Skip to content

feat(release): make BLAKE3 the primary integrity manifest#1251

Closed
joshuajbouw wants to merge 12 commits into
mainfrom
agent/release-blake3
Closed

feat(release): make BLAKE3 the primary integrity manifest#1251
joshuajbouw wants to merge 12 commits into
mainfrom
agent/release-blake3

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1249

Depends on #1248.

Summary

Make BLAKE3 the Astrid-owned release-integrity contract while preserving the signed SHA-256 compatibility surface required by released clients and Homebrew.

Changes

  • publish BLAKE3SUMS.txt as Astrid's primary release-integrity manifest
  • retain a signed and attested SHA256SUMS.txt compatibility manifest for Homebrew, released clients, and downstream tooling
  • make astrid update require a strict lowercase BLAKE3 entry
  • reject malformed manifests, duplicate asset names, uppercase digests, missing entries, mismatches, SHA-only releases, and overlong lines
  • remove the CLI's final direct sha2 dependency and update the lockfile
  • align the release-sidecar fixture and unreleased changelog

Compatibility

Released v0.9.x self-updaters can continue crossing this boundary through SHA256SUMS.txt. New self-updaters use the BLAKE3 manifest. Homebrew formulae retain their externally required sha256 fields, sourced from the signed compatibility manifest.

Security Boundary

This PR changes Astrid-owned integrity metadata. It does not claim publisher authentication; #1254 supplies that separate fail-closed guarantee.

External SHA contracts such as SRI, Git object formats, Cargo registry checksums, Sigstore/SLSA internals, and Homebrew formula fields remain unchanged.

Verification

  • exact signed head: 7dd8c07637d2814548533f2c8f9ddee5dff7fe3d
  • exact parent: feat(security): replace owned identifiers with BLAKE3 #1248 at f948083f5b7a5461a0ff001f1f2f34cd1d26f387
  • all four commits are patch-identical to the independently reviewed composition at 0f7e2bb1; all four fresh signatures verify
  • independent b3sum 1.8.5 known vector
  • 13 self-update integrity tests covering correct, wrong, missing, malformed, uppercase, duplicate, overflow, and SHA-only manifests
  • actionlint .github/workflows/release.yml
  • cargo fmt --all -- --check
  • cargo metadata --locked --no-deps --format-version 1
  • git diff --check
  • strict all-target/all-feature CLI Clippy
  • independent exact-tree review found no actionable issues

Dependency Handling

This PR targets main and intentionally includes #1248 until that parent merges. Merge #1248 first; GitHub will then narrow this PR to the four release-integrity commits without risking automatic closure of a stacked base branch.

Checklist

  • Linked to an issue
  • CHANGELOG.md updated under [Unreleased]

No release is created or published by this change.

@joshuajbouw joshuajbouw changed the title feat(release): publish BLAKE3 integrity manifests feat(release): make BLAKE3 the primary integrity manifest Jul 15, 2026
@joshuajbouw
joshuajbouw changed the base branch from agent/owned-blake3 to main July 15, 2026 01:39
@joshuajbouw
joshuajbouw force-pushed the agent/release-blake3 branch from bfa09c0 to 2d9a520 Compare July 15, 2026 02:03
@joshuajbouw
joshuajbouw force-pushed the agent/release-blake3 branch 2 times, most recently from f3fe9c3 to 3d61c46 Compare July 15, 2026 07:46
@joshuajbouw
joshuajbouw marked this pull request as ready for review July 15, 2026 07:47
Copilot AI review requested due to automatic review settings July 15, 2026 07:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Astrid’s owned integrity and identifier surfaces to use domain-separated BLAKE3 by default, while preserving externally required SHA-256 compatibility (notably via a signed SHA256SUMS.txt alongside a new primary BLAKE3SUMS.txt). It also tightens update-time and manifest parsing rules and carries through related schema/versioning and security/authorization snapshot improvements across the kernel/admin surfaces.

Changes:

  • Make BLAKE3SUMS.txt the required primary release integrity manifest for astrid update, with strict parsing and fail-closed behavior; keep a signed SHA256SUMS.txt compatibility manifest and update the release workflow to publish/sign/attest both.
  • Migrate Astrid-owned token/key identifiers and fingerprints to typed, domain-separated BLAKE3 (blake3:<hex>), adding explicit on-disk schema envelopes and invalidating legacy SHA-256 stores that can’t be safely migrated.
  • Ensure device-scope attenuation is applied consistently by pinning an authorization snapshot through kernel/admin request handling and expanding regression coverage.

