Skip to content

feat: federation vectors and a threat model#17

Merged
trqlmao merged 1 commit into
mainfrom
feat/federation-vectors-threatmodel
Jun 8, 2026
Merged

feat: federation vectors and a threat model#17
trqlmao merged 1 commit into
mainfrom
feat/federation-vectors-threatmodel

Conversation

@trqlmao

@trqlmao trqlmao commented Jun 8, 2026

Copy link
Copy Markdown
Owner

Two open-menu items from the conformance work. Both prose follows the no-em-dash house rule; conformance runner 37/37 locally.

Federation vectors

SPEC §8 (join handshake + avp:// addressing) had no vectors. Adds vectors/federation.json + examples/conformance/test/federation.test.ts:

  • Tokens (invite request, repo locator) as a decode oracle: base64url-decode MUST yield the object. Plus a canonical minified-encode round-trip and schema-$def validation of the decoded object.
  • avp://<host>/<repoId> URIs: parse/format, plain host and host:port.
  • Indexed in vectors/index.json; SPEC §8.1 now pins the recommended minified encoding (decoders MUST accept any valid JSON with the required members); §11 lists the federation encodings.

Threat model

THREATMODEL.md (the repo had SECURITY.md for reporting but no stated adversary model):

  • Assets, actors/trust boundaries.
  • 9 adversaries with defended-vs-residual: passive/active network, honest-but-curious server, malicious server (incl. the freshness/equivocation residual), insider member, removed member (no backward secrecy), compromised IdP, stolen bearer token, stolen private key.
  • Cryptographic assumptions (incl. GCM IV-uniqueness birthday bound + rotate-before-2^32).
  • Non-goals (endpoint security, metadata privacy from server, availability, backward secrecy, server-to-server, account legality).
  • Residual/open items mapped to SPEC §12. Linked from SPEC §12, SECURITY.md, README, llms.txt.

Verified locally

  • Conformance runner 37/37 (was 24; +13 federation: decode/encode/schema/URI).
  • vectors/index.json coherence check passes with federation.json added.
  • no-leak scan clean; em-dash sweep clean across all changed files.

Menu remainder

Reference IdP + persistent server; vector generator script; negative "MUST-reject" vector bank; gRPC example; browser/WASM demo; llms-full.txt; spec quardrails (size caps, idempotency, Retry-After).

Two of the open menu items from the conformance work.

Federation vectors (vectors/federation.json + a conformance test): the
SPEC §8 handshake and addressing had no vectors. Adds the two base64url
join-handshake tokens (invite request, repo locator) as a decode oracle
plus a canonical minified-encode round-trip, and avp://<host>/<repoId>
URI parse/format (plain host and host:port). The runner decodes, re-
encodes, validates each decoded token against its schema $def, and parses/
formats the URIs; indexed in vectors/index.json. SPEC §8.1 now states the
recommended minified encoding while requiring decoders to accept any valid
JSON object with the required members; §11 lists the federation encodings.

THREATMODEL.md: the protocol had a SECURITY.md (reporting) but no stated
adversary model. Documents the assets, actors and trust boundaries, nine
adversaries (passive/active network, honest-but-curious and malicious
server, insider, removed member, compromised IdP, stolen token, stolen
key) with what is defended and what is residual, the cryptographic
assumptions (including the GCM IV-uniqueness bound), the non-goals
(endpoint security, metadata privacy from the server, availability,
backward secrecy on removal, server-to-server, account legality), and the
residual/open items. Linked from SPEC §12, SECURITY.md, README, and
llms.txt.

All prose follows the no-em-dash house rule. Conformance runner: 37/37.
@trqlmao trqlmao merged commit 9cc7741 into main Jun 8, 2026
26 checks passed
@trqlmao trqlmao deleted the feat/federation-vectors-threatmodel branch June 8, 2026 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant