maximus/Simpl-Resultat
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 23 Packages Wiki Activity Actions

feat(license): rotate Ed25519 public key for maximus-api (#49) #137

Merged
maximus merged 1 commit from issue-49-rotate-pubkey into main 2026-04-26 13:45:02 +00:00
Conversation 1 Commits 1 Files changed 3 +10 -3
maximus commented 2026-04-25 14:54:38 +00:00
Owner
Copy link

Rotates the embedded Ed25519 public key in license_commands.rs:27-29 to match the maximus-api license server scaffolded for #49.

Context

maximus-api (https://git.lacompagniemaximus.com/maximus/maximus-api) was scaffolded on 2026-04-25 with a freshly generated Ed25519 keypair. The matching private key is held only on the server (env var ED25519_PRIVATE_KEY_PEM). For activations to work, the desktop client must embed the matching public key.

The previous public key had no production licenses signed against it — the server did not exist — so this rotation is invisible to existing users.

Verification

  • cargo check clean
  • cargo test --lib: 34 tests pass, including:
    • embedded_public_key_pem_parses (confirms the new PEM is well-formed)
    • All license_commands::tests::* (they use ad-hoc test keypairs, not the embedded one)

Merge timing

Hold this PR until maximus-api is deployed at api.lacompagniemaximus.com. Merging earlier is safe (auto-update is temporarily open to FREE per entitlements.rs:17, no licenses to validate yet) but pointless — once merged and a release is cut, every user pulls the new public key, and we want the server to be answering by then.

After merge:

  1. Cut a release (/release skill).
  2. Coordinate with the Coolify deployment of maximus-api so /licenses/activate is reachable when the new build ships.

Refs #49

Rotates the embedded Ed25519 public key in `license_commands.rs:27-29` to match the `maximus-api` license server scaffolded for #49. ## Context `maximus-api` (https://git.lacompagniemaximus.com/maximus/maximus-api) was scaffolded on 2026-04-25 with a freshly generated Ed25519 keypair. The matching private key is held only on the server (env var `ED25519_PRIVATE_KEY_PEM`). For activations to work, the desktop client must embed the matching public key. The previous public key had no production licenses signed against it — the server did not exist — so this rotation is invisible to existing users. ## Verification - `cargo check` clean - `cargo test --lib`: 34 tests pass, including: - `embedded_public_key_pem_parses` (confirms the new PEM is well-formed) - All `license_commands::tests::*` (they use ad-hoc test keypairs, not the embedded one) ## Merge timing **Hold this PR until `maximus-api` is deployed at `api.lacompagniemaximus.com`.** Merging earlier is safe (auto-update is temporarily open to FREE per `entitlements.rs:17`, no licenses to validate yet) but pointless — once merged and a release is cut, every user pulls the new public key, and we want the server to be answering by then. After merge: 1. Cut a release (`/release` skill). 2. Coordinate with the Coolify deployment of `maximus-api` so `/licenses/activate` is reachable when the new build ships. Refs #49
maximus added 1 commit 2026-04-25 14:54:39 +00:00
feat(license): rotate embedded Ed25519 public key (#49)
All checks were successful
PR Check / rust (push) Successful in 22m58s
Details
PR Check / frontend (push) Successful in 2m17s
Details
PR Check / rust (pull_request) Successful in 22m0s
Details
PR Check / frontend (pull_request) Successful in 2m23s
Details
49dec51062 
Replace the placeholder public key with the one whose private
counterpart is now held by the maximus-api license server. The old
key had no licenses issued against it (the server did not exist), so
no users are affected.

The 34 Rust unit tests still pass — license_commands tests use
ad-hoc test keypairs rather than the embedded one, and
embedded_public_key_pem_parses confirms the new PEM is valid.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
maximus added the
source:human
status:review
type:feature
 labels 2026-04-25 14:54:48 +00:00
maximus commented 2026-04-26 13:22:15 +00:00
Author
Owner
Copy link

Verdict: APPROVE

Cleanly rotates the embedded Ed25519 license-verification public key to match the freshly-scaffolded maximus-api server. I derived the public key from the server's private key locally and confirmed it matches the PEM in this PR exactly. No existing licenses were issued against the old key, so the rotation is invisible to users.

Verified

  • Public key bytes match what openssl pkey -pubout produces from the server's ED25519_PRIVATE_KEY_PEM: MCowBQYDK2VwAyEAmUTcl7xjt01uc2FhPgvP0at0I/Pie0JLh73AApNy+o8=.
  • cargo test --lib license_commands: 9/9 pass, including embedded_public_key_pem_parses.
  • Comment in src-tauri/src/commands/license_commands.rs:25-27 updated with the new generation date and a pointer to maximus-api/.env on Coolify.
  • CHANGELOG updated bilingually under Changed / Modifie, referencing #49.
  • Merge-timing caveat in the PR body is the right call. Auto-update is currently open to FREE per entitlements.rs:17, so merging before the API is live is safe but pointless.

