feat(core): add content-addressed capability registry primitives#1234
Merged
Conversation
This was referenced Jul 14, 2026
joshuajbouw
marked this pull request as ready for review
July 14, 2026 18:13
Contributor
There was a problem hiding this comment.
Pull request overview
Introduces foundational, passive content-addressed capability-registry primitives in astrid-core (exact capability IDs, deterministic digests, content-bound references, and canonical registry manifests) as groundwork for future wildcard-authority migration without changing current authorization or persisted state behavior.
Changes:
- Adds
capability_registrymodule with validated exact IDs, entry/registry digest wrappers, content-boundCapabilityRef, andCapabilityRegistryManifestcanonicalization + verification. - Adds comprehensive unit tests covering canonical bytes, digest stability, tampering, duplicates, ordering, and fail-closed behavior.
- Updates
CHANGELOG.mdwith an[Unreleased]entry describing the new primitives.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| crates/astrid-core/src/lib.rs | Exposes the new capability_registry module publicly. |
| crates/astrid-core/src/capability_registry.rs | Implements content-addressed registry primitives (IDs, digests, references, manifest hashing/verification, canonical CBOR encoding). |
| crates/astrid-core/src/capability_registry/tests.rs | Adds golden and invariants tests for digests, canonicalization, and fail-closed validation paths. |
| CHANGELOG.md | Documents the addition under [Unreleased]. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
3 tasks
joshuajbouw
added a commit
that referenced
this pull request
Jul 15, 2026
## Linked Issue Closes #1235 Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36. ## Summary Populates the passive 51-entry capability-registry revision 1 on top of the primitives merged in #1234. Existing authorization, wildcard evaluation, persisted state, socket behavior, and wire contracts remain unchanged. ## Changes - bind all 51 kernel entries to fixed scope, ordered target kinds, delegability, privileged status, source, and display danger - expose the typed revision 1 manifest while keeping the raw ID set private - freeze all 51 BLAKE3 entry digests and the aggregate manifest digest - freeze revision 1 danger metadata independently from the mutable live capability catalog - preserve current catalog scope and danger metadata - require kernel and admin request mappings to resolve to a registered entry - complete kernel and admin request-variant inventories - share one complete admin-request test inventory across the mapping and registry suites - append new public error variants without changing existing implicit discriminants - classify every revision 1 ID as primary, secondary, token-authenticated, dormant, or mapping-only - classify `capsule:access:any` as enforced secondary authority now that capsule dispatch enforces it - use immutable registry-revision terminology throughout the public API and errors Revision 1 never silently expands. A capability added to the catalog, an inventoried request mapping, or the capsule-side enforcement constants covered here fails its registry check until a new revision is introduced. An entirely new enforcement site must add its owning-crate registry assertion. ## Verification - exact signed head: `aaf8952f08c2441b217fec60d90de4a40c922754` - restacked directly on merged `main` at `bed06ad476f6e58a5ee56331118da497d121705e` - all 15 commits have good GPG signatures from Joshua J. Bouw - `cargo fmt --all -- --check` - `git diff --check origin/main...HEAD` - `cargo test --locked -p astrid-core capability_registry` (20 passed) - `cargo test --locked -p astrid-kernel capability_catalog_tests` (4 passed) - `cargo test --locked -p astrid-kernel empty_agent_modify_keeps_existing_wire_and_authority_mapping` (1 passed) - `cargo test --locked -p astrid-capsule unrestricted_capsule_access_enforcement_id_is_registered` - `cargo test --locked -p astrid-capsule secondary_enforcement_ids_are_registered` - `cargo test --locked -p astrid-core -p astrid-capsule -p astrid-kernel` (274 core, 564 capsule, and 258 kernel tests passed; the macOS socket group was rerun outside the sandbox) - `cargo clippy --locked -p astrid-core -p astrid-capsule -p astrid-kernel --all-features -- -D warnings` - range-diff confirms the registry commits are preserved while the previously stacked authority fixes are now supplied by merged `main` - the skipped historical integration-merge correction is retained: `capsule:access:any` is live secondary authority, not dormant metadata - the production capsule constants for unrestricted access, audit firehose, and resource exemptions are pinned to their intended exact IDs and checked directly against revision 1; kernel request inventory is shared between mapping and registry suites ## Compatibility The registry remains passive. This PR does not activate a registry evaluator, change authorization behavior, migrate persisted state, or alter the existing wire shape. Revision 1 is an immutable description of the enforcement surface that already exists. ## Checklist - [x] Linked to an issue - [x] CHANGELOG.md updated under `[Unreleased]` - [x] No evaluator activation or persisted-state migration --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #1233
Refs #1228 and astrid-runtime/rfcs#36.
Summary
Adds passive content-addressed capability-registry primitives and moves short device
key IDs to BLAKE3 before wider adoption. The profile shape remains unchanged and
stored device IDs self-heal from their public keys; active device-scoped bearer
sessions re-authenticate after upgrade.
Changes
or the control socket
ordering, schema revisions, and fail-closed errors
Verification
cargo fmt --all -- --checkcargo metadata --locked --offline --no-depsgit diff --checkb3sumb3sumGitHub CI is the execution gate for the new head
Checklist
[Unreleased]