feat(core): populate passive capability-registry revision 1#1252
Conversation
There was a problem hiding this comment.
Pull request overview
This PR populates the previously-frozen passive capability-registry revision 1 by assigning fixed authorization semantics (scope, target kinds, delegability, privileged status, provenance) to the 51 normative capability IDs, and adds drift-gating tests to ensure kernel/admin enforcement mappings and role classifications cannot diverge from the registry.
Changes:
- Introduces a typed revision-1 registry manifest builder in
astrid-core, including fixed semantics and explicit errors for missing definitions/metadata. - Updates kernel drift tests to validate that all kernel/admin required-capability mappings resolve to registered revision-1 entries, and that every revision-1 ID has exactly one enforcement-role classification.
- Extends request-variant inventories (kernel + admin) and adds golden digest-vector tests to freeze per-entry and aggregate registry digests.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| crates/astrid-kernel/src/kernel_router/capability_catalog_tests.rs | Switches drift checks from catalog coverage to registry-revision coverage; adds enforcement-role classification completeness test. |
| crates/astrid-kernel/src/kernel_router/admin/tests.rs | Expands admin request-variant inventory to include newer variants for mapping/exhaustiveness tests. |
| crates/astrid-core/src/capability_registry/tests.rs | Adds tests asserting revision-1 registry definitions, preserved catalog metadata, and stable per-entry + aggregate digests. |
| crates/astrid-core/src/capability_registry.rs | Implements revision-1 registry manifest construction with fixed semantics and display metadata resolution; adds new error variants. |
| CHANGELOG.md | Documents the revision-1 capability-registry semantic population under [Unreleased]. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Addressed one follow-up issue in |
000b4e9 to
7332286
Compare
|
Reviewed exact head Local checks passed:
GitHub shows successful |
0fdb3a8 to
8d53151
Compare
Linked Issue
Closes #1235
Refs #1228, #1233, #1234, and astrid-runtime/rfcs#36.
Summary
Populates the passive 51-entry capability-registry revision 1 on top of the primitives merged in #1234. Existing authorization, wildcard evaluation, persisted state, socket behavior, and wire contracts remain unchanged.
Changes
capsule:access:anyas enforced secondary authority now that capsule dispatch enforces itRevision 1 never silently expands. A capability added to the catalog, an inventoried request mapping, or the capsule-side enforcement constants covered here fails its registry check until a new revision is introduced. An entirely new enforcement site must add its owning-crate registry assertion.
Verification
aaf8952f08c2441b217fec60d90de4a40c922754mainatbed06ad476f6e58a5ee56331118da497d121705ecargo fmt --all -- --checkgit diff --check origin/main...HEADcargo test --locked -p astrid-core capability_registry(20 passed)cargo test --locked -p astrid-kernel capability_catalog_tests(4 passed)cargo test --locked -p astrid-kernel empty_agent_modify_keeps_existing_wire_and_authority_mapping(1 passed)cargo test --locked -p astrid-capsule unrestricted_capsule_access_enforcement_id_is_registeredcargo test --locked -p astrid-capsule secondary_enforcement_ids_are_registeredcargo test --locked -p astrid-core -p astrid-capsule -p astrid-kernel(274 core, 564 capsule, and 258 kernel tests passed; the macOS socket group was rerun outside the sandbox)cargo clippy --locked -p astrid-core -p astrid-capsule -p astrid-kernel --all-features -- -D warningsmaincapsule:access:anyis live secondary authority, not dormant metadataCompatibility
The registry remains passive. This PR does not activate a registry evaluator, change authorization behavior, migrate persisted state, or alter the existing wire shape. Revision 1 is an immutable description of the enforcement surface that already exists.
Checklist
[Unreleased]