Skip to content

harden provider-bound identity#100

Open
anupsv wants to merge 3 commits into
masterfrom
codex/provider-bound-identity
Open

harden provider-bound identity#100
anupsv wants to merge 3 commits into
masterfrom
codex/provider-bound-identity

Conversation

@anupsv
Copy link
Copy Markdown
Contributor

@anupsv anupsv commented Apr 29, 2026

Summary

This PR hardens the provider-bound identity path and the release/install pipeline around it.

Changes include:

  • adds an entitlement-gated, persistent Secure Enclave provider identity under the Darkbloom keychain access group
  • signs provider registration and challenge claims with that provider-bound identity
  • gates private text routing on verified provider identity when enabled
  • fails closed on missing or unknown provider binary hashes when known-good hashes are configured
  • revokes live provider trust when release binary hash policy changes
  • requires release bundle_hash metadata and validates updates before extraction/install
  • verifies installed/staged binaries for code signature, Team ID, provider access-group entitlement, and Gatekeeper acceptance
  • prevents unsafe update tarballs with path traversal or link entries
  • avoids fixed /tmp update archive paths in the Rust updater and shell installers
  • stops restoring security trust state across provider reconnects

Security note

This hardens fork resistance by binding claims to a Secure Enclave key that should only be accessible to binaries signed with the expected Team ID and keychain access group. It does not replace full OS-backed runtime measurement of the currently executing provider process; the coordinator still needs a stronger trusted provisioning/attestation chain for that class of assurance.

Validation

  • go test ./internal/api ./cmd/coordinator
  • go test ./internal/attestation ./internal/protocol ./internal/registry ./internal/api ./cmd/coordinator
  • swift test in enclave
  • cargo test --quiet --no-default-features provider_identity
  • cargo test --quiet --no-default-features coordinator::tests
  • cargo test --quiet --no-default-features protocol::tests
  • cargo test --quiet --no-default-features test_auto_update_check
  • cargo test --quiet --no-default-features test_parse_codesign_team_identifier
  • bash -n scripts/install.sh coordinator/internal/api/install.sh scripts/build-bundle.sh scripts/bundle-app.sh
  • plutil -p scripts/entitlements.plist
  • git diff --check

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
d-inference Ready Ready Preview Apr 30, 2026 5:11pm
d-inference-console-ui-dev Ready Ready Preview Apr 30, 2026 5:11pm
d-inference-landing Ready Ready Preview Apr 30, 2026 5:11pm

Request Review

github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 29, 2026
View reviewed changes
Comment thread provider/src/coordinator.rs Fixed
Comment thread provider/src/coordinator.rs Fixed
@anupsv anupsv changed the title [codex] harden provider-bound identity harden provider-bound identity Apr 29, 2026
@anupsv anupsv marked this pull request as ready for review April 29, 2026 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anupsv @github-advanced-security