Merge remote-tracking branch 'origin/issue/40' into issue/43

.github/CODEOWNERS

@@ -24,4 +24,4 @@
 /crates/aranya-quic-syncer @benz-spideroak @jdygert-spok
 /crates/aranya-runtime @jdygert-spok @elagergren-spideroak
 
-/.github @elagergren-spideroak @jdygert-spok
+/.github @djohnson-spideroak @elagergren-spideroak @gknopf-aranya @jdygert-spok

.github/workflows/release-plz.yml

@@ -0,0 +1,56 @@
+# Workflow for automating Rust crate publishing and release PRs.
+# repo:
+# https://github.com/release-plz/release-plz
+# quickstart:
+# https://release-plz.dev/docs/github/quickstart
+name: Release-plz
+
+permissions:
+  pull-requests: write
+  contents: write
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+
+  # Release unpublished packages.
+  release-plz-release:
+    name: Release-plz release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/setup
+      - name: Run release-plz
+        uses: aranya-project/release-plz-action@main
+        with:
+          command: release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.ARANYA_BOT_CRATESIO_CARGO_LOGIN_KEY }}
+
+  # Create a PR with the new versions and changelog, preparing the next release.
+  release-plz-pr:
+    name: Release-plz PR
+    runs-on: ubuntu-latest
+    concurrency:
+      group: release-plz-${{ github.ref }}
+      cancel-in-progress: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/setup
+      - name: Run release-plz
+        uses: aranya-project/release-plz-action@main
+        with:
+          command: release-pr
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.ARANYA_BOT_CRATESIO_CARGO_LOGIN_KEY }}

crates/aranya-crypto/src/afc/mod.rs

@@ -17,7 +17,7 @@
 //! then encrypted to ourself using HPKE and the encapsulation
 //! and ciphertext are added to the command.
 //!
-//! [AFC]: https://git.spideroak-inc.com/spideroak-inc/afc
+//! [AFC]: https://github.com/aranya-project/aranya-core/tree/main/crates/aranya-fast-channels
 
 mod bidi;
 mod keys;

crates/aranya-crypto/src/apq.rs

@@ -118,7 +118,7 @@ custom_id! {
 /// A [symmetric key] used to encrypt queue messages for
 /// a particular topic.
 ///
-/// [symmetric key]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#topickey
+/// [symmetric key]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#topickey
 pub struct TopicKey<CS: CipherSuite> {
     // TopicKey is quite similar to GroupKey. However, unlike
     // GroupKey, we do not compute the key from the seed each
@@ -338,7 +338,7 @@ impl<CS: CipherSuite> TopicKey<CS> {
 
     /// Derives a key for [`Self::open`] and [`Self::seal`].
     ///
-    /// See <https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#topickey-generation>
+    /// See <https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#topickey-generation>
     fn derive_key(
         seed: &[u8; 64],
         version: Version,
@@ -367,7 +367,7 @@ ciphertext!(EncryptedTopicKey, U64, "An encrypted [`TopicKey`].");
 
 /// The private half of a [SenderSigningKey].
 ///
-/// [SenderSigningKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#sendersigningkey
+/// [SenderSigningKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#sendersigningkey
 pub struct SenderSigningKey<CS: CipherSuite>(<CS::Signer as Signer>::SigningKey);
 
 key_misc!(SenderSigningKey, SenderVerifyingKey, SenderSigningKeyId);
@@ -461,7 +461,7 @@ unwrapped! {
 
 /// The public half of a [SenderSigningKey].
 ///
-/// [SenderSigningKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#sendersigningkey
+/// [SenderSigningKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#sendersigningkey
 pub struct SenderVerifyingKey<CS: CipherSuite>(<CS::Signer as Signer>::VerifyingKey);
 
 impl<CS: CipherSuite> SenderVerifyingKey<CS> {
@@ -495,7 +495,7 @@ impl<CS: CipherSuite> SenderVerifyingKey<CS> {
 
 /// The private half of a [SenderKey].
 ///
-/// [SenderKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#senderkey
+/// [SenderKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#senderkey
 pub struct SenderSecretKey<CS: CipherSuite>(<CS::Kem as Kem>::DecapKey);
 
 key_misc!(SenderSecretKey, SenderPublicKey, SenderKeyId);
@@ -517,12 +517,12 @@ unwrapped! {
 
 /// The public half of a [SenderKey].
 ///
-/// [SenderKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#senderkey
+/// [SenderKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#senderkey
 pub struct SenderPublicKey<CS: CipherSuite>(<CS::Kem as Kem>::EncapKey);
 
 /// The private half of a [ReceiverKey].
 ///
-/// [ReceiverKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#receiverkey
+/// [ReceiverKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#receiverkey
 pub struct ReceiverSecretKey<CS: CipherSuite>(<CS::Kem as Kem>::DecapKey);
 
 key_misc!(ReceiverSecretKey, ReceiverPublicKey, ReceiverKeyId);
@@ -590,7 +590,7 @@ unwrapped! {
 
