Skip to content

feat(driver): add adminToken parameter to PolicySet (PILOT-233)#8

Merged
TeoSlayer merged 1 commit into
mainfrom
feat/policyset-admin-token-PILOT-233
May 29, 2026
Merged

feat(driver): add adminToken parameter to PolicySet (PILOT-233)#8
TeoSlayer merged 1 commit into
mainfrom
feat/policyset-admin-token-PILOT-233

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Caller-side companion to pilot-protocol/pilotprotocol#172. Without this, web4 v0.2+ siblings can't compile against current web4 main because the PolicySet signature differs.

Threat model is the one we settled on in PILOT-347: admin-token gates network-admin ops (this one); user-owned ops use SO_PEERCRED instead.

Tested locally — go test ./driver/... PASS.

Mirrors the change that landed in pilot-protocol/pilotprotocol#172 — the
managed.policy.set IPC is a network-admin operation; without an
adminToken parameter, the gate that PR #172 added to the daemon side
has no caller-side support.

Wire format: [cmd][sub][action=0x01][netID(2)][tokenLen(2)][token...][policyJSON...]

Threat model alignment (per PILOT-347):
- Only the network administrators hold the admin token.
- managed.policy.set is correctly admin-gated.
- User-owned IPC ops (rotate_key, handshake approve/reject/revoke,
  set_webhook) belong on a SO_PEERCRED check, not admin-token —
  see pilot-protocol/pilotprotocol#176 for that pattern.

Empty adminToken is fine for solo-mode daemons (no AdminToken
configured); managed-mode daemons reject empty.

Tests updated to pass empty token.
go test ./driver/... PASS.
@TeoSlayer TeoSlayer merged commit e3fcb51 into main May 29, 2026
1 check passed
@TeoSlayer TeoSlayer deleted the feat/policyset-admin-token-PILOT-233 branch May 29, 2026 21:01
@codecov

codecov Bot commented May 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants