feat(release): make BLAKE3 the primary integrity manifest#1251
Closed
joshuajbouw wants to merge 12 commits into
Closed
feat(release): make BLAKE3 the primary integrity manifest#1251joshuajbouw wants to merge 12 commits into
joshuajbouw wants to merge 12 commits into
Conversation
joshuajbouw
force-pushed
the
agent/release-blake3
branch
from
July 15, 2026 02:03
bfa09c0 to
2d9a520
Compare
2 tasks
joshuajbouw
force-pushed
the
agent/release-blake3
branch
2 times, most recently
from
July 15, 2026 07:46
f3fe9c3 to
3d61c46
Compare
joshuajbouw
marked this pull request as ready for review
July 15, 2026 07:47
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Astrid’s owned integrity and identifier surfaces to use domain-separated BLAKE3 by default, while preserving externally required SHA-256 compatibility (notably via a signed SHA256SUMS.txt alongside a new primary BLAKE3SUMS.txt). It also tightens update-time and manifest parsing rules and carries through related schema/versioning and security/authorization snapshot improvements across the kernel/admin surfaces.
Changes:
- Make
BLAKE3SUMS.txtthe required primary release integrity manifest forastrid update, with strict parsing and fail-closed behavior; keep a signedSHA256SUMS.txtcompatibility manifest and update the release workflow to publish/sign/attest both. - Migrate Astrid-owned token/key identifiers and fingerprints to typed, domain-separated BLAKE3 (
blake3:<hex>), adding explicit on-disk schema envelopes and invalidating legacy SHA-256 stores that can’t be safely migrated. - Ensure device-scope attenuation is applied consistently by pinning an authorization snapshot through kernel/admin request handling and expanding regression coverage.
Reviewed changes
Copilot reviewed 42 out of 43 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| e2e/fixtures/compat/legacy-sha-pair-token.toml | Adds a compatibility fixture for legacy SHA-256 pair-token store invalidation. |
| e2e/fixtures/compat/legacy-pair-token-without-scope.toml | Updates fixture to schema v1 + typed BLAKE3 token hash format. |
| docs/gateway-client.md | Updates guidance to use b3sum for spec hashing. |
| docs/distro-signing.md | Updates distro signing guidance/examples to BLAKE3 (b3sum -c). |
| docs/config.md | Updates documented binary_hash format to blake3:<hex>. |
| crates/astrid-mcp/src/config.rs | Switches MCP binary pin verification to blake3:<hex> parsing/formatting with tests. |
| crates/astrid-kernel/src/pair_token.rs | Migrates pair-token identifiers to typed BLAKE3 + schema envelope + invalidation rules/tests. |
| crates/astrid-kernel/src/kernel_router/tests.rs | Expands router tests to validate device-scope attenuation and snapshot behavior. |
| crates/astrid-kernel/src/kernel_router/mod.rs | Refactors authorization to return a pinned snapshot; uses it for inventory visibility checks. |
| crates/astrid-kernel/src/kernel_router/device_scope.rs | Introduces shared device-scope resolution helper for fail-closed behavior. |
| crates/astrid-kernel/src/kernel_router/admin/tests.rs | Adds coverage for pair-issue capability mapping changes (pair-admin vs pair). |
| crates/astrid-kernel/src/kernel_router/admin/state_tests.rs | Adds state tests for agent-list attenuation and authorization snapshot behavior. |
| crates/astrid-kernel/src/kernel_router/admin/state_tests_group.rs | Adds state tests for group-list attenuation and authorization snapshot behavior. |
| crates/astrid-kernel/src/kernel_router/admin/pair_device_tests.rs | Expands acceptance tests for pairing no-escalation, malformed scope, and snapshot dispatch. |
| crates/astrid-kernel/src/kernel_router/admin/pair_device_handlers.rs | Refactors pair issuance validation/preflight and integrates pinned authorization snapshot. |
| crates/astrid-kernel/src/kernel_router/admin/mod.rs | Refactors admin authorization/audit flow; adds preflight for pair issuance and correct audit outcomes. |
