v1.14.0 — audit fidelity, verification & supply-chain hardening (7 High + 3 Medium)#18
Merged
Merged
Conversation
…n (7 High + 3 Medium) High: - Approved MCP forwards persist the APPLIED approvals (verified challenge node ids) in the signed bundle, not an empty list (McpGateResult.AppliedApprovals). - Filesystem forwards strip unknown args — only path/source/destination/paths/ content reach the server; an unchecked extra arg can't be honored. - Real-filesystem E2E FAILS (not skips) under INTENTMESH_FS_E2E=1 on missing node / launch failure / empty tools — green CI proves the real path ran. - npx FS-E2E step runs AFTER pack + upload, so network npm can't mutate artifacts. - Dockerfile: digest-pinned base images, new .dockerignore, /data/runs created+ chowned for the non-root uid + VOLUME, HEALTHCHECK uses /readyz (write-probe). - Granular verification: pc-send-matches-approval + pc-block-matches-approval prove every sent email / committed block maps to an approved executed node. Medium: - Production trusted-proxy mode now also requires a dedicated INTENTMESH_AUTH_KEY (challenges must not share the audit key). - /api/explain no longer honors caller approvals (consistent with run/export). - NuGet package signing remains a documented residual (needs a cert). 249 passing + 3 env-gated skipped. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes a seventh external review. Verified against current
masterfirst. 249 passing + 3 env-gated skipped.High — fixed
Approved_mcp_forward_persists_the_applied_approvals).path/source/destination/paths/contentreach the server (Filesystem_forward_strips_unknown_args).INTENTMESH_FS_E2E=1on missing node / launch failure / empty tools..dockerignore,/data/runscreated+chowned for the non-root UID +VOLUME,HEALTHCHECK→/readyz(write-probe).pc-send-matches-approval+pc-block-matches-approval(every sent email / committed block maps to an approved executed node).Medium — fixed
INTENTMESH_AUTH_KEY(challenges don't share the audit key)./api/explainno longer honors caller approvals (consistent with/api/run+/api/export).🤖 Generated with Claude Code