 /// The public half of a [ReceiverKey].
 ///
-/// [ReceiverKey]: https://git.spideroak-inc.com/spideroak-inc/apq/blob/spec/design.md#receiverkey
+/// [ReceiverKey]: https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/main/src/apq.md#receiverkey
 pub struct ReceiverPublicKey<CS: CipherSuite>(<CS::Kem as Kem>::EncapKey);
 
 impl<CS: CipherSuite> ReceiverPublicKey<CS> {

crates/aranya-crypto/src/lib.rs

@@ -6,7 +6,7 @@
 //! cryptography is centralized inside of the *cryptography
 //! engine*. The cryptographic APIs provided by the cryptography
 //! engine are described in multiple documents, including the
-//! [IDAM] and [IDAM crypto] specs.
+//! [IDAM crypto] spec.
 //!
 //! While it's generally referred to as *the* cryptography
 //! engine, it's important to note that there can be multiple
@@ -34,8 +34,8 @@
 //! contextual binding purposes. Among other things, this helps
 //! prevent cross-version attacks.
 //!
-//! [IDAM crypto]: https://git.spideroak-inc.com/spideroak-inc/flow3-docs/blob/37bfddf39c37ae258615e8bf2617432aaf8d453a/idam_crypto.md
-//! [IDAM]: https://git.spideroak-inc.com/spideroak-inc/flow3-docs/blob/8bf06fdfdb4521f96892de9eff8c7b2908413ace/src/idam.md
+// TODO: Once the idam_crypto doc gets open sourced this link should be updated. <https://github.com/aranya-project/aranya-docs/issues/17>
+//! [IDAM crypto]: <https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/idam-crypto-apis/src/idam_crypto.md>
 
 #![allow(unstable_name_collisions)]
 #![cfg_attr(docsrs, feature(doc_cfg))]

crates/aranya-fast-channels/src/mutex.rs

@@ -68,8 +68,7 @@ impl<T: ?Sized> DerefMut for MutexGuard<'_, T> {
 /// - On Linux + `libc`, this uses futexes.
 /// - Elsewhere, this uses a naive spinlock.
 ///
-/// The implementation is taken from the Go standard library, see
-/// <https://git.spideroak-inc.com/spideroak-inc/flow3/blob/d65610cc6c543cc302f40939fff1ed6165e9f8b3/policy/shm/mutex.go>
+/// The implementation is taken from the Go standard library.
 #[repr(C, align(8))]
 #[derive(Default, Debug)]
 pub(crate) struct Mutex<T: ?Sized> {

crates/aranya-idam-ffi/src/lib.rs

@@ -6,17 +6,18 @@
 //! for policy code. The language syntax and logic is described
 //! in the [policy lang] spec, while an in-depth explanation of
 //! the policy that makes up Aranya's IdAM system can be found
-//! in the [IDAM] spec.
+//! in the [default policy].
 //!
 //! Aranya's IdAM code makes use of several external functions
 //! belonging to other modules, which are callable by the policy
 //! via a foreign function interface (FFI) of the APIs made
 //! available by a particular module. For details on the
 //! cryptographic APIs used by IdAM, see [IDAM crypto].
 //!
-//! [IDAM crypto]: https://github.com/spideroak-inc/flow3-docs/blob/37bfddf39c37ae258615e8bf2617432aaf8d453a/idam_crypto.md
-//! [IDAM]: https://github.com/spideroak-inc/flow3-docs/blob/8bf06fdfdb4521f96892de9eff8c7b2908413ace/src/idam.md
-//! [policy lang]: https://git.spideroak-inc.com/spideroak-inc/flow3-docs/blob/main/src/policy-v1.md
+// TODO: Once the idam_crypto doc gets open sourced this link should be updated. <https://github.com/aranya-project/aranya-docs/issues/17>
+//! [IDAM crypto]: <https://git.spideroak-inc.com/spideroak-inc/aranya-docs/blob/idam-crypto-apis/src/idam_crypto.md>
+//! [default policy]: <https://github.com/aranya-project/aranya/blob/main/crates/aranya-daemon/src/policy.md>
+//! [policy lang]: <https://github.com/aranya-project/aranya-docs/blob/main/src/policy-v1.md>
 
 #![cfg_attr(docsrs, feature(doc_cfg))]
 #![cfg_attr(not(any(test, doctest)), no_std)]

crates/aranya-model/src/tests/mod.rs

@@ -1414,9 +1414,8 @@ fn should_create_clients_with_args() {
     assert_eq!(effects, expected);
 }
 
-/// Test for <https://git.spideroak-inc.com/spideroak-inc/flow3-rs/issues/917>.
 #[test]
-fn test_storage_fact_issue_917() {
+fn test_storage_fact() {
     let basic_clients = BasicClientFactory::new(BASIC_POLICY).unwrap();
     let mut test_model = RuntimeModel::new(basic_clients);
 

crates/aranya-policy-vm/tests/vm.rs

@@ -1195,8 +1195,6 @@ fn test_match_default() -> anyhow::Result<()> {
 
 #[test]
 fn test_match_return() -> anyhow::Result<()> {
-    // See https://git.spideroak-inc.com/spideroak-inc/flow3-rs/issues/800
-
     let text = r#"
         action foo(val int) {
             check val == bar()

crates/aranya-runtime/src/client/session.rs

@@ -2,7 +2,7 @@
 //!
 //! See [`ClientState::session`] and [`Session`].
 //!
-//! Design discussion/docs: <https://git.spideroak-inc.com/spideroak-inc/flow3-docs/pull/53>
+//! Design doc: [Aranya Sessions](https://github.com/aranya-project/aranya-docs/blob/main/src/Aranya-Sessions-note.md)
 
 use alloc::{
     boxed::Box,

crates/aranya-runtime/src/testing/vm.rs

@@ -410,7 +410,7 @@ pub fn test_query_fact_value(engine: TestEngine) -> Result<(), VmPolicyError> {
 }
 
 /// Test ephemeral Aranya session.
-/// See `flow3-docs/src/Aranya-Sessions-note.md`.
+/// See `https://github.com/aranya-project/aranya-docs/blob/main/src/Aranya-Sessions-note.md`.
 ///
 /// The [`TestEngine`] must be instantiated with
 /// [`TEST_POLICY_1`].