Implement Option B (enhanced env var) for T058.S2:
- Support multiple S3 credentials via S3_CREDENTIALS env var
- Format: "key1:secret1,key2:secret2,..."
- Backward compatible with S3_ACCESS_KEY_ID/S3_SECRET_KEY
- Add tests for both multi and single credential formats
This unblocks T039 production deployment while proper IAM
credential service (T060) is implemented separately.
Tests: 10/10 auth tests pass (added 2 new credential tests)
Refs: T058.S2 Option B (approved), T060 (proper IAM integration)
Pre-check key existence before delete to return accurate deleted count.
This unblocks integration tests while proper RaftResponse propagation
is deferred to T053.
- Single key: check exists via state_machine.kv().get()
- Range: count keys via state_machine.kv().range()
- Returns deleted=1 if key existed, deleted=0 otherwise
Integration tests now pass: 3/3 ✓
Refs: T059.S2 Option A (approved by PeerA)
- Remove chainfire_client.txn() calls (method doesn't exist)
- Use compare_and_swap(key, 0, value) for atomic wallet creation
- Use put() for wallet updates (CAS on version deferred to later)
- Remove unused proto imports (TxnRequest, TxnResponse, etc.)
- Simplify error handling using CasOutcome.success
This fixes compilation errors found in audit. CreditService now
compiles successfully.
Refs: Audit Fix 1/3
- Replace form_urlencoded with RFC 3986 compliant URI encoding
- Implement aws_uri_encode() matching AWS SigV4 spec exactly
- Unreserved chars (A-Z,a-z,0-9,-,_,.,~) not encoded
- All other chars percent-encoded with uppercase hex
- Preserve slashes in paths, encode in query params
- Normalize empty paths to '/' per AWS spec
- Fix test expectations (body hash, HMAC values)
- Add comprehensive SigV4 signature determinism test
This fixes the canonicalization mismatch that caused signature
validation failures in T047. Auth can now be enabled for production.
Refs: T058.S1
Refactored flaredb-server and plasmavmc-server to use a unified configuration
approach, supporting TOML files, environment variables, and CLI overrides.
This completes T027.S0 Config Unification.
Changes include:
- Created dedicated modules for both flaredb-server and plasmavmc-server
to define structs.
- Implemented for in both components.
- Modified in flaredb-server to use instead of .
- Modified in plasmavmc-server to add dependency.
- Refactored in both components to load config from TOML/env and apply
CLI overrides.
- Extended in plasmavmc-server/src/config.rs to include all
relevant Firecracker backend parameters.
- Implemented in
plasmavmc/crates/plasmavmc-firecracker/src/lib.rs to construct backend
from the unified configuration.
- Updated docs/por/T027-production-hardening/task.yaml to mark S0 as complete
and the overall task status as active.