Reviewed changes

Copilot reviewed 42 out of 43 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
e2e/fixtures/compat/legacy-sha-pair-token.toml Adds a compatibility fixture for legacy SHA-256 pair-token store invalidation.
e2e/fixtures/compat/legacy-pair-token-without-scope.toml Updates fixture to schema v1 + typed BLAKE3 token hash format.
docs/gateway-client.md Updates guidance to use b3sum for spec hashing.
docs/distro-signing.md Updates distro signing guidance/examples to BLAKE3 (b3sum -c).
docs/config.md Updates documented binary_hash format to blake3:<hex>.
crates/astrid-mcp/src/config.rs Switches MCP binary pin verification to blake3:<hex> parsing/formatting with tests.
crates/astrid-kernel/src/pair_token.rs Migrates pair-token identifiers to typed BLAKE3 + schema envelope + invalidation rules/tests.
crates/astrid-kernel/src/kernel_router/tests.rs Expands router tests to validate device-scope attenuation and snapshot behavior.
crates/astrid-kernel/src/kernel_router/mod.rs Refactors authorization to return a pinned snapshot; uses it for inventory visibility checks.
crates/astrid-kernel/src/kernel_router/device_scope.rs Introduces shared device-scope resolution helper for fail-closed behavior.
crates/astrid-kernel/src/kernel_router/admin/tests.rs Adds coverage for pair-issue capability mapping changes (pair-admin vs pair).
crates/astrid-kernel/src/kernel_router/admin/state_tests.rs Adds state tests for agent-list attenuation and authorization snapshot behavior.
crates/astrid-kernel/src/kernel_router/admin/state_tests_group.rs Adds state tests for group-list attenuation and authorization snapshot behavior.
crates/astrid-kernel/src/kernel_router/admin/pair_device_tests.rs Expands acceptance tests for pairing no-escalation, malformed scope, and snapshot dispatch.
crates/astrid-kernel/src/kernel_router/admin/pair_device_handlers.rs Refactors pair issuance validation/preflight and integrates pinned authorization snapshot.
crates/astrid-kernel/src/kernel_router/admin/mod.rs Refactors admin authorization/audit flow; adds preflight for pair issuance and correct audit outcomes.
crates/astrid-kernel/src/kernel_router/admin/invite_handlers.rs Switches invite key fingerprinting and revoke matching to BLAKE3-era identifiers with tests.
crates/astrid-kernel/src/kernel_router/admin/handlers.rs Threads authorization snapshot/device scope through agent/group listing and pair dispatch.
crates/astrid-kernel/src/kernel_router/admin/group.rs Applies device-scope attenuation and authorization snapshot to group listing.
crates/astrid-kernel/src/kernel_router/admin/enforcement_tests.rs Adds audit enforcement tests for pair-issue allow/deny/bad-input outcomes.
crates/astrid-kernel/src/invite.rs Migrates invite-token identifiers to typed BLAKE3 + schema envelope + invalidation rules/tests.
crates/astrid-kernel/Cargo.toml Removes direct sha2 dependency from the kernel crate.
crates/astrid-integration-tests/tests/compatibility_fixtures.rs Adds integration coverage for legacy SHA pair-token invalidation behavior.
crates/astrid-gateway/src/routes/invites.rs Updates OpenAPI docs/comments to reflect typed invite tokens and BLAKE3 fingerprints.
crates/astrid-gateway/src/routes/env.rs Removes dictionary-testable env value fingerprint logging and updates docs/comments.
crates/astrid-gateway/src/routes/auth.rs Updates request/response schema docs for typed invite/pair tokens and BLAKE3 key fingerprints.
crates/astrid-gateway/Cargo.toml Removes direct sha2 dependency from the gateway crate.
crates/astrid-crypto/src/prelude.rs Exports new identifier/fingerprint types in the crypto prelude.
crates/astrid-crypto/src/lib.rs Adds and re-exports the identifier module/types.
crates/astrid-crypto/src/identifier.rs Introduces domain-separated BLAKE3 identifier and Ed25519 public-key fingerprint primitives with tests.
crates/astrid-core/src/kernel_api/mod.rs Updates kernel API docs/types to reflect typed tokens and pair-admin gating semantics.
crates/astrid-config/src/defaults.toml Updates default config comments to blake3:<hex> binary hash.
crates/astrid-cli/src/commands/self_update.rs Switches self-update integrity verification to strict BLAKE3SUMS.txt parsing and BLAKE3 hashing.
crates/astrid-cli/src/commands/self_update_tests.rs Adds BLAKE3 vector verification + strict manifest parsing tests, including SHA-only release rejection.
crates/astrid-cli/src/commands/keypair.rs Migrates CLI key metadata fingerprinting to BLAKE3 and adds schema migration/self-heal logic + tests.
crates/astrid-cli/src/commands/invite.rs Updates CLI help/output formatting for blake3:<hex> invite fingerprints and typed tokens.
crates/astrid-cli/Cargo.toml Removes direct sha2 dependency from the CLI crate.
crates/astrid-capsule/src/profile_cache.rs Adds generation-aware invalidation to prevent stale profile republish and adjusts persistence behavior.
crates/astrid-capsule-install/src/github_source.rs Updates capsule install test fixture expectations for new checksum manifest name.
crates/astrid-audit/src/entry.rs Clarifies audit semantics around authorization vs request-shape failures.
CHANGELOG.md Documents BLAKE3 migration, release manifest change, and device attenuation/security changes under Unreleased.
Cargo.lock Updates lockfile to reflect removed sha2 direct dependencies.
.github/workflows/release.yml Updates release workflow to generate/sign/attest BLAKE3SUMS.txt (and keep SHA256SUMS.txt).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/astrid-kernel/src/kernel_router/mod.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 42 out of 43 changed files in this pull request and generated 2 comments.

