add dev into main #161
Open
manzil-infinity180 wants to merge 26 commits into
Open
Conversation
) * feat(rego): auto-wrap fragment policies missing package declaration Fragments without a `package` declaration now auto-wrap under `package aflock.evaluator` with `future.keywords` imported. Sources that already declare a package are passed through unchanged. Closes #90 Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * test(rego): cover contains() builtin in fragment policy Regression for the docs/paper §3.2 example — confirms the future.keywords.contains import in autoWrapHeader doesn't shadow the contains(haystack, needle) string builtin. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> --------- Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
…n empty (#93) * fix(attestation): drop dangling @ in agentIdentity.binary when version empty CreateActionAttestation formatted the binary field as "%s@%s" (Name, Version), so peer-cred-attested attestations — where Version is intentionally empty — emitted strings like "socat1@" with a trailing @. Now only appends "@<version>" when Version is non-empty, matching the canonical-string code in internal/identity/agent.go. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * fix(attestation): also guard against empty Name producing "@<version>" Symmetric edge case to the empty-Version dangling @: if Name is missing but Version was defaulted, the predicate would emit a leading "@0.0.0". Now require both halves to be non-empty before joining. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> --------- Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
…102) initAuth always created a fresh ephemeral key, so the JWT identity diverged from the SPIRE-backed attestation identity. Now reuses the SVID's ECDSA P-256 key (kid = SPIFFE ID) when signingMode is spire. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
SessionStart now writes the issuer's ECDSA pubkey to <session-dir>/jwt-pubkey.pem (0600) so PreToolUse — a separate subprocess — can reconstruct a validation-only issuer and reject tampered tokens or out-of-scope tool calls. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
) * feat(hooks): validate JWT in PreToolUse via persisted public key SessionStart now writes the issuer's ECDSA pubkey to <session-dir>/jwt-pubkey.pem (0600) so PreToolUse — a separate subprocess — can reconstruct a validation-only issuer and reject tampered tokens or out-of-scope tool calls. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * feat(attestation): bind JWT claims to action attestation predicate Action attestations gain a jwtBinding field (sessionID, jti, kid, policy digest, token sha256, allowed/denied tools), so verifiers can prove the action was signed only because a token with the listed scope was presented. Wired through MCP and hooks; replay/tests use the variadic-nil path. Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
* fix(hooks): pin signer pubkey to close Stop-gate forgery * fix(hooks): force ephemeral signing in hooks mode so SessionStart pin matches PostToolUse attestations Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
* fix(mcp): gate HTTP get_token on one-time bootstrap secret to close unauthenticated token dispenser * fix(mcp): defer HTTP bootstrap-secret consumption until IssueToken succeeds and allow JWT-based refresh Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
… active (#110) Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
…ses match the JWT-bound digest (#115) Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
… same-policy spawns don't overwrite each other (#114) Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
…Use (#112) * fix(hooks): match Agent/Task spawns to declared sublayouts at PreToolUse and refuse mismatches * fix(hooks): parse subagent_type for tool name 'Agent' too — Claude Code uses 'Agent' as the spawn tool, not 'Task' * test(hooks): cover toolName='Agent' in spawn-matching so the real-Claude bug can't regress * test(hooks): scrub shared propagation dir per test so PR #114 accumulate-per-write semantics don't leak across tests Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
…dit can group child attestations under their declared slot (#113) Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
* fix(verify): match child to its bound sublayout, not any orphan * feat(verify): apply Sublayout.Inherit overlay at recursive verify --------- Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
* feat(mcp): expose paper-named tools Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * fix(mcp): tighten aflock_delegate per copilot review Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * fix(mcp): scope-check aflock_delegate and alias-aware sign_attestation Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> --------- Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
) * fix(verify): prove paper §4.4 Order and Distance on session merkle Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * fix(verify): preserve merkle stability + handle mixed-version sessions Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> * fix(verify): renumber Seq on subagent merge; honest Completeness comment Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com> --------- Signed-off-by: Rahul Vishwakarma <rahulvs2809@gmail.com>
Keep dev's direct sigstore/fulcio dep and go 1.26.3; honor main's dependabot bumps (go-git/v5 5.19.1 + transitive x/* and go-billy/securejoin/sha1cd/cpuid). Reconciled with go mod tidy; go build ./... and go mod verify pass.
Docs Preview
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.