Harden CrustCore end-to-end trust boundaries#92
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
Why
The prior implementation had several gaps between the documented trust model and the operational path: macOS confinement allowed broad reads, capabilities were constructible as plain data, missing budgets became unlimited, verifier evidence could be cloned, run evidence was not durable, coding no-ops could appear complete, and GitHub integration stopped at an intent instead of executing a verified commit safely.
Impact
Completion now requires real verifier evidence that is authenticated, joined to the durable event log, and persisted before integration. GitHub credentials remain outside worker/verifier sandboxes and are scoped to a validated repository and branch prefix. Nano remains first-party-only and comfortably below its hard size budget.
Verification
cargo xtask verifycargo test --workspace --all-features— 1,119 passing testscargo clippy --workspace --all-targets --all-features -- -D warningscargo audit --deny warningscargo xtask reproduce— reproducible SHA-2565acdede88210ed52c2aa05118237c806a6ea1593e59af12c2f5af381e81a9fdbcargo xtask size-check— nano 444.6 KiB, 55.6% of 800 KiB budgetcargo xtask full-size— all-packs binary 525.8 KiBRisk and rollout
This changes trust-boundary contracts and raises the MSRV to Rust 1.88 for the maintained GitHub App signing stack. Existing optional external-infrastructure live smokes remain explicitly ignored and catalogued by the runbook gate. The PR does not merge, release, or weaken policy autonomously; repository rules and CI remain the final integration gates.