Skip to content

fix(ui): migrate signing key to delegate on identity import#186

Merged
sanity merged 3 commits intomainfrom
fix/import-delegate-key-migration
Mar 21, 2026
Merged

fix(ui): migrate signing key to delegate on identity import#186
sanity merged 3 commits intomainfrom
fix/import-delegate-key-migration

Conversation

@sanity
Copy link
Copy Markdown
Contributor

@sanity sanity commented Mar 21, 2026

Problem

After importing an identity token, sending messages fails with "State verification failed: Invalid signature" (report 7Y3PM6, issue #185). The chat delegate may have a stale signing key for the room from a prior session. When the user sends a message, sign_message_with_fallback() asks the delegate to sign first — the delegate uses the old key, producing signatures the contract rejects.

This affected ALL imports, including tokens exported from the same node on the same version.

Approach

Migrate the imported signing key to the delegate immediately during the import flow, before any message sends can occur. Uses migrate_signing_key() which:

  1. Checks if the delegate already has a key for this room
  2. If the existing key matches → no-op (AlreadyCurrent)
  3. If the existing key is stale → overwrites it (StaleKeyOverwritten)
  4. If no key exists → stores it (Stored)

After successful migration, also runs remove_unverifiable_messages() to sanitize any messages in local state that may have been signed with the old key.

Testing

  • All tests pass (cargo make test)
  • UI WASM compilation verified
  • No WASM migration needed (UI-only change)

Closes #185

[AI-assisted - Claude]

sanity and others added 3 commits March 21, 2026 12:18
@sanity @claude
fix(ui): migrate signing key to delegate immediately on identity import
09c9b59 
After importing an identity, the chat delegate may have a stale signing
key for the room from a prior session. When the user tries to send a
message, the delegate signs with the old key, producing signatures that
the contract rejects ("State verification failed: Invalid signature").

The fix migrates the imported signing key to the delegate immediately
during the import flow, before any message sends can occur. This uses
migrate_signing_key() which handles the stale key case by overwriting
any existing key and then sanitizing messages with invalid signatures.

Closes #185

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sanity @claude
test: add unit tests for remove_unverifiable_messages
eacd596 
Tests three cases: message with wrong signature removed while valid
messages kept, unknown author removed, and empty messages list handled.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sanity @claude
fix: sync sanitized state after removing stale-key messages
1adceb3 
Match the pattern in get_response.rs: track whether
remove_unverifiable_messages actually removed anything, and call
mark_needs_sync to persist the cleaned state to the delegate.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sanity sanity merged commit c3b5f0c into main Mar 21, 2026
5 checks passed
@sanity sanity deleted the fix/import-delegate-key-migration branch March 21, 2026 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Restoring room ID from an exported ID doesn't work completely.

1 participant

@sanity