Summary#
- Add recovery override module (
recovery.rs) with fork-point identification, 72-hour recovery window check, counter-operation construction, and per-DID device key signing (macOS/simulator software P-256 + iOS Secure Enclave) - Implement
build_recovery_override_cmdandsubmit_recovery_override_cmdTauri IPC commands with TypeScript wrappers, enabling the frontend to build and submit recovery operations to plc.directory - Add
RecoveryOverrideScreenSvelte component with operation diff display (+/-/~ indicators for keys and services), deadline countdown, confirm/cancel flow, and wire it into the navigation state machine fromAlertDetailScreen
Acceptance Criteria Coverage#
| AC | Description | Coverage |
|---|---|---|
| AC7.1 | prev points to fork point CID |
Unit + integration test |
| AC7.2 | Restores pre-unauthorized rotationKeys, services, verificationMethods | Unit + integration test |
| AC7.3 | Signed by device key | Integration test (#[ignore]) |
| AC7.4 | POSTs to plc.directory, updates cache | Integration test (#[ignore]) |
| AC7.5 | RECOVERY_WINDOW_EXPIRED after 72h | 6 unit tests |
| AC7.6 | UI shows diff with confirm/cancel | Human verification (test plan) |
| AC7.7 | Multiple unauthorized ops → earliest fork point | 2 unit tests |
Test plan#
-
cargo test -p identity-wallet recovery— 16 pass, 2 ignored -
cargo clippy -p identity-wallet -- -D warnings— clean -
cargo fmt --all --check— clean -
npx tsc --noEmit— clean -
pnpm build— succeeds -
cargo test -p identity-wallet -- --ignored— requires non-sandboxed environment (httpmock socket binding) - Human test plan at
docs/test-plans/2026-03-31-recovery-override.md