feat(core,wasm): filter_by_collections single-source + org_manifest_decrypt_filtered
Add OrgManifest::filter_by_collections(&[String]) as the single source of grant-filter logic. Refactor filter_for_member to delegate to it (no duplicated loop). Add org_manifest_decrypt_filtered WASM binding that decrypts + filters in core so ungranted entries never cross to JS (phase-1 SOFT/UX filter; per-collection crypto isolation is phase-2). Declare the binding in extension/src/wasm.d.ts. Vec<String> compiled cleanly for wasm32-unknown-unknown. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_014s527M917W47LDrfQ4t47g
This commit is contained in:
8
extension/src/wasm.d.ts
vendored
8
extension/src/wasm.d.ts
vendored
@@ -91,6 +91,14 @@ declare module 'relicario-wasm' {
|
||||
export function org_unwrap_key(keys_blob: Uint8Array): SessionHandle;
|
||||
export function org_manifest_decrypt(handle: SessionHandle, encrypted: Uint8Array): unknown;
|
||||
export function org_manifest_encrypt(handle: SessionHandle, manifest_json: string): Uint8Array;
|
||||
/**
|
||||
* Decrypt an org manifest AND filter it to the granted collection slugs.
|
||||
* Filtering happens in core (SOFT/UX filter — phase-1 only; the member holds
|
||||
* the org key and can decrypt everything; per-collection crypto isolation is
|
||||
* phase-2). Use for READ paths only; writes must use org_manifest_decrypt to
|
||||
* avoid wiping ungranted collections on re-encrypt.
|
||||
*/
|
||||
export function org_manifest_decrypt_filtered(handle: SessionHandle, encrypted: Uint8Array, granted: string[]): unknown;
|
||||
/**
|
||||
* Encrypt the registered device key under the vault master key.
|
||||
* Returns CIPHERTEXT — the device private key never crosses to JS.
|
||||
|
||||
Reference in New Issue
Block a user