Skip to content

Harden CrustCore end-to-end trust boundaries#92

Merged
RNT56 merged 3 commits into
mainfrom
codex/end-to-end-hardening
Jul 12, 2026
Merged

Harden CrustCore end-to-end trust boundaries#92
RNT56 merged 3 commits into
mainfrom
codex/end-to-end-hardening

Conversation

@RNT56

@RNT56 RNT56 commented Jul 12, 2026

Copy link
Copy Markdown
Owner

What changed

  • made macOS sandbox execution deny host reads and shared temporary writes by default, with exact profile-bound capabilities
  • sealed capability minting, required finite budgets, and made verifier attestations single-use
  • persisted atomic event logs with authenticated receipt-to-frame joins for CLI and daemon tasks
  • rejected false completion from no-op workers and routed terminal tasks through the verifier-owned execution path
  • implemented exact-commit verification followed by confined credential-helper push and draft-PR creation
  • replaced the vulnerable RustCrypto RSA path with AWS-LC-backed JWT signing and added first-party volatile zeroization for nano
  • pinned GitHub Actions, added dependency auditing/Dependabot/CODEOWNERS coverage, and reconciled public documentation

Why

The prior implementation had several gaps between the documented trust model and the operational path: macOS confinement allowed broad reads, capabilities were constructible as plain data, missing budgets became unlimited, verifier evidence could be cloned, run evidence was not durable, coding no-ops could appear complete, and GitHub integration stopped at an intent instead of executing a verified commit safely.

Impact

Completion now requires real verifier evidence that is authenticated, joined to the durable event log, and persisted before integration. GitHub credentials remain outside worker/verifier sandboxes and are scoped to a validated repository and branch prefix. Nano remains first-party-only and comfortably below its hard size budget.

Verification

  • cargo xtask verify
  • cargo test --workspace --all-features — 1,119 passing tests
  • cargo clippy --workspace --all-targets --all-features -- -D warnings
  • cargo audit --deny warnings
  • cargo xtask reproduce — reproducible SHA-256 5acdede88210ed52c2aa05118237c806a6ea1593e59af12c2f5af381e81a9fdb
  • cargo xtask size-check — nano 444.6 KiB, 55.6% of 800 KiB budget
  • cargo xtask full-size — all-packs binary 525.8 KiB
  • macOS CLI run → atomic persist → inspect smoke: intact chain, one authenticated joined receipt, mode-0600 key/log

Risk and rollout

This changes trust-boundary contracts and raises the MSRV to Rust 1.88 for the maintained GitHub App signing stack. Existing optional external-infrastructure live smokes remain explicitly ignored and catalogued by the runbook gate. The PR does not merge, release, or weaken policy autonomously; repository rules and CI remain the final integration gates.

@RNT56 RNT56 merged commit e9aad7e into main Jul 12, 2026
4 checks passed
@RNT56 RNT56 deleted the codex/end-to-end-hardening branch July 12, 2026 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant