Add author preconfiguration

[fill-the-fill]

• Update documentation
• Fix issue Bug rationale signature #114 by putting the signature inside a "witness" field.
• Fix error on incorrect signature

• Add author signature pre-configuartion

• Clean UI for author signatures not extending outside of the box

• Give each author sig a checkmark based on api author verification

[mpizenberg]

I’ve made a first quick read of the PR and pointed to some things that we should change, as well as questions that might lead to doing things differently.

[mpizenberg]

"signature" can not be part of the pre-configuration, as you can’t pre-sign a non-existing rationale. So let’s also leave the witness out, as the witness will be fully provided by the person when signing. So let’s only support name-only for pre-configurations.

[fill-the-fill]

Resolved in 63620a3

[mpizenberg]

Why does it need to be handled here again? compared to voterPreconfig which isn’t handled here?

[fill-the-fill]

Resolved in d0ea2e1

[mpizenberg]

Let’s not do 3 different formats here, we should only support one format which has the shape of the one in the CIP:

  "authors": [
    {
      "name": "Ryan Williams",
      "witness": {
        "witnessAlgorithm": "CIP-0008",
        "publicKey": "7ea09a34...37480a",
        "signature": "84582a...71409"
      }
    }

We can require that the environment variable to provide pre-defined authors just provide the name anyway, without witness, because the full witness will be generated by the signature creation.

[fill-the-fill]

Resolved in d8a944d

[mpizenberg]

Is this manually done everywhere else? or is there already a function doing that at the other places where we do the conversion?

[fill-the-fill]

There are multiple places where the IPFS to HTTPS is done manually instead of using the ipfsToHttpsUrl function. For consistency I will make them all use the same function from Helper.

[fill-the-fill]

Resolved in 09083c7

[mpizenberg]

I’m curious, why not make the request directly? Is it because of CORS? Because any request we send through the server before going to final destination double the traffic and the server costs. If it’s just CORS, we should modify the verifycardanomessage server to accept direct request from the domains we use for the voting tool. Also, let’s move that into the Api module, which contains all requests of the website.

[mpizenberg]

Let’s avoid sending a request and make the verify server work for every proposal metada we receive. We can make the request only when a proposal is selected. This will significantly reduce both the traffic and the cpu usage for the verify server.

[mpizenberg]

Let’s not manipulate stringly typed errors. If we want to identify a specific type of error, let’s return a typed error in the decoder.

[fill-the-fill]

Resolved in 7547fc8

[mpizenberg]

Since we only need 1 field which is the cip100Verification field, let’s just pass that field instead of the whole model.

[fill-the-fill]

Resolved in c001977

[mpizenberg]

Cool to see that the verify website also has an API endpoint now for verifications. Though as suggested in the review above, we should be using it more sparingly, only after proposal selection, instead of when loading proposals.

Thanks for sharing some visuals also! This way I don’t have to run the thing immediately. Some remarks:

• In the blue preconfigured thing. It doesn’t seem to me like we need any "preconfigured" marker. Also we should remove the "this author does not require a cryptographic signature" comment. As adding pre-configured names, does not prevent people to sign for these authors.
• In the list of authors, let’s be careful and not add a "verified" checkmark just aside the author name. Let’s be explicit that the tool verified the signature only, but has no idea if the author is who they claim to be. It’s still the responsibility of the app user to make sure that for example here "Elder Millenial" public key matches the true Elder Millenial person. And this is outside the responsibility of the voting app. So instead we should maybe add a 3rd field with something like: "Signature: verified", or something like that.

[fill-the-fill]

Cool to see that the verify website also has an API endpoint now for verifications. Though as suggested in the review above, we should be using it more sparingly, only after proposal selection, instead of when loading proposals.

Thanks for sharing some visuals also! This way I don’t have to run the thing immediately. Some remarks:

• In the blue preconfigured thing. It doesn’t seem to me like we need any "preconfigured" marker. Also we should remove the "this author does not require a cryptographic signature" comment. As adding pre-configured names, does not prevent people to sign for these authors.
• In the list of authors, let’s be careful and not add a "verified" checkmark just aside the author name. Let’s be explicit that the tool verified the signature only, but has no idea if the author is who they claim to be. It’s still the responsibility of the app user to make sure that for example here "Elder Millenial" public key matches the true Elder Millenial person. And this is outside the responsibility of the voting app. So instead we should maybe add a 3rd field with something like: "Signature: verified", or something like that.

Resolved in f0a6c1c, f62e959 and a2ed9a6

[Copilot]

Pull Request Overview

This PR adds author signature preconfiguration functionality to streamline rationale authoring, fixes CIP-100 signature structure to use nested "witness" fields, and enhances UI for signature verification. The changes focus on improving author management and signature validation workflows.

• Add support for preconfigured authors that can be set via environment variables
• Update CIP-100 signature structure to use nested "witness" format per standard
• Implement automatic signature verification with visual feedback and status indicators

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
frontend/static/index.html	Add author preconfiguration transformation and initialization
frontend/src/ProposalMetadata.elm	Update decoder to use CIP-100 nested witness format
frontend/src/Page/Preparation.elm	Add CIP-100 verification API, signature validation, and author preconfiguration support
frontend/src/Page/Cart.elm	Replace local IPFS URL conversion with shared helper function
frontend/src/Main.elm	Thread author preconfiguration through application state
frontend/src/Helper.elm	Add shared IPFS URL conversion utility and improve text wrapping
frontend/src/Api.elm	Use shared IPFS URL conversion helper
backend/server.py	Add preconfigured authors environment variable support
backend/README.md	Document new author preconfiguration environment variable
backend/.env.example	Add example configuration for preconfigured authors

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}