Skip to content

fix: persist and recover did:key identity in dev mode#44

Merged
beonde merged 2 commits intomainfrom
fix/dev-mode-did-key-recovery
Mar 16, 2026
Merged

fix: persist and recover did:key identity in dev mode#44
beonde merged 2 commits intomainfrom
fix/dev-mode-did-key-recovery

Conversation

@beonde
Copy link
Member

@beonde beonde commented Mar 16, 2026

Problem

When SimpleGuard(dev_mode=True) is called and capiscio_keys/private.pem already exists on disk (from a prior run), _load_or_generate_keys() takes the "load existing key" branch which only sets signing_kid — it never recovers the did:key identity. The agent_id stays stuck at the "local-dev-agent" placeholder set by _resolve_identity().

This causes test_dev_mode_auto_generates_did_key to fail in CI because the E2E runner reuses the key directory across test runs.

Root Cause

Two-part issue:

  1. The generate branch correctly derives did:key from the gRPC response but never persists it
  2. The load branch has no way to recover the did:key since it's not in the LoadKey gRPC response

Fix

  • On generate: Persist did:key to capiscio_keys/did_key.txt sidecar file
  • On load: Read did_key.txt back when in dev mode with no explicit agent_id

This is entirely within the Python SDK — no cross-repo gRPC proto changes needed.

Testing

  • 352/355 unit tests pass (3 pre-existing failures in test_process.py — unrelated binary path tests)
  • All 13 test_simple_guard.py unit tests pass

@beonde
fix: persist and recover did:key identity in dev mode
69992ee 
When private.pem already exists on disk, _load_or_generate_keys() loaded
the key but never recovered the did:key identity, leaving agent_id stuck
at the placeholder 'local-dev-agent'.

Fix: persist did:key to capiscio_keys/did_key.txt on first generation,
read it back on subsequent loads. No cross-repo changes needed.
Copilot AI review requested due to automatic review settings March 16, 2026 18:32
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ Documentation validation passed!

Unified docs will be deployed from capiscio-docs repo.

@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ All checks passed! Ready for review.

@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests.

@codecov
Copy link

codecov bot commented Mar 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes SimpleGuard(dev_mode=True) identity persistence so a previously generated did:key is recovered when reusing an existing capiscio_keys/private.pem, avoiding the "local-dev-agent" placeholder across restarts/reruns.

Changes:

  • Persist generated did:key to capiscio_keys/did_key.txt during dev-mode key generation.
  • Recover did:key from did_key.txt when loading an existing key in dev mode (when agent_id wasn’t explicitly provided).

You can also share your feedback on Copilot code review. Take the survey.

capiscio_sdk/simple_guard.py
Comment on lines +316 to +317
self.agent_id = did_key_path.read_text().strip()
logger.info(f"Dev Mode: Recovered did:key identity: {self.agent_id}")
capiscio_sdk/simple_guard.py
Comment on lines +333 to +334
# Persist did:key for recovery on subsequent loads
did_key_path.write_text(did_key)
capiscio_sdk/simple_guard.py
Comment on lines +314 to +317
# Recover did:key identity from sidecar file if in dev mode
if self.dev_mode and not self._explicit_agent_id and did_key_path.exists():
self.agent_id = did_key_path.read_text().strip()
logger.info(f"Dev Mode: Recovered did:key identity: {self.agent_id}")
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ Documentation validation passed!

Unified docs will be deployed from capiscio-docs repo.

@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ All checks passed! Ready for review.

@github-actions
Copy link

github-actions bot commented Mar 16, 2026

✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests.

@beonde beonde merged commit a6d61d9 into main Mar 16, 2026
13 checks passed
@beonde beonde deleted the fix/dev-mode-did-key-recovery branch March 16, 2026 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@beonde