feat(swarm): migration 070 — nodes table for cryptographic identity (#75)#79
Merged
Merged
Conversation
Spec-only first phase of the Mycelium Swarm Foundation Plan v1. Defines spec versioning, JCS (RFC 8785) over Ed25519 for signatures, the four wire types (Lesson, HubAnchor, NodeAdvertisement, TrustEdge), four HTTP/JSON endpoints, and uniform rejection rules. No code, no migrations. Restates the three unverletzlichen Designprinzipien (Souveränität, Generalisierung-vor-Sharing, Diversität) at the top so all later phases implement against the same contract and the same constraints. Closes the Phase-0 deliverable of issue #74.
) Swarm Phase 1a: schema-only migration that creates the `nodes` table holding this mycelium node's public key and node_id (multihash of the pubkey), plus any peers we will later learn about. The PRIVATE key is deliberately NOT a column — it lives outside the database in a chmod-600 file at ~/.mycelium/node.key (Verfassung pillar 1, Souveränität). Includes a partial UNIQUE index `nodes_only_one_self ON nodes ((1)) WHERE is_self` that enforces "at most one row may carry is_self=true", and a sibling TS contract test (`migration-070-node-identity.test.ts`) that pins the canonical SQL: column types, defaults, and the partial predicate. The test reads the raw SQL — it does not run the migration. Out of scope: keypair-generation script and the `node_identity_get` MCP tool (both phase 1b, separate issue); signature service (phase 2). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced Apr 27, 2026
This was referenced Apr 28, 2026
Dewinator
added a commit
that referenced
this pull request
Apr 29, 2026
Updates the stale "spec-only" header (phases 0–3 have all merged via PRs #79/#81/#82/#85/#89/#91/#92) and pins each phase to its issue + merged commit so a reader can tell at a glance which sections are wired on `main` vs. still paper. Phases 4–9 are deliberately listed as "_not yet issued_" — the project's current priority is *Gehirn perfektionieren* per CLAUDE.md § Roadmap (Reed 2026-04-26), and the wire contract is frozen at v1.0 so an independent implementer can build a phase-3-equivalent peer today. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Dewinator
added a commit
that referenced
this pull request
Apr 29, 2026
The cryptographic foundation of the swarm (SWARM_SPEC v1, Ed25519 signing, JCS canonicalization, wire-validator, .well-known discovery, peer/signed-record storage — PRs #78,#79,#81,#82,#85,#89,#91,#92) was landing on main while the README/MANIFESTO still claimed "pairing/swarm/federation deferred". This commit fixes that mismatch. README (EN+DE): - new "Swarm — federation in flight" section with merged-PR table and a "what is next" subsection pointing to the swarm label - Roadmap rewritten: phase 4-5 from "deferred" to "Phase 1 shipped" - existing /.well-known/mycelium-node block folded into the new section - promo video as a clickable poster near the top, served from a v0.4-swarm-phase-1 GitHub release asset (14 MB H.264 1080p) MANIFESTO (EN+DE): - "What is built today" split into brain core + Swarm Phase 1 - aspirational Tailscale+mTLS / mutual-pairing claims removed; those pieces remain on archive/swarm-deferred as historical reference - "What is not built yet" sharpened to the social layer (verification, reputation, banishment-by-consensus, Sybil resistance) plus micro-transactions Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #75. Second step of the Swarm Foundation Plan v1 — the cryptographic identity row that every later swarm phase depends on.
Summary
supabase/migrations/070_node_identity.sqlcreatesnodes(node_id PK, pubkey BYTEA, display_name, is_self, created_at). Schema-only — no DROP, no DELETE, no data backfill.nodes_only_one_self ON nodes ((1)) WHERE is_selfenforces "at most one row may carry is_self=true".mcp-server/src/__tests__/migration-070-node-identity.test.tspins the canonical SQL (column types, defaults, partial predicate) so any drift fails before the migration ever hits a real database.Research summary
docs/SWARM_SPEC.md) is closed —NodeAdvertisementis the canonical wire format this row backs, so no dependency note needed.TIMESTAMPTZ,BYTEA,BOOLEAN. Adopted.mcp-server/src/__tests__/and run vianpm test(tsc && node --test). There is no pre-existingtests/sql/directory — the existing pattern is TS contract pins (e.g.affect-recalled-event-type.test.ts). The test for migration 070 follows that pattern: read the raw SQL file, normalise whitespace + case, assert the structural contracts via regex. We cannot RUN the migration from tests (autonomy loop is forbidden from executing migrations — Reed runs them by hand after merge), so static contract pins are the right tool.What this does NOT do
~/.mycelium/node.keywriter — that is Phase 1b (separate issue).node_identity_getMCP tool — also Phase 1b.Constitution affirmation
Pillar 1 — Decentralized, networked AI / Souveränität. This is the touched pillar, and this PR strengthens it: the table schema deliberately stores only the public key and the derived
node_id. The private key is excluded from the database by design and lives in a chmod-600 file at~/.mycelium/node.key(documented in the migration header). A DB compromise alone cannot yield the secret. No other pillar (Reproduction, Swarm Intelligence, Microtransactions, Experts in the Swarm, Cyber Security) is weakened — Cyber Security is reinforced by the same separation.Test plan
cd mcp-server && npm testpasses (259 tests; 9 of them new for migration 070).cd scripts && bash migrate.sh(or applies070_node_identity.sqldirectly) and confirms:\d nodesshows columnsnode_id text PK,pubkey bytea NOT NULL,display_name text,is_self boolean NOT NULL DEFAULT false,created_at timestamptz NOT NULL DEFAULT now().\di nodes_only_one_selfshows the partial unique index withWHERE is_self.INSERT INTO nodes (node_id, pubkey, is_self) VALUES ('x', '\x00', true);succeeds; a secondINSERT INTO nodes (node_id, pubkey, is_self) VALUES ('y', '\x01', true);fails with a unique-violation onnodes_only_one_self.🤖 Generated with Claude Code