fix(kernel): preserve device attenuation across authority views#1238
Merged
Conversation
This was referenced Jul 14, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR closes #1237 by ensuring the authenticating device’s DeviceScope attenuation is consistently applied across kernel “secondary” authority views (capsule inventory surfaces, admin agent/group listing, and pair-device delegation), and by hardening profile-cache invalidation against concurrent stale-load republish.
Changes:
- Centralizes device-scope resolution into a shared helper and applies it to capsule inventory visibility plus agent/group list “global view” gates.
- Tightens pair-device issuing rules so scoped requests containing a bare
*require effectiveself:auth:pair:admin, and unknown/malformed/revoked device IDs fail closed. - Makes
astrid-capsule’sPrincipalProfileCacheinvalidation generation-aware to prevent stale concurrent disk loads from republishing pre-invalidation authority.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| crates/astrid-kernel/src/kernel_router/tests.rs | Adds regression coverage asserting device attenuation is preserved across capsule inventory endpoints and unknown/malformed device IDs fail closed. |
| crates/astrid-kernel/src/kernel_router/mod.rs | Wires device_key_id into capsule inventory visibility and centralizes device scope resolution for request authorization and visibility. |
| crates/astrid-kernel/src/kernel_router/device_scope.rs | Introduces shared, fail-closed device-scope resolver for kernel authority checks. |
| crates/astrid-kernel/src/kernel_router/admin/state_tests.rs | Adds regression ensuring agent list global visibility is attenuated by device scope. |
| crates/astrid-kernel/src/kernel_router/admin/state_tests_group.rs | Adds regression ensuring group list global visibility is attenuated by device scope. |
| crates/astrid-kernel/src/kernel_router/admin/pair_device_tests.rs | Expands coverage for unknown/revoked issuer devices, universal * scoped mint gate, and deny inheritance behavior. |
| crates/astrid-kernel/src/kernel_router/admin/pair_device_handlers.rs | Applies authenticated device scope to the issuer effective-capability checks and adds universal * scoped mint gate. |
| crates/astrid-kernel/src/kernel_router/admin/mod.rs | Ensures admin dispatch passes authenticated device id through for secondary views and delegation. |
| crates/astrid-kernel/src/kernel_router/admin/handlers.rs | Applies authenticated device scope when deciding whether AgentList can return the global roster. |
| crates/astrid-kernel/src/kernel_router/admin/group.rs | Applies authenticated device scope when deciding whether GroupList can return the global group view. |
| crates/astrid-capsule/src/profile_cache.rs | Adds generation tracking so invalidation prevents stale concurrent loads from republishing prior profiles. |
| CHANGELOG.md | Documents the security fix under [Unreleased]. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
joshuajbouw
force-pushed
the
agent/device-attenuation-secondary-views
branch
from
July 15, 2026 01:33
5b5cbcd to
b93409c
Compare
This was referenced Jul 15, 2026
This was referenced Jul 15, 2026
joshuajbouw
added a commit
that referenced
this pull request
Jul 15, 2026
## Linked Issue Closes #1256 ## Summary Closes the remaining first-release bootstrap authority fallbacks without activating the deferred RFC #36 persistence model or adding any product-specific privilege path. ## Changes - reject kernel and admin management requests whose IPC envelope has no valid principal instead of inheriting the `default` administrator - audit missing and malformed admin callers exactly once as reserved no-capability `anonymous` before returning the uniform denial - preserve the local CLI active-principal behavior before requests cross the kernel boundary - attribute principal-less connection lifecycle signals to `anonymous` and ignore malformed identities - abort kernel construction when default administrator profile/key seeding or legacy-profile migration fails - reject `AgentModify` results that remove `default` from the built-in `admin` group while preserving idempotent remove-plus-add - keep caller resolution in a focused private module so the management router remains below the source-file cap - retain the merged device-attenuation, pair-device input-validation, issuance-preflight, cache-refresh, and terminal-audit behavior - add live-router, lifecycle, bootstrap, persistence, administrative, and pair-authority regression coverage ## Verification - restacked onto `main` after #1196 and #1238 merged - signed head: `916238ae54db4e1ea7409a4a82432cc5fe8603a4` - `cargo fmt --all -- --check` - `git diff --check origin/main...HEAD` - `cargo test --locked -p astrid-kernel admin_router_denies_missing_and_invalid_principals_deterministically -- --nocapture` - `cargo clippy --locked -p astrid-kernel --all-features --tests -- -D warnings` - replacement GitHub CI is the complete integration and execution gate ## Checklist - [x] Linked to an issue - [x] CHANGELOG.md updated under `[Unreleased]` No release is created or published by this change.
joshuajbouw
added a commit
that referenced
this pull request
Jul 15, 2026
## Linked Issue Closes #1239 Refs #1237 and astrid-runtime/rfcs#36. ## Summary Carries the authenticated device into capsule dispatch so execution and inventory use the same live authority already enforced at the kernel boundary. The change is generic to Astrid and introduces no product-specific role or trust path. ## Changes - resolve one principal/profile/group/device snapshot per stamped event - reject disabled, malformed, unknown, and revoked identities before matching or grant signalling - use device-effective `capsule:list` only for global describe visibility - activate exact device-effective `capsule:access:any` for unrestricted execution and candidate expansion - preserve exact per-principal capsule grants, no-device/`Full` behavior, and principal-less lifecycle dispatch - emit one `GrantRequired` only for a valid in-view denied match - preserve legacy dispatch when no access resolver is installed - preserve merged authority-cache refresh, pairing preflight, audit classification, and caller-boundary audit behavior - require base `self:auth:pair` authority for pair issuance while retaining the additional `self:auth:pair:admin` gate and elevated audit classification for Full, preset-Full, and explicit-universal scopes - add a dedicated device-scope dispatch regression suite ## Verification - restacked onto `main` after #1196, #1238, and #1257 merged - signed head: `57ec31340db1a1749d5f137a25f4352bb6cb401f` - `cargo fmt --all -- --check` - `git diff --check origin/main...HEAD` - `cargo test --locked -p astrid-capsule` — 563 passed - `cargo test --locked -p astrid-kernel admin_cap_without_base_pair_capability_cannot_issue_full_token -- --nocapture` - `cargo clippy --locked -p astrid-capsule -p astrid-kernel --all-features --tests -- -D warnings` - replacement GitHub CI is the complete integration and execution gate ## Checklist - [x] Linked to an issue - [x] CHANGELOG.md updated under `[Unreleased]` No release is created or published by this change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #1237
Refs #1228 and astrid-runtime/rfcs#36.
Summary
Preserves the authenticating device's attenuation across every kernel authority view touched by capsule inventory, agent/group listing, and pair-device delegation. No product-specific trust path or public wire change is introduced.
Changes
Fulldevice behaviorself:auth:pair:adminin the common authorization preamble forFull, preset-full, and bare-*scopesVerification
cargo fmt --all -- --checkgit diff --checkcargo metadata --locked --offline --no-deps --format-version 1Full, scoped allow/deny, malformed explicit patterns, unknown, revoked, concurrent stale-profile, cross-principal invalidation, no-escalation audit outcomes, and denial-reason opacityChecklist
[Unreleased]