feat(core): populate passive capability baseline#1236
Open
joshuajbouw wants to merge 1 commit into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Populates Astrid’s passive, content-addressed capability registry with the full 51-entry migration baseline, binding each fixed capability ID to immutable authorization semantics and freezing the canonical entry/manifest digests, while keeping current runtime authorization behavior unchanged.
Changes:
- Build and expose the 51-entry
migration_baseline_registry()with fixed scope, target kinds, delegability, privilege, provenance, and display danger. - Add/extend drift tests to ensure every kernel/admin enforcement mapping resolves to a registered baseline entry and that baseline role classifications remain exhaustive/disjoint.
- Freeze and verify golden entry digests and the aggregate manifest digest; update
CHANGELOG.mdunder[Unreleased].
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| crates/astrid-kernel/src/kernel_router/capability_catalog_tests.rs | Updates drift tests to require kernel/admin capability mappings to resolve to a migration-baseline registry entry and adds baseline classification assertions. |
| crates/astrid-kernel/src/kernel_router/admin/tests.rs | Extends admin request-variant inventory in tests to cover newly added admin request variants. |
| crates/astrid-core/src/capability_registry/tests.rs | Adds comprehensive tests ensuring the baseline registry definitions, catalog metadata preservation, and frozen digest vectors are stable and verified. |
| crates/astrid-core/src/capability_registry.rs | Implements the 51-entry migration baseline registry generator, including fixed semantics, display-danger sourcing, and new baseline-definition error variants. |
| CHANGELOG.md | Documents the new passive migration-baseline semantics and digest freezing under [Unreleased]. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #1235
Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36.
Summary
Populates the passive 51-entry authority migration baseline on top of #1234. Existing authorization, wildcard evaluation, persisted state, socket behavior, and wire contracts remain unchanged.
Changes
Verification
cargo fmt --all -- --checkcargo metadata --locked --no-deps --format-version 1git diff --checkChecklist
[Unreleased]