Vault Sharing With GestaltId

[addievo]

Specification

A user should be able to use a node id, OR an identity to be able to share a vault, currently vaults can be shared only with node ID's, however, sharing with identities is a crucial part of Polykey.

The desired behaviour should be that sharing a vault with a nodeId shares the vault with the entire gestalt. This is because Gestalts are addressable by both nodeIds and identityProviderIds. Furthermore, the VaultShare handlers should also be able to accept identityProviderIds as well, and take the first discovered node of the identity to trust.

There are some implications regarding discovery. For example, in the case where node B trusts node A, and hence gestalt A, but node C joins gestalt A after this, so that node B does not know that node C is in gestalt A yet.

Additional Context

There is existing discussion about how to do this in Polykey: MatrixAI/Polykey#626. This CLI issue is derived from that.

Tasks

1. Enable sharing of vault with gestalt ID.
2. Allow for nodes from the same trusted gestalt to clone/pull a vault
3. When a vault is shared with a gestalt, implement notifications for all nodes of that gestalt
4. Update discovery mechanism when vault pull is called.

[addievo]

Currently proposed way of achieving this :

1. Use identity list to acquire all the nodeIDs associated with an identity.
2. Iterate and share vault with all nodeIDs.

[CMCDragonkai]

Without this, the user has to copy paste the node ID after listing the nodes of a gestalt.

With this, it should be possible to just directly pass in ProviderId:UserId as the target of sharing, and it would share it with ALL the nodes in the gestalt.

[CMCDragonkai]

More testing for the social discovery is needed, I don't think we have robust testing of the entire loop between social discovery and gestalt expansion or contraction.

[CMCDragonkai]

I think we should get this at the very least before re-running the CLI demo after #551 is merged.

[amydevs]

Currently proposed way of achieving this :

1. Use `identity list` to acquire all the nodeIDs associated with an identity.

2. Iterate and share vault with all nodeIDs.

IMO, this should be done in the ACL rather than like this, so that any node that joins a Gestalt automatically gains the permissions of the Gestalt

[CMCDragonkai]

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

[amydevs]

There

That should already be true. But the social discovery system needs integration testing and/or simulation testing.

Idk if i see anything in acl.ts that handles permissions to nodes for gestalts. Or anything that means if you share with one node, u share with all nodes in the gestalt

[CMCDragonkai]

It should be in the gestalt graph too. Check that.

[CMCDragonkai]

This should work like this:

# using a gestalt ID
pk vaults share myvault github.com:cmcdragonkai
# using a node ID (which is still a gestalt ID)
pk vaults share myvault vm27fr...

Both provider and identity and node id are all valid gestalt IDs, so that should be supported.

[amydevs]