Forward wire payloads to clients verbatim #28

Merged

arne merged 2 commits from forward-wire-payloads-to-clients into main 2026-05-13 22:13:51 +02:00

Conversation 0 Commits 2 Files changed 8 +167 -438

arne commented 2026-05-13 22:01:45 +02:00

Owner

Copy link

Summary

• Drops internal/payload translation entirely (~190 LOC + tests).
• The client API now POSTs and receives spec-canonical payloads
  ({"kind":"posta.text/v1","body":...}, {"kind":"posta.link/v1","url":...})
  directly. The server treats payload bytes opaquely in both
  directions — what clients send is what gets signed on the wire;
  what arrives on the wire is what clients see in the DTO.
• Keeps one ingress check: posta.link/v1 must carry an https URL
  (SPEC §13.3), inlined in messages.go.
• CLIENT_API.md updated to describe the new contract and point
  at SPEC §13 / §13.1.3 for kind discrimination.

Why

The translation was renaming body → text and wrapping link fields
in image: {...}. Clients already had to handle unknown kinds via
the passthrough fallback, so making them handle all kinds the same
way is more honest. It also means new spec-defined kinds work
without server changes, and removes the failure mode where wrap/
unwrap drifts from the spec.

Client follow-up

The TUI (and future iOS) needs to discriminate on `kind` and read
`body`/`url` directly. Not in this repo.

Test plan

• `go test ./...` green
• `go vet ./...` clean
• Manually verify end-to-end with the TUI once it's updated

## Summary - Drops `internal/payload` translation entirely (~190 LOC + tests). - The client API now POSTs and receives spec-canonical payloads (`{"kind":"posta.text/v1","body":...}`, `{"kind":"posta.link/v1","url":...}`) directly. The server treats payload bytes opaquely in both directions — what clients send is what gets signed on the wire; what arrives on the wire is what clients see in the DTO. - Keeps one ingress check: `posta.link/v1` must carry an https URL (SPEC §13.3), inlined in `messages.go`. - `CLIENT_API.md` updated to describe the new contract and point at SPEC §13 / §13.1.3 for kind discrimination. ## Why The translation was renaming `body` → `text` and wrapping link fields in `image: {...}`. Clients already had to handle unknown kinds via the passthrough fallback, so making them handle all kinds the same way is more honest. It also means new spec-defined kinds work without server changes, and removes the failure mode where wrap/ unwrap drifts from the spec. ## Client follow-up The TUI (and future iOS) needs to discriminate on \`kind\` and read \`body\`/\`url\` directly. Not in this repo. ## Test plan - [x] \`go test ./...\` green - [x] \`go vet ./...\` clean - [ ] Manually verify end-to-end with the TUI once it's updated

arne added 1 commit 2026-05-13 22:01:45 +02:00

Forward wire payloads to clients verbatim ... f68d3a4f6d

The client API previously translated between ergonomic shapes
({"text":"hi"}, {"image":{...}}) and the canonical wire kinds from
SPEC §13. Drop the translation entirely: clients now POST and
receive spec-canonical payloads ({"kind":"posta.text/v1","body":"hi"},
{"kind":"posta.link/v1","url":"https://..."}) directly. The server
treats payload bytes opaquely in both directions.

This removes ~190 lines from internal/payload, eliminates the failure
mode where wrap/unwrap shape drifts from the spec, and makes new
spec-defined kinds work without server changes — clients already had
to handle unknown kinds via the passthrough fallback, so making them
handle all kinds the same way is more honest.

The one ingress check kept is the https-URL invariant for
posta.link/v1 (SPEC §13.3), inlined into messages.go.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

arne added 1 commit 2026-05-13 22:10:01 +02:00

Require kind discriminator at ingress ... 531f947d31

Tighten validateWirePayload to reject payloads missing a kind, and
also reject posta.link/v1 with an empty url. SPEC §13.1 makes kind a
SHOULD, but at our own boundary we make it MUST — the spec-canonical
shape is the only shape we'll sign, so receivers never have to fall
back to opaque rendering for payloads we produced.

Drops the lingering escape hatch where a client could send legacy
{"text":"hi"} or any other kind-less blob and have us sign it
verbatim.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

arne merged commit 0c484e8dfc into main 2026-05-13 22:13:51 +02:00

arne deleted branch forward-wire-payloads-to-clients 2026-05-13 22:13:51 +02:00

arne referenced this pull request from a commit 2026-05-13 22:13:52 +02:00

Forward wire payloads to clients verbatim (#28)

arne referenced this pull request from a commit 2026-05-13 22:37:59 +02:00

Migration v8: rewrite legacy text payloads to canonical form

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is broken

  

enhancement

New feature or improvement

  

needs-info

Waiting on reporter for more information

  

needs-triage

Awaiting triage

  

ready-for-agent

Fully specified, ready for an AFK agent

  

ready-for-human

Needs human implementation

  

wontfix

Will not be actioned

No labels

bug

enhancement

needs-info

needs-triage

ready-for-agent

ready-for-human

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

posta/server!28

No description provided.