docs(stack): protect-ffi 0.26 changeset — region→workspaceCrn migration + server-side lock-context enforcement note#549
Conversation
…on + server-side lock-context note Two additions flagged by the consolidated review on #547: - an explicit region→workspaceCrn migration paragraph for the WASM-inline path (what to set, where the CRN comes from, that region is now ignored) - a paragraph spelling out that lock-context enforcement is now server-side only: a wrong/missing identity claim surfaces as a ZeroKMS decryption failure rather than a client-side throw
|
| Name | Type |
|---|---|
| @cipherstash/stack | Minor |
| @cipherstash/bench | Patch |
| @cipherstash/prisma-next | Patch |
| @cipherstash/basic-example | Patch |
| @cipherstash/prisma-next-example | Patch |
| @cipherstash/e2e | Patch |
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR adds a changeset documenting migration guidance for ChangesChangeset Documentation Update
Estimated code review effort: 1 (Trivial) | ~2 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
The |
Two wording additions to
.changeset/stack-protect-ffi-0-26-oidc-strategy.md, flagged by the consolidated review on #547 (🟢 items — the review confirmed theminorbump is semver-correct pre-1.0, so this is documentation only):region→workspaceCrnmigration paragraph for the WASM-inline path: setworkspaceCrn/CS_WORKSPACE_CRNto the dashboard CRN (crn:<region>.aws:<workspace-id>), the region is derived from it, and a passedregionis ignored.withLockContexttime, so a wrong/missing identity claim surfaces as a ZeroKMS decryption failure rather than a client-side throw. Guarantee unchanged (ZeroKMS enforces); early-feedback callers should assert on the operation'sfailureresult.No code changes.
Summary by CodeRabbit