Skip to content

feat(core): add content-addressed capability registry primitives#1234

Merged
joshuajbouw merged 9 commits into
mainfrom
agent/control-foundations
Jul 15, 2026
Merged

feat(core): add content-addressed capability registry primitives#1234
joshuajbouw merged 9 commits into
mainfrom
agent/control-foundations

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1233

Refs #1228 and astrid-runtime/rfcs#36.

Summary

Adds passive content-addressed capability-registry primitives and moves short device
key IDs to BLAKE3 before wider adoption. The profile shape remains unchanged and
stored device IDs self-heal from their public keys; active device-scoped bearer
sessions re-authenticate after upgrade.

Changes

  • add exact capability IDs with borrowed and owned storage
  • add validated 32-byte entry, registry, and signed-extension-package digest newtypes
  • type the nonzero capability-registry schema revision
  • add content-bound capability references and exact resolution
  • add registered definitions and canonical registry manifests
  • implement deterministic canonical CBOR and domain-separated BLAKE3 identities
  • derive device key IDs from BLAKE3 with a legacy SHA-256 self-heal regression
  • freeze the private 51-ID capability-registry revision 1 set
  • isolate hashing, encoding, checked conversions, and digest validation in a private util module
  • encode canonical integer widths with one checked conversion per representation
  • keep the registry as a public Astrid runtime API without exposing it over HTTP, WIT,
    or the control socket
  • cover canonical bytes, BLAKE3 digest goldens, tampering, duplicates, invalid lengths,
    ordering, schema revisions, and fail-closed errors

Verification

  • cargo fmt --all -- --check
  • cargo metadata --locked --offline --no-deps
  • git diff --check
  • golden vectors independently recomputed with b3sum
  • device-key BLAKE3 golden independently recomputed with b3sum
  • targeted local compilation reached the existing native BLAKE3 build-script stall;
    GitHub CI is the execution gate for the new head

Checklist

  • Linked to an issue
  • CHANGELOG.md updated under [Unreleased]

@joshuajbouw
joshuajbouw marked this pull request as ready for review July 14, 2026 18:13
Copilot AI review requested due to automatic review settings July 14, 2026 18:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduces foundational, passive content-addressed capability-registry primitives in astrid-core (exact capability IDs, deterministic digests, content-bound references, and canonical registry manifests) as groundwork for future wildcard-authority migration without changing current authorization or persisted state behavior.

Changes:

  • Adds capability_registry module with validated exact IDs, entry/registry digest wrappers, content-bound CapabilityRef, and CapabilityRegistryManifest canonicalization + verification.
  • Adds comprehensive unit tests covering canonical bytes, digest stability, tampering, duplicates, ordering, and fail-closed behavior.
  • Updates CHANGELOG.md with an [Unreleased] entry describing the new primitives.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
crates/astrid-core/src/lib.rs Exposes the new capability_registry module publicly.
crates/astrid-core/src/capability_registry.rs Implements content-addressed registry primitives (IDs, digests, references, manifest hashing/verification, canonical CBOR encoding).
crates/astrid-core/src/capability_registry/tests.rs Adds golden and invariants tests for digests, canonicalization, and fail-closed validation paths.
CHANGELOG.md Documents the addition under [Unreleased].

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/astrid-core/src/capability_registry.rs Outdated
Comment thread crates/astrid-core/src/capability_registry/tests.rs Outdated
Comment thread crates/astrid-core/src/capability_registry.rs Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

@joshuajbouw
joshuajbouw merged commit 3a5f429 into main Jul 15, 2026
28 checks passed
@joshuajbouw
joshuajbouw deleted the agent/control-foundations branch July 15, 2026 01:01
joshuajbouw added a commit that referenced this pull request Jul 15, 2026
## Linked Issue

Closes #1235

Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36.

## Summary

Populates the passive 51-entry capability-registry revision 1 on top of
the primitives merged in #1234. Existing authorization, wildcard
evaluation, persisted state, socket behavior, and wire contracts remain
unchanged.

## Changes

- bind all 51 kernel entries to fixed scope, ordered target kinds,
delegability, privileged status, source, and display danger
- expose the typed revision 1 manifest while keeping the raw ID set
private
- freeze all 51 BLAKE3 entry digests and the aggregate manifest digest
- freeze revision 1 danger metadata independently from the mutable live
capability catalog
- preserve current catalog scope and danger metadata
- require kernel and admin request mappings to resolve to a registered
entry
- complete kernel and admin request-variant inventories
- share one complete admin-request test inventory across the mapping and
registry suites
- append new public error variants without changing existing implicit
discriminants
- classify every revision 1 ID as primary, secondary,
token-authenticated, dormant, or mapping-only
- classify `capsule:access:any` as enforced secondary authority now that
capsule dispatch enforces it
- use immutable registry-revision terminology throughout the public API
and errors

Revision 1 never silently expands. A capability added to the catalog, an
inventoried request mapping, or the capsule-side enforcement constants
covered here fails its registry check until a new revision is
introduced. An entirely new enforcement site must add its owning-crate
registry assertion.

## Verification

- exact signed head: `aaf8952f08c2441b217fec60d90de4a40c922754`
- restacked directly on merged `main` at
`bed06ad476f6e58a5ee56331118da497d121705e`
- all 15 commits have good GPG signatures from Joshua J. Bouw
- `cargo fmt --all -- --check`
- `git diff --check origin/main...HEAD`
- `cargo test --locked -p astrid-core capability_registry` (20 passed)
- `cargo test --locked -p astrid-kernel capability_catalog_tests` (4
passed)
- `cargo test --locked -p astrid-kernel
empty_agent_modify_keeps_existing_wire_and_authority_mapping` (1 passed)
- `cargo test --locked -p astrid-capsule
unrestricted_capsule_access_enforcement_id_is_registered`
- `cargo test --locked -p astrid-capsule
secondary_enforcement_ids_are_registered`
- `cargo test --locked -p astrid-core -p astrid-capsule -p
astrid-kernel` (274 core, 564 capsule, and 258 kernel tests passed; the
macOS socket group was rerun outside the sandbox)
- `cargo clippy --locked -p astrid-core -p astrid-capsule -p
astrid-kernel --all-features -- -D warnings`
- range-diff confirms the registry commits are preserved while the
previously stacked authority fixes are now supplied by merged `main`
- the skipped historical integration-merge correction is retained:
`capsule:access:any` is live secondary authority, not dormant metadata
- the production capsule constants for unrestricted access, audit
firehose, and resource exemptions are pinned to their intended exact IDs
and checked directly against revision 1; kernel request inventory is
shared between mapping and registry suites

## Compatibility

The registry remains passive. This PR does not activate a registry
evaluator, change authorization behavior, migrate persisted state, or
alter the existing wire shape. Revision 1 is an immutable description of
the enforcement surface that already exists.

## Checklist

- [x] Linked to an issue
- [x] CHANGELOG.md updated under `[Unreleased]`
- [x] No evaluator activation or persisted-state migration

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add passive content-addressed capability registry primitives

2 participants