refactor(vta): adopt vta-sdk connect_auto, delete duplicated transport branch (R22)#107
Merged
Conversation
…t branch (R22) The DIDComm-vs-REST connect branch — transport selection, the `rest_fallback` derivation, and the empty-URL rule — was hand-rolled identically in two places: `did-git-sign/src/vta.rs::authenticate` and `openvtc-core/src/config/mod.rs::build_runtime_vta_client`. That logic is SDK-level knowledge, so vta-sdk 0.11 now exposes `VtaClient::connect_auto` (upstream issue OpenVTC/verifiable-trust-infrastructure#366). - Bump vta-sdk 0.10 -> 0.11. - `build_runtime_vta_client` delegates to `connect_auto`; a small `map_connect_error` keeps the R18 error taxonomy (Validation -> Config, Auth -> Auth, else -> Vta). - `did-git-sign` keeps its application-level policy (caller-side REST token cache + transient-failure retry) but routes the actual connect through `connect_auto` via a new `connect_with_retry`. Retry now covers the DIDComm path too — a benign improvement; a transient mediator hiccup is worth a second attempt on either transport. Behavior is otherwise identical for DIDComm-capable and REST-only VTAs. Gate: cargo fmt, clippy -D warnings, test --workspace all green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Glenn Gore <glenn.g@affinidi.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The DIDComm-vs-REST VTA connect branch — transport selection, the
rest_fallbackderivation, and the empty-vta_urlrule — was hand-rolledidentically in two places:
did-git-sign/src/vta.rs::authenticateopenvtc-core/src/config/mod.rs::build_runtime_vta_clientThat logic is SDK-level knowledge. The upstream issue
(OpenVTC/verifiable-trust-infrastructure#366) proposed
VtaClient::connect_auto,which shipped in vta-sdk 0.11 as
connect_auto(AutoConnect) -> ConnectedVta.Fix
vta-sdk0.10→0.11.build_runtime_vta_clientdelegates toconnect_auto. A smallmap_connect_errorpreserves the R18 error taxonomy:VtaError::Validation→OpenVTCError::Config(bad on-disk config, e.g.empty REST url),
VtaError::Auth→OpenVTCError::Auth, everything else(network / DIDComm session open) →
OpenVTCError::Vta.did-git-signkeeps its application-level policy — caller-side RESTtoken cache + transient-failure retry — but routes the actual connect
through
connect_autovia a newconnect_with_retry. The cached-tokenshort-circuit is now explicitly gated on the REST transport
(
mediator_did.is_none()), matching the prior implicit gating; theempty-access-token guard is preserved on the REST path.
Behavior notes
previously wrapped only the REST challenge-response). A transient mediator
hiccup is worth a second attempt on either transport; bounded by
MAX_AUTH_RETRIES = 2.Tests / gate
cargo fmt --all,cargo clippy --workspace --all-targets -- -D warnings,cargo test --workspace— all green.validate_credentialsunit tests indid-git-signunchanged andpassing.
connect_autosemantics forerror-mapping fidelity, cache gating, and the empty-token guard — no
correctness regressions.
Follow-up (pre-existing, out of scope)
did-git-sign::authenticatereturns theVtaClientto callers that never callshutdown(), leaking the DIDComm session pergit commit. This is identicalin the deleted code (not a regression). Worth a separate fix giving
did-git-sign a
with_didcomm-style scoped shutdown, mirroringopenvtc-core::with_runtime_vta_client.🤖 Generated with Claude Code