Harden Code Bridge provenance metadata by shiny-code-bot · Pull Request #110 · cbusillo/codex-lab

shiny-code-bot · 2026-06-16T18:24:54Z

Summary

validate Code Bridge client labels and provenance metadata during hello
restrict provenance URLs to bounded HTTPS identity links without credentials, ports, query strings, fragments, localhost, private IPs, or IPv4-mapped private IPv6 hosts
restrict request id, trace id, and environment label provenance to short ASCII tokens
document the provenance privacy boundary for Launchplane-style correlation while keeping Launchplane out of the bridge runtime
reject invalid provenance at the service HTTP boundary before client registration

Refs #49

cargo fmt --manifest-path codex-rs/Cargo.toml --package codex-code-bridge-protocol --package codex-code-bridge-service -- --check
cargo test --manifest-path codex-rs/Cargo.toml -p codex-code-bridge-protocol --no-fail-fast
cargo test --manifest-path codex-rs/Cargo.toml -p codex-code-bridge-service --no-fail-fast

Protocol/security review recommended metadata validation, URL shape validation, token-like provenance IDs, and README clarification.
Final review found an IPv6 private-range gap; this PR now rejects unique-local, link-local, and IPv4-mapped private IPv6 provenance hosts and covers them in tests.

Harden Code Bridge provenance metadata

ba05a27

shiny-code-bot merged commit e9fba63 into main Jun 16, 2026
6 checks passed

shiny-code-bot deleted the code-bridge-launchplane-provenance branch June 16, 2026 18:40

shiny-code-bot mentioned this pull request Jun 16, 2026

Plan Launchplane provenance hooks for Code Bridge #49

Closed

5 tasks