Skip to content

fix(kernel): preserve device attenuation across authority views#1238

Merged
joshuajbouw merged 16 commits into
mainfrom
agent/device-attenuation-secondary-views
Jul 15, 2026
Merged

fix(kernel): preserve device attenuation across authority views#1238
joshuajbouw merged 16 commits into
mainfrom
agent/device-attenuation-secondary-views

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1237

Refs #1228 and astrid-runtime/rfcs#36.

Summary

Preserves the authenticating device's attenuation across every kernel authority view touched by capsule inventory, agent/group listing, and pair-device delegation. No product-specific trust path or public wire change is introduced.

Changes

  • centralize canonical device-key resolution with malformed, unknown, and revoked IDs denied
  • pin the authorized principal profile, group config, and resolved device scope at one policy-decision point per request
  • use that exact authorization snapshot for capsule inventory, agent/group visibility, and pair delegation
  • derive the dispatch principal from the snapshot so authority and identity cannot diverge internally
  • preserve existing no-device and Full device behavior
  • validate every explicit pair-scope allow and deny pattern through the canonical typed capability boundary before token persistence
  • require effective self:auth:pair:admin in the common authorization preamble for Full, preset-full, and bare-* scopes
  • preflight pair-specific subset and structural no-escalation rules against the pinned authorization snapshot before recording success
  • record one failure audit row for missing pair-admin, scoped-to-full, and universal subset denials without a preceding success row
  • classify malformed pair request input as an authorized operation failure rather than a permission denial or security event
  • retain issuer denies in every scoped child
  • make profile-cache invalidation generation-aware per principal so an older concurrent disk load cannot republish pre-revocation authority and unrelated principals do not retry
  • refresh idempotent profile persistence directly from the disk state already loaded under the cache write lock, avoiding an unnecessary generation bump and reload while preserving mutation invalidation
  • keep unknown-device assertions at the router authorization boundary rather than private handlers that cannot receive them in production
  • preserve one outward scope-denial reason for malformed, unknown, revoked, and valid scoped denials so authorization responses do not become a device-key existence oracle; structured security logs retain the operator cause
  • add regressions across capsule inventory, agent/group views, pair delegation, explicit issue-to-redeem scope preservation, malformed allow/deny persistence rejection, broad-scope minting, audit outcomes, stale-load publication, cross-principal cache isolation, and outward denial opacity

Verification

  • cargo fmt --all -- --check
  • git diff --check
  • cargo metadata --locked --offline --no-deps --format-version 1
  • deterministic snapshot regressions authorize, revoke and invalidate, prove a later request fails, then prove the in-flight request keeps the authority already audited as allowed
  • focused regressions cover no-device, Full, scoped allow/deny, malformed explicit patterns, unknown, revoked, concurrent stale-profile, cross-principal invalidation, no-escalation audit outcomes, and denial-reason opacity
  • compilation, tests, Clippy, and platform coverage run in repository CI

Checklist

  • Linked to an issue
  • CHANGELOG.md updated under [Unreleased]

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR closes #1237 by ensuring the authenticating device’s DeviceScope attenuation is consistently applied across kernel “secondary” authority views (capsule inventory surfaces, admin agent/group listing, and pair-device delegation), and by hardening profile-cache invalidation against concurrent stale-load republish.

Changes:

  • Centralizes device-scope resolution into a shared helper and applies it to capsule inventory visibility plus agent/group list “global view” gates.
  • Tightens pair-device issuing rules so scoped requests containing a bare * require effective self:auth:pair:admin, and unknown/malformed/revoked device IDs fail closed.
  • Makes astrid-capsule’s PrincipalProfileCache invalidation generation-aware to prevent stale concurrent disk loads from republishing pre-invalidation authority.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
crates/astrid-kernel/src/kernel_router/tests.rs Adds regression coverage asserting device attenuation is preserved across capsule inventory endpoints and unknown/malformed device IDs fail closed.
crates/astrid-kernel/src/kernel_router/mod.rs Wires device_key_id into capsule inventory visibility and centralizes device scope resolution for request authorization and visibility.
crates/astrid-kernel/src/kernel_router/device_scope.rs Introduces shared, fail-closed device-scope resolver for kernel authority checks.
crates/astrid-kernel/src/kernel_router/admin/state_tests.rs Adds regression ensuring agent list global visibility is attenuated by device scope.
crates/astrid-kernel/src/kernel_router/admin/state_tests_group.rs Adds regression ensuring group list global visibility is attenuated by device scope.
crates/astrid-kernel/src/kernel_router/admin/pair_device_tests.rs Expands coverage for unknown/revoked issuer devices, universal * scoped mint gate, and deny inheritance behavior.
crates/astrid-kernel/src/kernel_router/admin/pair_device_handlers.rs Applies authenticated device scope to the issuer effective-capability checks and adds universal * scoped mint gate.
crates/astrid-kernel/src/kernel_router/admin/mod.rs Ensures admin dispatch passes authenticated device id through for secondary views and delegation.
crates/astrid-kernel/src/kernel_router/admin/handlers.rs Applies authenticated device scope when deciding whether AgentList can return the global roster.
crates/astrid-kernel/src/kernel_router/admin/group.rs Applies authenticated device scope when deciding whether GroupList can return the global group view.
crates/astrid-capsule/src/profile_cache.rs Adds generation tracking so invalidation prevents stale concurrent loads from republishing prior profiles.
CHANGELOG.md Documents the security fix under [Unreleased].

