Skip to content

fix(session-key): name missing permissions in Synapse.create error#805

Merged
juliangruber merged 1 commit into
masterfrom
julian/session-key-permission-errors
May 29, 2026
Merged

fix(session-key): name missing permissions in Synapse.create error#805
juliangruber merged 1 commit into
masterfrom
julian/session-key-permission-errors

Conversation

@juliangruber
Copy link
Copy Markdown
Member

@juliangruber juliangruber commented May 28, 2026

Summary

Closes #695. Implements the plan from BigLep's comment on that issue: update the docs to capture the session-key philosophy, and replace the generic error with a more informative one.

What changed

  • Informative error in Synapse.create (packages/synapse-sdk/src/synapse.ts:61). The previous message was a single line that didn't tell the caller which permission was missing. The new message:

    • Names each missing permission by its EIP-712 type (CreateDataSet, AddPieces, SchedulePieceRemovals, TerminateService)
    • Distinguishes "not authorized" (expiry === 0n) from "expired at <ISO timestamp>"
    • Suggests calling SessionKey.login + syncExpirations to extend, or dropping to @filoz/synapse-core for a narrower scope
    • Links to https://docs.filecoin.cloud/developer-guides/session-keys/

  • New PermissionNames export (packages/synapse-core/src/session-key/permissions.ts). A Record<Hex, string> mapping each FWSS permission hash to its human-readable EIP-712 type name, reusable in error messages and debug output.

  • Docs: philosophy section (docs/src/content/docs/developer-guides/session-keys.mdx). New "All-or-nothing in @filoz/synapse-sdk" subsection under "Use with the Synapse class" documenting that Synapse.create requires all four FWSS permissions by design, and pointing users who want a narrower scope at @filoz/synapse-core.

Out of scope

SgtPooki's later comment proposes a requiredPermissions?: Permission[] option on SynapseOptions to let callers opt into a narrower required set without leaving Synapse.create. Not included here — happy to do that as a follow-up if you want to keep this PR focused on the agreed-upon error + docs change.

Test plan

  • pnpm run build clean
  • pnpm run lint clean
  • All 254 node tests in @filoz/synapse-sdk pass, including two new tests in packages/synapse-sdk/src/test/session-keys.test.ts:
    • asserts the error names "AddPieces (not authorized)" and "SchedulePieceRemovals (expired at ...)" while omitting the two valid permissions, and includes the synapse-core suggestion + docs link
    • asserts Synapse.create succeeds when all four permissions are valid

🤖 Generated with Claude Code

@juliangruber @claude
fix(session-key): name missing permissions in Synapse.create error
455d3d6 
Previously, Synapse.create threw a single generic "Session key does not
have the required permissions" message, leaving the caller to guess
which of the four FWSS permissions were missing or expired. The error
now lists each missing permission by its EIP-712 type name, distinguishes
"not authorized" (expiry === 0n) from "expired at <ISO timestamp>",
points to @filoz/synapse-core as the escape hatch for narrower permission
scopes, and links to the session keys docs.

Also adds a "All-or-nothing in @filoz/synapse-sdk" subsection to the
session keys guide documenting the philosophy: synapse-sdk requires all
DefaultFwssPermissions; use synapse-core directly for selective scopes.

Exports a new PermissionNames map from @filoz/synapse-core/session-key
mapping each FWSS permission hash to its human-readable EIP-712 type
name, for reuse in error messages and debug output.

Closes #695.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-project-automation github-project-automation Bot moved this to 📌 Triage in FOC May 28, 2026
@juliangruber juliangruber mentioned this pull request May 28, 2026
Open
3 tasks
@juliangruber juliangruber self-assigned this May 28, 2026
@juliangruber juliangruber moved this from 📌 Triage to 🔎 Awaiting review in FOC May 28, 2026
@juliangruber juliangruber added this to the M4.2: mainnet GA milestone May 28, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 28, 2026

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 synapse-dev 455d3d6 Commit Preview URL

Branch Preview URL		 May 28 2026, 01:32 PM

rvagg
rvagg approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@rvagg rvagg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that there's a verbose error message; but I suppose it's not bad in an AI world where agents read these things

@github-project-automation github-project-automation Bot moved this from 🔎 Awaiting review to ✔️ Approved by reviewer in FOC May 29, 2026
@juliangruber
Copy link
Copy Markdown
Member Author

juliangruber commented May 29, 2026

Yeah, it might be a bit too nice for an error string, but that's also a good problem to have. Let's revisit if there's additional feedback

@juliangruber juliangruber merged commit 000d276 into master May 29, 2026
6 of 13 checks passed
@juliangruber juliangruber deleted the julian/session-key-permission-errors branch May 29, 2026 11:14
@github-project-automation github-project-automation Bot moved this from ✔️ Approved by reviewer to 🎉 Done in FOC May 29, 2026
This was referenced May 23, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rvagg rvagg rvagg approved these changes

@hugomrdias hugomrdias Awaiting requested review from hugomrdias hugomrdias is a code owner

Assignees

@juliangruber juliangruber

Labels

None yet

Projects

FOC
Status: 🎉 Done

Milestone

M4.2: mainnet GA

Development

Successfully merging this pull request may close these issues.

Update SDK session key error string & docs

2 participants

@juliangruber @rvagg