| crates/astrid-kernel/src/kernel_router/admin/invite_handlers.rs | Switches invite key fingerprinting and revoke matching to BLAKE3-era identifiers with tests. |
| crates/astrid-kernel/src/kernel_router/admin/handlers.rs | Threads authorization snapshot/device scope through agent/group listing and pair dispatch. |
| crates/astrid-kernel/src/kernel_router/admin/group.rs | Applies device-scope attenuation and authorization snapshot to group listing. |
| crates/astrid-kernel/src/kernel_router/admin/enforcement_tests.rs | Adds audit enforcement tests for pair-issue allow/deny/bad-input outcomes. |
| crates/astrid-kernel/src/invite.rs | Migrates invite-token identifiers to typed BLAKE3 + schema envelope + invalidation rules/tests. |
| crates/astrid-kernel/Cargo.toml | Removes direct sha2 dependency from the kernel crate. |
| crates/astrid-integration-tests/tests/compatibility_fixtures.rs | Adds integration coverage for legacy SHA pair-token invalidation behavior. |
| crates/astrid-gateway/src/routes/invites.rs | Updates OpenAPI docs/comments to reflect typed invite tokens and BLAKE3 fingerprints. |
| crates/astrid-gateway/src/routes/env.rs | Removes dictionary-testable env value fingerprint logging and updates docs/comments. |
| crates/astrid-gateway/src/routes/auth.rs | Updates request/response schema docs for typed invite/pair tokens and BLAKE3 key fingerprints. |
| crates/astrid-gateway/Cargo.toml | Removes direct sha2 dependency from the gateway crate. |
| crates/astrid-crypto/src/prelude.rs | Exports new identifier/fingerprint types in the crypto prelude. |
| crates/astrid-crypto/src/lib.rs | Adds and re-exports the identifier module/types. |
| crates/astrid-crypto/src/identifier.rs | Introduces domain-separated BLAKE3 identifier and Ed25519 public-key fingerprint primitives with tests. |
| crates/astrid-core/src/kernel_api/mod.rs | Updates kernel API docs/types to reflect typed tokens and pair-admin gating semantics. |
| crates/astrid-config/src/defaults.toml | Updates default config comments to blake3:<hex> binary hash. |
| crates/astrid-cli/src/commands/self_update.rs | Switches self-update integrity verification to strict BLAKE3SUMS.txt parsing and BLAKE3 hashing. |
| crates/astrid-cli/src/commands/self_update_tests.rs | Adds BLAKE3 vector verification + strict manifest parsing tests, including SHA-only release rejection. |
| crates/astrid-cli/src/commands/keypair.rs | Migrates CLI key metadata fingerprinting to BLAKE3 and adds schema migration/self-heal logic + tests. |
| crates/astrid-cli/src/commands/invite.rs | Updates CLI help/output formatting for blake3:<hex> invite fingerprints and typed tokens. |
| crates/astrid-cli/Cargo.toml | Removes direct sha2 dependency from the CLI crate. |
| crates/astrid-capsule/src/profile_cache.rs | Adds generation-aware invalidation to prevent stale profile republish and adjusts persistence behavior. |
| crates/astrid-capsule-install/src/github_source.rs | Updates capsule install test fixture expectations for new checksum manifest name. |
| crates/astrid-audit/src/entry.rs | Clarifies audit semantics around authorization vs request-shape failures. |
| CHANGELOG.md | Documents BLAKE3 migration, release manifest change, and device attenuation/security changes under Unreleased. |
| Cargo.lock | Updates lockfile to reflect removed sha2 direct dependencies. |
| .github/workflows/release.yml | Updates release workflow to generate/sign/attest BLAKE3SUMS.txt (and keep SHA256SUMS.txt). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
joshuajbouw
force-pushed
the
agent/release-blake3
branch
from
July 15, 2026 08:19
3d61c46 to
1161ff3
Compare
joshuajbouw
force-pushed
the
agent/release-blake3
branch
from
July 15, 2026 08:46
1161ff3 to
0b07a67
Compare
joshuajbouw
force-pushed
the
agent/release-blake3
branch
from
July 15, 2026 17:17
0b07a67 to
d2af09d
Compare
API-CONTRACT-CHANGE: pair and invite bearer tokens now expose typed prefixes, and public key and token fingerprints now use the blake3:<hex> format.
