diff --git a/AI.md b/AI.md index a140331..da62f36 100644 --- a/AI.md +++ b/AI.md @@ -415,6 +415,121 @@ Desired future server log format: functions/macros and normalize message format gradually. +## 2026-06-06 - handoff for next chat: redesign plus FLAIM/directory foundation + +This is the latest working handoff from the long FLAIM/MatrixSSL/nwssl session. +If a new chat starts, ask the user for the current root bundle and the current +bundles or pushed refs for all submodules before constructing a build tree. Do +not assume the bundles named in the old chat are still current. + +There are now two active work streams. Keep them separate in patches and in +commit messages: + +1. **mars-nwe redesign / future-proofing of existing code.** This is the + `REDESIGN.md` track. The next intended first task is small: add a typed + enum/type layer for internal operations/request kinds/schema-facing IDs so + old magic strings and magic numbers can be translated at one boundary before + moving larger logic. Read `REDESIGN.md`, `TODO.md`, and this file before + proposing the first enum patch. Do not start with a large rewrite. +2. **vendored storage/crypto/directory infrastructure.** This is the track + that introduced `libnwowfat`, `libnwsodium`, `libnwmatrixssl`, `libnwssl`, + `libnwflaim*`, and `libnwdirectory`/tinyldap integration. The purpose is to + later replace old local helper code and, more importantly, to move + tinyldap/nwdirectory away from flat files toward a FLAIM-backed store. + +Current green test state reached in the previous chat: + +```sh +ctest -L flaim --output-on-failure +# nwflaim.database.create-and-check ......... Passed +# mars_nwe.flaim.api-create-query-encrypt ... Passed +# mars_nwe.xflaim.api-alloc ................. Passed + +ctest -L nwflaim --output-on-failure +# nwflaim.database.create-and-check ... Passed +``` + +Meaning of the green tests: + +- FLAIM tools can create and check a database through CTest. +- mars-nwe root tests can create a classic FLAIM database, add a dictionary + `EncDef` through the dictionary API, write/read/query records, close/reopen + the database, and verify the test secret is not visible as plaintext on disk. +- `libnwssl` now has a functional NICI/CCS compatibility layer sufficient for + classic FLAIM at-rest encryption tests. +- XFLAIM stays build-covered but does **not** use the classic FLAIM NICI compat + path; NICI support is scoped to classic FLAIM targets only. +- FlaimSQL is experimental and must be default `OFF`; do not let default + mars-nwe builds link hard against `libnwflaimsql`. + +Important FLAIM/nwssl fixes that were part of the green state: + +- `libnwssl` owns `include/nwssl/private/nici/*` and the NICI/CCS compatibility + implementation used by FLAIM. +- `CCS_Init()` / `CCS_Shutdown()` exist for FLAIM startup/cleanup. +- NICI handle types must match FLAIM `FLMUINT` width on 64-bit builds. +- MatrixSSL must export the same AES-related compiler options/defines to + consumers that it used for `libnwmatrixssl`, otherwise `psCryptoOpen()` fails + with a crypto config mismatch. +- FLAIM dictionary code had EOF-as-not-found / EOF-as-end-of-base64 decode cases + that needed to be treated as success in the relevant paths. +- The encrypted root test must create `EncDef` through the dictionary API; do not + put `encdef` as a child of a `field` record. + +Known remaining FLAIM follow-up: + +- Manual `nwflmgigatest -b` with default 100000 records still hit a + `Gleitkomma-Ausnahme` / SIGFPE even though the CTest DB smoke passes. The + divisions in `gigaUpdateLoadTimes()` were already guarded. The likely bug is + shutdown ordering in `flaim/util/gigatest.cpp`: the code stops the screen + thread, then later calls `gigaUpdateLoadTimes()` and stops the screen thread + again. The next small mars-flaim patch should move final stats before the + first `gigaStopScreenThread()` and stop the screen thread only once. Verify + with: + + ```sh + cd /third_party/flaim + ./nwflmgigatest -b + echo $? + ctest -L nwflaim --output-on-failure + ctest -L flaim --output-on-failure + ``` + +At-rest encryption/key policy notes: + +- FLAIM encryption uses a database wrapping key plus EncDef keys. The EncDef + key is stored in FLAIM metadata in wrapped/encrypted form; records use the + EncDef key for encrypted field/blob storage. +- The current `nwssl` NICI/CCS layer is a functional compatibility layer for + tests and initial directory storage work. Before storing real production + directory secrets, define a key policy: where the server/tree master key lives, + how it is created, how backups/restores work, and how rotation will later be + handled. +- Candidate future key locations are root-only files such as + `/etc/mars_nwe/nwssl.key` or `/var/lib/mars_nwe/keys/...` with mode `0600`. + Do not hard-code a production master key into the database or source. + +TinyLDAP / directory follow-up test ideas before replacing flat-file storage: + +- Create/open/reopen a directory database. +- Add user object, group object, and user-to-group membership. +- Lookup by DN/name and by indexed common attributes. +- Authenticate user/password; password material must not appear plaintext in the + FLAIM database files. +- Duplicate object/name conflict, delete, rename/move, restart/reopen recovery. +- Once the user extracts real NetWare 4.11 schema data, add schema tests for + object classes, mandatory/optional attributes, attribute syntax, + single/multi-value rules, naming attributes, inheritance, and default indexes. + +`nwsetup` direction: + +- ncurses is already needed for FLAIM tools and should also support a future + `nwsetup` tool. The user wants a NetWare-like phase-2 setup flow for + provisioning the Directory tree. Later `nwsetup` should initialize the + FLAIM-backed directory store, create tree/server/org/user/admin objects, set + the admin password, create default SYS/volume/config state, and avoid writing + reusable plaintext secrets to config files. + ## 2026-06-05 - current superbuild / storage / TLS handoff This chat switched from documentation-only endpoint audit work back to build and