Skip to content

docs: design v0.5.0 signed manifests#33

Merged
marmar9615-cloud merged 1 commit intomainfrom
docs/v050-signed-manifests-design
Apr 28, 2026
Merged

docs: design v0.5.0 signed manifests#33
marmar9615-cloud merged 1 commit intomainfrom
docs/v050-signed-manifests-design

Conversation

@marmar9615-cloud
Copy link
Copy Markdown
Owner

@marmar9615-cloud marmar9615-cloud commented Apr 28, 2026

Summary

Design-first PR for v0.5.0 — Signed Manifests. No runtime
change in this PR; the implementation lands in subsequent v0.5.0
PRs against the same line.

What's in the design

  • Inline signature block on the manifest (additive optional
    schema field — additionalProperties: true keeps v0.4.x
    readers compatible).
  • Canonical-JSON via RFC 8785 (JCS).
  • Default algorithm Ed25519 (alg: "EdDSA") with ES256 also
    permitted.
  • Publisher-controlled key set at
    /.well-known/agentbridge-keys.json (no central CA, no
    blockchain).
  • signedAt + expiresAt for freshness, bounded clock-skew env
    var.
  • Documented rotation and revocation flow.
  • Verification failure-mode matrix (12 named failures × default
    vs. --require-signature mode).
  • Cross-cuts on schema, SDK, scanner check IDs, MCP server,
    Studio/demo, CLI, OpenAPI converter.
  • Migration plan from optional (v0.5.0) to mandatory (v1.0).
  • Test plan, including security-critical negative tests.

The design's most important invariant: verification is
additive. A verified manifest still goes through the
confirmation gate, origin pinning, target-origin allowlist,
audit redaction, stdio stdout hygiene, and HTTP transport
auth/origin checks — exactly as today. Verification confirms
publisher; it does not authorize anything.

Docs updated

Current release context

Parallel Codex context

Codex may be working in parallel on scanner regression /
public-API-stability work touching:

  • packages/scanner/src/*
  • packages/scanner/README.md
  • examples/scanner-regression/*
  • examples/README.md
  • CHANGELOG.md

This PR explicitly avoided those paths. The design names new
scanner check IDs as the contract; the actual scanner test
fixtures land alongside the implementation PR (coordinated with
Codex when that work begins).

What this PR does NOT do

  • ❌ No runtime behavior changed.
  • ❌ No package versions bumped — verified npm run pack:dry-run
    still reports 0.4.0 for all six packages.
  • ❌ No new dependencies added.
  • ❌ No package-lock.json change.
  • ❌ No npm publish, no git tag, no GitHub release.
  • ❌ Dependabot PRs untouched.
  • ❌ Unsigned manifests still validate. Safety invariants intact:
    confirmation gate, origin pinning, target-origin allowlist,
    audit redaction, stdio stdout hygiene, HTTP transport
    auth/origin checks.

Commands run

npm run typecheck:clean   # clean
npm test                  # 196 / 196 passed (16 files)
npm run build             # all packages built
npm run pack:dry-run      # all six @marmarlabs/agentbridge-* OK at 0.4.0

Test plan

  • CI green on Node 20.x and 22.x.
  • No new test failures.
  • Doc-only diff — no runtime files modified.
  • All package versions remain 0.4.0.

🤖 Generated with Claude Code

@marmar9615-cloud @claude
docs: design signed manifests for v0.5.0
27844b5 
Adds the design-first artifacts for v0.5.0 — Signed Manifests:

- docs/designs/signed-manifests.md (full design doc covering threat
  model, manifest signing model, JCS canonicalization, Ed25519
  default, key set publication, rotation/revocation, freshness,
  verification failure modes, schema/SDK/scanner/MCP/CLI impact,
  backward compatibility, migration plan, and test plan).
- docs/adr/0002-signed-manifests.md (architecture decision record
  with five rejected and one deferred alternative).
- docs/issues/v0.5.0-signed-manifests.md (in-tree mirror of GitHub
  tracking issue #31).

Updates the supporting docs to reflect that v0.4.0 has shipped on
npm via Trusted Publishing and that v0.5.0 signed manifests are
now in design (not yet runtime):

- docs/roadmap.md — v0.4.0 marked shipped; v0.5.0 marked in design.
- docs/v1-readiness.md — criterion #7 (signed manifests) flipped
  to "design in progress"; #1, #2, #3 (Trusted Publishing /
  provenance) flipped to "yes" since v0.4.0 published.
- docs/threat-model.md — T1 expanded into T1.a/b/c/d sub-vectors
  and pointed at the v0.5.0 design as its mitigation.
- docs/security-configuration.md — adds a "Signed manifests
  (v0.5.0 — design only, not yet runtime)" section listing the
  proposed env vars without enforcing them.
- docs/production-readiness.md — bottom-line note now refers to
  v0.4.0 and points at the in-progress design.
- AGENTS.md / CLAUDE.md / README.md — small status notes; no
  bloat.

No runtime change. No package version bump. No publish. No tag.
No release. Unsigned manifests still validate against the v0.1
manifest spec. All safety invariants intact (confirmation gate,
origin pinning, target-origin allowlist, audit redaction, stdio
stdout hygiene, HTTP transport auth/origin checks).

Verified locally with npm run typecheck:clean (clean), npm test
(196/196), npm run build (all packages), npm run pack:dry-run
(all six packages OK at 0.4.0).

Tracking: #31

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@marmar9615-cloud marmar9615-cloud force-pushed the docs/v050-signed-manifests-design branch from 262f144 to 27844b5 Compare April 28, 2026 20:07
@marmar9615-cloud marmar9615-cloud merged commit 54b74d6 into main Apr 28, 2026
2 checks passed
This was referenced Apr 28, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marmar9615-cloud