joshuajbouw
force-pushed
the
agent/release-blake3
branch
from
July 15, 2026 17:26
d2af09d to
7dd8c07
Compare
joshuajbouw
added a commit
that referenced
this pull request
Jul 15, 2026
## Linked Issues Closes #1247 Closes #1249 Closes #1250 ## Summary Complete the pre-release security boundary for Astrid-owned identifiers and self-managed updates in one reviewed change: domain-separated BLAKE3 identifiers, a BLAKE3-first release-integrity contract with SHA-256 compatibility artifacts, and fail-closed Sigstore publisher authentication before integrity verification or extraction. This PR supersedes #1248 and #1251 by containing their exact reviewed source changes plus the publisher-authentication work originally scoped here. ## Changes - add generic `IdentifierHash` and `PublicKeyFingerprint` newtypes backed by domain-separated BLAKE3 - prefix invite and pair-device bearer tokens, version their stores, invalidate non-migratable legacy SHA-256 indexes, and preserve unknown future schemas - self-heal recoverable CLI key metadata and use canonical `blake3:<64 lowercase hex>` fingerprints across kernel, gateway, audit, and MCP-owned surfaces - stop logging dictionary-testable hashes of low-entropy environment values - publish `BLAKE3SUMS.txt` as the primary Astrid release-integrity manifest while retaining signed and attested `SHA256SUMS.txt` for released clients, Homebrew, and downstream compatibility - strictly reject malformed, duplicate, uppercase, missing, mismatched, SHA-only, and overlong manifest entries - authenticate release archives with fresh production Sigstore TUF metadata, the exact Astrid release workflow/tag identity, and the GitHub Actions issuer before integrity verification or extraction - keep publisher-authentication, integrity, and preparation failures as typed stages, preserving exact asset-selection failure causes - preserve empty credential-store reads on read-only deployments while keeping non-empty legacy SHA invalidation mandatory - run Cosign and the native production verifier over every archive/bundle pair before release publication - document the identifier, release-integrity, publisher-authentication, and compatibility boundaries External SHA contracts such as SRI, Git object formats, Cargo registry checksums, Sigstore/SLSA internals, and Homebrew formula fields remain unchanged. ## Verification - exact signed head: `c44a3908aa3e34611540e5d82331171e218940ae` - exact base: merged `main` at `122725708f6b58d3c77c1dc4df4763f345d94c3e` - all 20 commits from the base verify as Good GPG signatures - full Astrid CLI unit suite: 493 passed, 1 intentional release-gate test ignored - publisher-authentication suite: 10 passed, 1 intentional live release-gate test ignored - self-update suite: 15 passed - full kernel suite: 281 passed - complete affected-package matrix previously passed for CLI, core, crypto, gateway, kernel, and MCP - strict all-target/all-feature Clippy passed for the CLI and all affected identifier packages - `cargo fmt --all -- --check` - `cargo metadata --locked --no-deps --format-version 1` - `git diff --check` - `actionlint .github/workflows/release.yml` - BLAKE3 derive-key vectors independently reproduced with `b3sum --derive-key` - independent security reviews found no unresolved correctness or security issue; the final exact consolidated head is being re-reviewed ## Checklist - [x] Linked to issues - [x] CHANGELOG.md updated under `[Unreleased]` No release is created or published by this change.
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #1249
Depends on #1248.
Summary
Make BLAKE3 the Astrid-owned release-integrity contract while preserving the signed SHA-256 compatibility surface required by released clients and Homebrew.
Changes
BLAKE3SUMS.txtas Astrid's primary release-integrity manifestSHA256SUMS.txtcompatibility manifest for Homebrew, released clients, and downstream toolingastrid updaterequire a strict lowercase BLAKE3 entrysha2dependency and update the lockfileCompatibility
Released v0.9.x self-updaters can continue crossing this boundary through
SHA256SUMS.txt. New self-updaters use the BLAKE3 manifest. Homebrew formulae retain their externally requiredsha256fields, sourced from the signed compatibility manifest.Security Boundary
This PR changes Astrid-owned integrity metadata. It does not claim publisher authentication; #1254 supplies that separate fail-closed guarantee.
External SHA contracts such as SRI, Git object formats, Cargo registry checksums, Sigstore/SLSA internals, and Homebrew formula fields remain unchanged.
Verification
7dd8c07637d2814548533f2c8f9ddee5dff7fe3df948083f5b7a5461a0ff001f1f2f34cd1d26f3870f7e2bb1; all four fresh signatures verifyb3sum 1.8.5known vectoractionlint .github/workflows/release.ymlcargo fmt --all -- --checkcargo metadata --locked --no-deps --format-version 1git diff --checkDependency Handling
This PR targets
mainand intentionally includes #1248 until that parent merges. Merge #1248 first; GitHub will then narrow this PR to the four release-integrity commits without risking automatic closure of a stacked base branch.Checklist
[Unreleased]No release is created or published by this change.