Suggestions (non-blocking)

  1. Rotation audit trail in license_commands.rs:25 — consider keeping a one-line history of past rotations (e.g. // Rotations: 2026-04-10 (initial, never used in prod), 2026-04-25 (current)) so future rotations have a precedent for traceability without git blame.
  2. User-facing CHANGELOG framing — the current Changed entry is technically accurate but invisible to users. The user-facing story is really "activations now work end-to-end" once the API is deployed. Could be deferred to the release-notes write-up rather than fixed in this PR.
  3. Regression guard on the constant — a tiny test asserting the SPKI prefix MCowBQYDK2VwAyEA is present in PUBLIC_KEY_PEM would catch an accidental clobber on a future merge. Cheap, optional.

Reviewed via the pr-review skill.

## Verdict: APPROVE Cleanly rotates the embedded Ed25519 license-verification public key to match the freshly-scaffolded `maximus-api` server. I derived the public key from the server's private key locally and confirmed it matches the PEM in this PR exactly. No existing licenses were issued against the old key, so the rotation is invisible to users. ### Verified - Public key bytes match what `openssl pkey -pubout` produces from the server's `ED25519_PRIVATE_KEY_PEM`: `MCowBQYDK2VwAyEAmUTcl7xjt01uc2FhPgvP0at0I/Pie0JLh73AApNy+o8=`. - `cargo test --lib license_commands`: 9/9 pass, including `embedded_public_key_pem_parses`. - Comment in `src-tauri/src/commands/license_commands.rs:25-27` updated with the new generation date and a pointer to `maximus-api/.env` on Coolify. - CHANGELOG updated bilingually under `Changed` / `Modifie`, referencing #49. - Merge-timing caveat in the PR body is the right call. Auto-update is currently open to FREE per `entitlements.rs:17`, so merging before the API is live is safe but pointless. ### Suggestions (non-blocking) 1. **Rotation audit trail** in `license_commands.rs:25` — consider keeping a one-line history of past rotations (e.g. `// Rotations: 2026-04-10 (initial, never used in prod), 2026-04-25 (current)`) so future rotations have a precedent for traceability without `git blame`. 2. **User-facing CHANGELOG framing** — the current `Changed` entry is technically accurate but invisible to users. The user-facing story is really "activations now work end-to-end" once the API is deployed. Could be deferred to the release-notes write-up rather than fixed in this PR. 3. **Regression guard on the constant** — a tiny test asserting the SPKI prefix `MCowBQYDK2VwAyEA` is present in `PUBLIC_KEY_PEM` would catch an accidental clobber on a future merge. Cheap, optional. _Reviewed via the `pr-review` skill._
maximus force-pushed issue-49-rotate-pubkey from 49dec51062 to 97680417ee 2026-04-26 13:43:27 +00:00 Compare
maximus merged commit c14de9a6f8 into main 2026-04-26 13:45:02 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
autopilot:pending-human

PR produced by /autopilot — awaits human review/merge

  
source:analyste

Créée par le Super-Analyste

  
source:defenseur

Créée par l Escouade Défenseur

  
source:human

Créée par un humain

  
source:medic

Créée par le Medic (auto-détection)

  
status:approved

PR approuvée, prête à merger

  
status:blocked

Bloquée (question, dépendance, clarification)

  
status:in-progress

Un agent (Medic/Dev) travaille dessus

  
status:needs-clarification

Issue blocked by ambiguity — Max needs to clarify before re-running autopilot

  
status:needs-fix

Reviewer demande des corrections

  
status:ready

Analysée et documentée, prête à prendre

  
status:review

PR créée, en attente du Reviewer

  
status:triage

Nouvelle issue, pas encore analysée

  
type:bug

Correction de bug → Medic

  
type:feature

Nouvelle fonctionnalité → Dev

  
type:infra

Config, CI/CD, déploiement → Dev

  
type:refactor

Refactoring / amélioration technique → Dev

  
type:schema

Modèle de données / migrations → Dev

  
type:security

Issue de sécurité → Medic ou Dev

No labels
autopilot:pending-human
source:analyste
source:defenseur
source:human
source:medic
status:approved
status:blocked
status:in-progress
status:needs-clarification
status:needs-fix
status:ready
status:review
status:triage
type:bug
type:feature
type:infra
type:refactor
type:schema
type:security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: maximus/Simpl-Resultat#137
No description provided.
Delete branch "issue-49-rotate-pubkey"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?