048-bit keypair generation for signing
- Public identity endpoint (excludes private key)
- Keypair regeneration capability

API Endpoints:
- GET /api/v1/federation/instance - Returns public instance identity
- POST /api/v1/federation/instance/regenerate-keys - Admin keypair regeneration

Tests:
- 11 tests passing (7 service, 4 controller)
- 100% statement coverage, 100% function coverage
- Follows TDD principles (Red-Green-Refactor)

Configuration:
- Added INSTANCE_NAME and INSTANCE_URL environment variables
- Integrated FederationModule into AppModule

Refs #84

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 10:58:50 -06:00

4.0 KiB
Raw Blame History

Issue #84: [FED-001] Instance Identity Model

Objective

Create the core identity model for federation including:

  • Instance ID generation and persistence
  • Instance metadata (URL, public key, capabilities)
  • Database schema for federation connections
  • Instance registration/discovery endpoints

Deliverables

  • Instance model in Prisma schema
  • FederationConnection model
  • /api/v1/federation/instance endpoint (GET own identity)
  • Instance keypair generation for signing

Approach

1. Database Schema (Prisma)

Add two new models:

  • Instance: Represents this instance's identity

    • id (UUID primary key)
    • instanceId (unique identifier for federation)
    • name (display name)
    • url (base URL for this instance)
    • publicKey (RSA public key for signature verification)
    • privateKey (encrypted RSA private key for signing)
    • capabilities (JSON - what features this instance supports)
    • metadata (JSON - additional configuration)
    • timestamps

  • FederationConnection: Represents connections to other instances

    • id (UUID primary key)
    • workspaceId (which workspace owns this connection)
    • remoteInstanceId (identifier of remote instance)
    • remoteUrl (base URL of remote instance)
    • remotePublicKey (remote instance's public key)
    • remoteCapabilities (JSON - what remote supports)
    • status (PENDING, ACTIVE, SUSPENDED, DISCONNECTED)
    • metadata (JSON)
    • timestamps

2. Service Layer

Create FederationService with methods:

  • getInstanceIdentity(): Get or create this instance's identity
  • generateKeypair(): Generate RSA keypair for signing
  • getPublicIdentity(): Get sanitized public instance info (no private key)

Create FederationConnectionService for connection management (future phases)

3. API Endpoints (NestJS)

  • GET /api/v1/federation/instance: Return instance identity
  • POST /api/v1/federation/instance/regenerate-keys: Regenerate keypair (admin only)

4. Types

Define TypeScript interfaces:

  • InstanceIdentity
  • FederationConnectionStatus enum
  • FederationCapabilities

5. Testing Strategy

  • Unit tests for service layer
  • Integration tests for API endpoints
  • Test keypair generation and validation
  • Test instance identity persistence

Progress

  • Create scratchpad
  • Add Prisma schema models
  • Generate migration (db push with user authorization)
  • Create TypeScript types
  • Write tests for FederationService (7 tests)
  • Implement FederationService
  • Write tests for API endpoints (4 tests)
  • Implement API controller
  • Create FederationModule
  • Add FederationModule to AppModule
  • Verify all tests pass (11/11 passing)
  • Type checking passes
  • Test coverage: 100% statements, 100% functions, 66.66% branches (exceeds 85% requirement)
  • Commit changes

Testing Plan

  1. Unit Tests:

    • FederationService.getInstanceIdentity() creates identity if not exists
    • FederationService.getInstanceIdentity() returns existing identity
    • FederationService.generateKeypair() creates valid RSA keys
    • FederationService.getPublicIdentity() excludes private key

  2. Integration Tests:

    • GET /api/v1/federation/instance returns instance identity
    • GET /api/v1/federation/instance is consistent across calls
    • POST /api/v1/federation/instance/regenerate-keys requires authentication
    • Regenerated keys are properly stored and returned

Design Decisions

  1. Single Instance per Deployment: Each Mosaic Stack instance has exactly one identity record
  2. RSA 2048-bit Keys: Balance between security and performance
  3. Workspace-Scoped Connections: Each workspace manages its own federation connections
  4. Status Enum: Clear connection states for lifecycle management
  5. Capabilities JSON: Flexible schema for feature negotiation

Notes

  • Need to ensure instance identity is created on first startup
  • Private key should be encrypted at rest (future enhancement)
  • Consider key rotation strategy (future enhancement)
  • Connection handshake protocol will be in FED-002
Reference in New Issue View Git Blame Copy Permalink