Comment thread crates/astrid-kernel/src/invite.rs
Comment thread crates/astrid-kernel/src/pair_token.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 42 out of 43 changed files in this pull request and generated no new comments.

API-CONTRACT-CHANGE: pair and invite bearer tokens now expose typed prefixes, and public key and token fingerprints now use the blake3:<hex> format.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 31 out of 32 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-cli/src/commands/self_update.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 31 out of 32 changed files in this pull request and generated 3 comments.

Comment thread crates/astrid-cli/src/commands/self_update.rs
Comment thread crates/astrid-kernel/src/invite.rs
Comment thread crates/astrid-kernel/src/pair_token.rs
joshuajbouw added a commit that referenced this pull request Jul 15, 2026
## Linked Issues

Closes #1247
Closes #1249
Closes #1250

## Summary

Complete the pre-release security boundary for Astrid-owned identifiers
and self-managed updates in one reviewed change: domain-separated BLAKE3
identifiers, a BLAKE3-first release-integrity contract with SHA-256
compatibility artifacts, and fail-closed Sigstore publisher
authentication before integrity verification or extraction.

This PR supersedes #1248 and #1251 by containing their exact reviewed
source changes plus the publisher-authentication work originally scoped
here.

## Changes

- add generic `IdentifierHash` and `PublicKeyFingerprint` newtypes
backed by domain-separated BLAKE3
- prefix invite and pair-device bearer tokens, version their stores,
invalidate non-migratable legacy SHA-256 indexes, and preserve unknown
future schemas
- self-heal recoverable CLI key metadata and use canonical `blake3:<64
lowercase hex>` fingerprints across kernel, gateway, audit, and
MCP-owned surfaces
- stop logging dictionary-testable hashes of low-entropy environment
values
- publish `BLAKE3SUMS.txt` as the primary Astrid release-integrity
manifest while retaining signed and attested `SHA256SUMS.txt` for
released clients, Homebrew, and downstream compatibility
- strictly reject malformed, duplicate, uppercase, missing, mismatched,
SHA-only, and overlong manifest entries
- authenticate release archives with fresh production Sigstore TUF
metadata, the exact Astrid release workflow/tag identity, and the GitHub
Actions issuer before integrity verification or extraction
- keep publisher-authentication, integrity, and preparation failures as
typed stages, preserving exact asset-selection failure causes
- preserve empty credential-store reads on read-only deployments while
keeping non-empty legacy SHA invalidation mandatory
- run Cosign and the native production verifier over every
archive/bundle pair before release publication
- document the identifier, release-integrity, publisher-authentication,
and compatibility boundaries

External SHA contracts such as SRI, Git object formats, Cargo registry
checksums, Sigstore/SLSA internals, and Homebrew formula fields remain
unchanged.

## Verification

- exact signed head: `c44a3908aa3e34611540e5d82331171e218940ae`
- exact base: merged `main` at
`122725708f6b58d3c77c1dc4df4763f345d94c3e`
- all 20 commits from the base verify as Good GPG signatures
- full Astrid CLI unit suite: 493 passed, 1 intentional release-gate
test ignored
- publisher-authentication suite: 10 passed, 1 intentional live
release-gate test ignored
- self-update suite: 15 passed
- full kernel suite: 281 passed
- complete affected-package matrix previously passed for CLI, core,
crypto, gateway, kernel, and MCP
- strict all-target/all-feature Clippy passed for the CLI and all
affected identifier packages
- `cargo fmt --all -- --check`
- `cargo metadata --locked --no-deps --format-version 1`
- `git diff --check`
- `actionlint .github/workflows/release.yml`
- BLAKE3 derive-key vectors independently reproduced with `b3sum
--derive-key`
- independent security reviews found no unresolved correctness or
security issue; the final exact consolidated head is being re-reviewed

## Checklist

- [x] Linked to issues
- [x] CHANGELOG.md updated under `[Unreleased]`

No release is created or published by this change.
@joshuajbouw

Copy link
Copy Markdown
Contributor Author

Superseded by and landed through #1254. The merged squash commit a1d4e65 contains this complete signed BLAKE3 release-manifest and compatibility work together with the publisher-authentication and native release-verifier stack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Make BLAKE3 the primary Astrid release checksum manifest

2 participants