Skip to content

docs: close DESIGN.md gaps uncovered in audit#32

Merged
jgowdy-godaddy merged 1 commit intomainfrom
docs/design-cleanup
Apr 17, 2026
Merged

docs: close DESIGN.md gaps uncovered in audit#32
jgowdy-godaddy merged 1 commit intomainfrom
docs/design-cleanup

Conversation

@jgowdy-godaddy
Copy link
Copy Markdown
Contributor

@jgowdy-godaddy jgowdy-godaddy commented Apr 17, 2026

Summary

Audit of `DESIGN.md` vs code caught several stale claims and missing pieces.

Stale claims corrected

  • Binary cache format (§Credential Cache Format): the old spec showed flag bit 0 reserved and offset 14 as a reserved 8-byte slot. Actually flag bit 0 is `FLAG_HAS_OKTA_SESSION` and offset 14 is `okta_session_expiration`. The trailing "reserved payload" is the Okta session ciphertext blob. Rewrite to match `awsenc-core/src/cache.rs`.
  • Open Question Fix migrate_dry_run test assertion #3 (concurrent profile access): resolved via `fs4` advisory flock in `awsenc serve` (PR serve: serialize credential_process with per-profile flock #31). Mark as resolved, keep the prose for context.
  • Bridge method list: added `delete` alongside `destroy` — they are aliases for backward compatibility (matches `enclaveapp-tpm-bridge`).
  • Phases 1-5: restructured from planned-tense bullet lists to a single completed-state summary. Phase 6 (WebAuthn via browser loopback) remains the only open roadmap item. `secondary_role` explicitly called out as intentionally out of scope.

Missing docs added

  • `awsenc install --wizard` flag.
  • Global `--keyring` flag to force the Linux keyring backend.

Test plan

  • Docs-only change; CI should pass cleanly.

@jgowdy
docs: close DESIGN.md gaps uncovered in audit
d9eb442 
Stale / inaccurate claims corrected:

- Binary cache format section described flags bit 0 as reserved and
  offset 14 as an unused 8-byte slot. Actually flag bit 0 is
  FLAG_HAS_OKTA_SESSION and offset 14 is okta_session_expiration.
  Offset 26+N is the Okta session ciphertext length, not a reserved
  payload. Rewrite to match awsenc-core/src/cache.rs.
- Open Question #3 (concurrent profile access) resolved via fs4
  advisory flock in awsenc serve — mark as resolved instead of open.
- Bridge method list added 'delete' as alias for 'destroy' to match
  enclaveapp-tpm-bridge's backward-compat handling.
- Phases 1-5 restructured from 'planned' tense to completed-state
  summaries. Phase 6 (WebAuthn) is the only remaining roadmap item;
  secondary_role explicitly documented as intentionally out of scope.

Missing docs added:

- --wizard flag on awsenc install (force interactive wizard even
  when flags supply every required field).
- Global --keyring flag (force Linux keyring backend).
@jgowdy-godaddy jgowdy-godaddy merged commit 8d610c6 into main Apr 17, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jgowdy-godaddy @jgowdy