Skip to content

feat(core): populate passive capability-registry revision 1#1252

Merged
joshuajbouw merged 15 commits into
mainfrom
agent/capability-registry-baseline
Jul 15, 2026
Merged

feat(core): populate passive capability-registry revision 1#1252
joshuajbouw merged 15 commits into
mainfrom
agent/capability-registry-baseline

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1235

Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36.

Summary

Populates the passive 51-entry capability-registry revision 1 on top of the primitives merged in #1234. Existing authorization, wildcard evaluation, persisted state, socket behavior, and wire contracts remain unchanged.

Changes

  • bind all 51 kernel entries to fixed scope, ordered target kinds, delegability, privileged status, source, and display danger
  • expose the typed revision 1 manifest while keeping the raw ID set private
  • freeze all 51 BLAKE3 entry digests and the aggregate manifest digest
  • freeze revision 1 danger metadata independently from the mutable live capability catalog
  • preserve current catalog scope and danger metadata
  • require kernel and admin request mappings to resolve to a registered entry
  • complete kernel and admin request-variant inventories
  • share one complete admin-request test inventory across the mapping and registry suites
  • append new public error variants without changing existing implicit discriminants
  • classify every revision 1 ID as primary, secondary, token-authenticated, dormant, or mapping-only
  • classify capsule:access:any as enforced secondary authority now that capsule dispatch enforces it
  • use immutable registry-revision terminology throughout the public API and errors

Revision 1 never silently expands. A capability added to the catalog, an inventoried request mapping, or the capsule-side enforcement constants covered here fails its registry check until a new revision is introduced. An entirely new enforcement site must add its owning-crate registry assertion.

Verification

  • exact signed head: aaf8952f08c2441b217fec60d90de4a40c922754
  • restacked directly on merged main at bed06ad476f6e58a5ee56331118da497d121705e
  • all 15 commits have good GPG signatures from Joshua J. Bouw
  • cargo fmt --all -- --check
  • git diff --check origin/main...HEAD
  • cargo test --locked -p astrid-core capability_registry (20 passed)
  • cargo test --locked -p astrid-kernel capability_catalog_tests (4 passed)
  • cargo test --locked -p astrid-kernel empty_agent_modify_keeps_existing_wire_and_authority_mapping (1 passed)
  • cargo test --locked -p astrid-capsule unrestricted_capsule_access_enforcement_id_is_registered
  • cargo test --locked -p astrid-capsule secondary_enforcement_ids_are_registered
  • cargo test --locked -p astrid-core -p astrid-capsule -p astrid-kernel (274 core, 564 capsule, and 258 kernel tests passed; the macOS socket group was rerun outside the sandbox)
  • cargo clippy --locked -p astrid-core -p astrid-capsule -p astrid-kernel --all-features -- -D warnings
  • range-diff confirms the registry commits are preserved while the previously stacked authority fixes are now supplied by merged main
  • the skipped historical integration-merge correction is retained: capsule:access:any is live secondary authority, not dormant metadata
  • the production capsule constants for unrestricted access, audit firehose, and resource exemptions are pinned to their intended exact IDs and checked directly against revision 1; kernel request inventory is shared between mapping and registry suites

Compatibility

The registry remains passive. This PR does not activate a registry evaluator, change authorization behavior, migrate persisted state, or alter the existing wire shape. Revision 1 is an immutable description of the enforcement surface that already exists.

Checklist

  • Linked to an issue
  • CHANGELOG.md updated under [Unreleased]
  • No evaluator activation or persisted-state migration

Copilot AI review requested due to automatic review settings July 15, 2026 01:23

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR populates the previously-frozen passive capability-registry revision 1 by assigning fixed authorization semantics (scope, target kinds, delegability, privileged status, provenance) to the 51 normative capability IDs, and adds drift-gating tests to ensure kernel/admin enforcement mappings and role classifications cannot diverge from the registry.

Changes:

  • Introduces a typed revision-1 registry manifest builder in astrid-core, including fixed semantics and explicit errors for missing definitions/metadata.
  • Updates kernel drift tests to validate that all kernel/admin required-capability mappings resolve to registered revision-1 entries, and that every revision-1 ID has exactly one enforcement-role classification.
  • Extends request-variant inventories (kernel + admin) and adds golden digest-vector tests to freeze per-entry and aggregate registry digests.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
crates/astrid-kernel/src/kernel_router/capability_catalog_tests.rs Switches drift checks from catalog coverage to registry-revision coverage; adds enforcement-role classification completeness test.
crates/astrid-kernel/src/kernel_router/admin/tests.rs Expands admin request-variant inventory to include newer variants for mapping/exhaustiveness tests.
crates/astrid-core/src/capability_registry/tests.rs Adds tests asserting revision-1 registry definitions, preserved catalog metadata, and stable per-entry + aggregate digests.
crates/astrid-core/src/capability_registry.rs Implements revision-1 registry manifest construction with fixed semantics and display metadata resolution; adds new error variants.
CHANGELOG.md Documents the revision-1 capability-registry semantic population under [Unreleased].

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@joshuajbouw

Copy link
Copy Markdown
Contributor Author

@copilot review exact head f9a8f53

Copilot AI commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

@copilot review exact head f9a8f53

Addressed one follow-up issue in 000b4e9: revision 1 now freezes its danger metadata instead of deriving it from the live catalog at runtime. Local checks passed with cargo fmt --all -- --check, cargo test -p astrid-core capability_registry_revision_1, and cargo test -p astrid-kernel capability_catalog_tests.

@joshuajbouw
joshuajbouw force-pushed the agent/capability-registry-baseline branch from 000b4e9 to 7332286 Compare July 15, 2026 08:11
@joshuajbouw

Copy link
Copy Markdown
Contributor Author

@copilot review exact head 7332286

Copilot AI commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

@copilot review exact head 7332286

Reviewed exact head 7332286 and found no further issues.

Local checks passed:

  • cargo fmt --all -- --check
  • cargo metadata --locked --no-deps --format-version 1
  • cargo test -p astrid-core capability_registry_revision_1
  • cargo test -p astrid-kernel capability_catalog_tests

GitHub shows successful CodeQL and Changelog runs for this head, and the fresh PR checks are queued.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 25 out of 25 changed files in this pull request and generated no new comments.

@joshuajbouw
joshuajbouw force-pushed the agent/capability-registry-baseline branch from 0fdb3a8 to 8d53151 Compare July 15, 2026 14:06
@joshuajbouw
joshuajbouw requested a review from Copilot July 15, 2026 14:07

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comment thread crates/astrid-capsule/src/engine/wasm/mod.rs

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated no new comments.

@joshuajbouw
joshuajbouw merged commit d85fb10 into main Jul 15, 2026
28 checks passed
@joshuajbouw
joshuajbouw deleted the agent/capability-registry-baseline branch July 15, 2026 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Populate passive capability-registry revision 1

3 participants