Skip to content

RFC: authenticated control connections#37

Draft
joshuajbouw wants to merge 4 commits into
mainfrom
agent/authenticated-control-connections
Draft

RFC: authenticated control connections#37
joshuajbouw wants to merge 4 commits into
mainfrom
agent/authenticated-control-connections

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Summary

  • defines a daemon-owned authenticated control transport with direct identities and exact service delegation
  • binds replies, attachments, cancellation, windows, and interactions to host-owned connection and request contexts
  • introduces a content-addressed operation manifest, isolated enrollment, idempotency, fail-closed audit, and a legacy adapter

Why

Principal-wide response routing cannot prove which connection owns a reply. Astrid also needs a neutral integration surface that lets distributions run complete product services without creating a distribution-specific trust bypass.

Status

Draft. This RFC must remain open and unmerged. Implementation and conformance artifacts remain acceptance gates.

Tracks astrid-runtime/astrid#1229. Companion design: #36.

Validation

  • git diff --check
  • python3 generate-book.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant