Merge branch 'worktree-agent-a98b5183'

# Conflicts: # cmd/metacrypt/server.go # internal/grpcserver/server.go # internal/server/routes.go
2026-03-16 20:01:04 -07:00
parent 11929daa78 be3b9d7fe0
commit 7237b2951e
10 changed files with 4031 additions and 47 deletions
--- a/proto/metacrypt/v2/user.proto
+++ b/proto/metacrypt/v2/user.proto
@@ -0,0 +1,143 @@
+syntax = "proto3";
+
+package metacrypt.v2;
+
+option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+
+// UserService provides typed, authenticated access to user-to-user encryption
+// engine operations. All RPCs require the service to be unsealed and
+// authentication.
+service UserService {
+  // Register self-registers the caller, creating a keypair. No-op if exists.
+  rpc Register(UserRegisterRequest) returns (UserRegisterResponse);
+
+  // Provision creates a keypair for a given username. Admin only.
+  rpc Provision(UserProvisionRequest) returns (UserProvisionResponse);
+
+  // GetPublicKey returns the public key for a given username.
+  rpc GetPublicKey(UserGetPublicKeyRequest) returns (UserGetPublicKeyResponse);
+
+  // ListUsers returns all registered usernames.
+  rpc ListUsers(UserListUsersRequest) returns (UserListUsersResponse);
+
+  // Encrypt encrypts plaintext for one or more recipients.
+  rpc Encrypt(UserEncryptRequest) returns (UserEncryptResponse);
+
+  // Decrypt decrypts an envelope addressed to the caller.
+  rpc Decrypt(UserDecryptRequest) returns (UserDecryptResponse);
+
+  // ReEncrypt decrypts and re-encrypts an envelope with current keys.
+  rpc ReEncrypt(UserReEncryptRequest) returns (UserReEncryptResponse);
+
+  // RotateKey generates a new keypair for the caller, replacing the old one.
+  rpc RotateKey(UserRotateKeyRequest) returns (UserRotateKeyResponse);
+
+  // DeleteUser removes a user's keys. Admin only.
+  rpc DeleteUser(UserDeleteUserRequest) returns (UserDeleteUserResponse);
+}
+
+// --- Register ---
+
+message UserRegisterRequest {
+  string mount = 1;
+}
+
+message UserRegisterResponse {
+  string username = 1;
+  string public_key = 2;
+  string algorithm = 3;
+}
+
+// --- Provision ---
+
+message UserProvisionRequest {
+  string mount = 1;
+  string username = 2;
+}
+
+message UserProvisionResponse {
+  string username = 1;
+  string public_key = 2;
+  string algorithm = 3;
+}
+
+// --- GetPublicKey ---
+
+message UserGetPublicKeyRequest {
+  string mount = 1;
+  string username = 2;
+}
+
+message UserGetPublicKeyResponse {
+  string username = 1;
+  string public_key = 2;
+  string algorithm = 3;
+}
+
+// --- ListUsers ---
+
+message UserListUsersRequest {
+  string mount = 1;
+}
+
+message UserListUsersResponse {
+  repeated string users = 1;
+}
+
+// --- Encrypt ---
+
+message UserEncryptRequest {
+  string mount = 1;
+  string plaintext = 2;
+  string metadata = 3;
+  repeated string recipients = 4;
+}
+
+message UserEncryptResponse {
+  string envelope = 1;
+}
+
+// --- Decrypt ---
+
+message UserDecryptRequest {
+  string mount = 1;
+  string envelope = 2;
+}
+
+message UserDecryptResponse {
+  string plaintext = 1;
+  string sender = 2;
+  string metadata = 3;
+}
+
+// --- ReEncrypt ---
+
+message UserReEncryptRequest {
+  string mount = 1;
+  string envelope = 2;
+}
+
+message UserReEncryptResponse {
+  string envelope = 1;
+}
+
+// --- RotateKey ---
+
+message UserRotateKeyRequest {
+  string mount = 1;
+}
+
+message UserRotateKeyResponse {
+  string username = 1;
+  string public_key = 2;
+  string algorithm = 3;
+}
+
+// --- DeleteUser ---
+
+message UserDeleteUserRequest {
+  string mount = 1;
+  string username = 2;
+}
+
+message UserDeleteUserResponse {}