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/astrid-kernel/src/kernel_router/admin/state_tests.rs Outdated
Comment thread crates/astrid-kernel/src/kernel_router/admin/state_tests_group.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-capsule/src/profile_cache.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-capsule/src/profile_cache.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated no new comments.

@joshuajbouw
joshuajbouw marked this pull request as ready for review July 14, 2026 18:13
@joshuajbouw
joshuajbouw requested a review from Copilot July 14, 2026 18:14

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-kernel/src/kernel_router/device_scope.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Comment thread crates/astrid-kernel/src/kernel_router/device_scope.rs
Comment thread crates/astrid-kernel/src/kernel_router/device_scope.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-capsule/src/profile_cache.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-kernel/src/kernel_router/mod.rs Outdated
@joshuajbouw
joshuajbouw requested a review from Copilot July 14, 2026 20:48

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated no new comments.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-capsule/src/profile_cache.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated no new comments.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-kernel/src/kernel_router/admin/mod.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated no new comments.

@joshuajbouw
joshuajbouw merged commit 0da5b38 into main Jul 15, 2026
28 checks passed
@joshuajbouw
joshuajbouw deleted the agent/device-attenuation-secondary-views branch July 15, 2026 12:17
joshuajbouw added a commit that referenced this pull request Jul 15, 2026
## Linked Issue

Closes #1256

## Summary

Closes the remaining first-release bootstrap authority fallbacks without
activating the deferred RFC #36 persistence model or adding any
product-specific privilege path.

## Changes

- reject kernel and admin management requests whose IPC envelope has no
valid principal instead of inheriting the `default` administrator
- audit missing and malformed admin callers exactly once as reserved
no-capability `anonymous` before returning the uniform denial
- preserve the local CLI active-principal behavior before requests cross
the kernel boundary
- attribute principal-less connection lifecycle signals to `anonymous`
and ignore malformed identities
- abort kernel construction when default administrator profile/key
seeding or legacy-profile migration fails
- reject `AgentModify` results that remove `default` from the built-in
`admin` group while preserving idempotent remove-plus-add
- keep caller resolution in a focused private module so the management
router remains below the source-file cap
- retain the merged device-attenuation, pair-device input-validation,
issuance-preflight, cache-refresh, and terminal-audit behavior
- add live-router, lifecycle, bootstrap, persistence, administrative,
and pair-authority regression coverage

## Verification

- restacked onto `main` after #1196 and #1238 merged
- signed head: `916238ae54db4e1ea7409a4a82432cc5fe8603a4`
- `cargo fmt --all -- --check`
- `git diff --check origin/main...HEAD`
- `cargo test --locked -p astrid-kernel
admin_router_denies_missing_and_invalid_principals_deterministically --
--nocapture`
- `cargo clippy --locked -p astrid-kernel --all-features --tests -- -D
warnings`
- replacement GitHub CI is the complete integration and execution gate

## Checklist

- [x] Linked to an issue
- [x] CHANGELOG.md updated under `[Unreleased]`

No release is created or published by this change.
joshuajbouw added a commit that referenced this pull request Jul 15, 2026
## Linked Issue

Closes #1239

Refs #1237 and astrid-runtime/rfcs#36.

## Summary

Carries the authenticated device into capsule dispatch so execution and
inventory use the same live authority already enforced at the kernel
boundary. The change is generic to Astrid and introduces no
product-specific role or trust path.

## Changes

- resolve one principal/profile/group/device snapshot per stamped event
- reject disabled, malformed, unknown, and revoked identities before
matching or grant signalling
- use device-effective `capsule:list` only for global describe
visibility
- activate exact device-effective `capsule:access:any` for unrestricted
execution and candidate expansion
- preserve exact per-principal capsule grants, no-device/`Full`
behavior, and principal-less lifecycle dispatch
- emit one `GrantRequired` only for a valid in-view denied match
- preserve legacy dispatch when no access resolver is installed
- preserve merged authority-cache refresh, pairing preflight, audit
classification, and caller-boundary audit behavior
- require base `self:auth:pair` authority for pair issuance while
retaining the additional `self:auth:pair:admin` gate and elevated audit
classification for Full, preset-Full, and explicit-universal scopes
- add a dedicated device-scope dispatch regression suite

## Verification

- restacked onto `main` after #1196, #1238, and #1257 merged
- signed head: `57ec31340db1a1749d5f137a25f4352bb6cb401f`
- `cargo fmt --all -- --check`
- `git diff --check origin/main...HEAD`
- `cargo test --locked -p astrid-capsule` — 563 passed
- `cargo test --locked -p astrid-kernel
admin_cap_without_base_pair_capability_cannot_issue_full_token --
--nocapture`
- `cargo clippy --locked -p astrid-capsule -p astrid-kernel
--all-features --tests -- -D warnings`
- replacement GitHub CI is the complete integration and execution gate

## Checklist

- [x] Linked to an issue
- [x] CHANGELOG.md updated under `[Unreleased]`

No release is created or published by this change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Apply device attenuation to every kernel authority view

2 participants