GO-6240 ownership transfer by cheggaaa · Pull Request #185 · anyproto/any-sync-filenode

cheggaaa · 2025-11-10T12:58:29Z

I understand that contributing to this repository will require me to agree with the CLA

Description

What type of PR is this? (check all applicable)

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings

Added tests?

👍 yes
🙅 no, because they aren't needed
🙋 no, because I need help

Added to documentation?

📜 README.md
📓 tech-docs
🙅 no documentation needed

[optional] Are there any post-deployment tasks we need to perform?

socket-security · 2025-11-10T12:58:52Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/anyproto/any-sync@v0.11.4 ⏵ v0.11.7	⁺¹
	google.golang.org/protobuf@v1.36.10 ⏵ v1.36.11	⁺¹
	golang.org/x/sync@v0.18.0 ⏵ v0.19.0

View full report

github-actions · 2025-11-10T13:01:30Z

New Coverage	61.9% of statements
Patch Coverage	72.7% of changed statements (189/260)

^{Coverage provided by https://github.com/seriousben/go-patch-cover-action}

socket-security · 2026-01-12T14:39:58Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: golang `github.com/libp2p/go-libp2p` is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: `?` → `golang/github.com/anyproto/any-sync@v0.11.7` → `golang/github.com/ipfs/go-block-format@v0.2.3` → `golang/github.com/libp2p/go-libp2p@v0.46.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/libp2p/go-libp2p@v0.46.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

deff7 · 2026-01-13T09:16:08Z

+	"github.com/anyproto/any-sync-filenode/index/indexproto"
+)
+
+func (ri *redisIndex) CheckOwnership(ctx context.Context, key Key, oldIdentity string, aclRecordIndex int) (err error) {


CheckOwnership not only checks, but also moves ownership, maybe name it something like CheckAndMoveOwnership?

cheggaaa added 4 commits October 29, 2025 18:26

update any-sync

c083c5d

index: Move

a3bb4c1

switch to vt proto + fix Makefile + regen mocks

8281e05

merge

9cf1b35

cheggaaa marked this pull request as draft November 13, 2025 16:28

cheggaaa added 9 commits November 17, 2025 12:48

merge

c9edd8f

check owner pub key inside the ReadState

863c02e

check ownership

1348162

merge

6c393b7

update any-sync

73acff6

index: ownership tests

b1b80a9

ChangeOwnership rpc implementation

c4bf3ed

handle ownership transfer in deletion log

dc924bf

ownership transfer fixes

8382a20

cheggaaa marked this pull request as ready for review January 12, 2026 14:45

err check

87d499e

deff7 reviewed Jan 13, 2026

View reviewed changes

rename CheckOwnership -> CheckAndMoveOwnership

4e26433

deff7 approved these changes Jan 13, 2026

View reviewed changes

cheggaaa merged commit 89ce034 into main Jan 13, 2026
6 checks passed

cheggaaa deleted the GO-6240-ownership-transfer branch January 13, 2026 11:44

github-actions bot locked and limited conversation to collaborators Jan 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GO-6240 ownership transfer#185

GO-6240 ownership transfer#185
cheggaaa merged 15 commits intomainfrom
GO-6240-ownership-transfer

cheggaaa commented Nov 10, 2025

Uh oh!

socket-security bot commented Nov 10, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Nov 10, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Jan 12, 2026 •

edited

Loading

Uh oh!

deff7 Jan 13, 2026

Uh oh!

cheggaaa Jan 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

cheggaaa commented Nov 10, 2025

Description

What type of PR is this? (check all applicable)

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings

Added tests?

Added to documentation?

[optional] Are there any post-deployment tasks we need to perform?

Uh oh!

socket-security bot commented Nov 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Nov 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Jan 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

deff7 Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

cheggaaa Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

socket-security bot commented Nov 10, 2025 •

edited

Loading

github-actions bot commented Nov 10, 2025 •

edited

Loading

socket-security bot commented Jan 12, 2026 •

edited

Loading