Install gate, Phase 3 (lane 3): org guarantee — authenticated fail-closed mode#115
Open
juangaitanv wants to merge 3 commits into
Open
Install gate, Phase 3 (lane 3): org guarantee — authenticated fail-closed mode#115juangaitanv wants to merge 3 commits into
juangaitanv wants to merge 3 commits into
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
juangaitanv
force-pushed
the
install-gate-phase-3-json
branch
from
0e07df6 to
c5715f9
Compare
juangaitanv
added a commit
that referenced
this pull request
Jun 12, 2026
…ree pass Addresses Cursor review on #115. When a manager with a tree resolver (pip/npm/uv) degrades to a NamedOnly tree — pip --dry-run, npm lockfile resolution, or uv pip compile failed — the whole transitive set goes unverified. In public mode that warns and proceeds (fail-open), but in authenticated mode it now BLOCKS unless --force: the unchecked transitives can hide the vulnerable package the org guarantee exists to catch. yarn/pnpm have no resolver, so their NamedOnly is inherent and expected — the new `has_tree_resolver()` predicate keeps them on the named-only warning rather than fail-closing every authenticated yarn/pnpm install. e2e tests pin the pip fail-closed block, the public fail-open, and the yarn proceed; an existing token-forwarding test now reflects the authenticated block. (Also fixes the Phase 0 harness_smoke test's check_package_version call for the token parameter added in this phase.)
juangaitanv
force-pushed
the
install-gate-phase-3-auth
branch
from
7bf5651 to
023419f
Compare
juangaitanv
force-pushed
the
install-gate-phase-3-json
branch
from
c5715f9 to
c79d501
Compare
juangaitanv
added a commit
that referenced
this pull request
Jun 12, 2026
…ree pass Addresses Cursor review on #115. When a manager with a tree resolver (pip/npm/uv) degrades to a NamedOnly tree — pip --dry-run, npm lockfile resolution, or uv pip compile failed — the whole transitive set goes unverified. In public mode that warns and proceeds (fail-open), but in authenticated mode it now BLOCKS unless --force: the unchecked transitives can hide the vulnerable package the org guarantee exists to catch. yarn/pnpm have no resolver, so their NamedOnly is inherent and expected — the new `has_tree_resolver()` predicate keeps them on the named-only warning rather than fail-closing every authenticated yarn/pnpm install. e2e tests pin the pip fail-closed block, the public fail-open, and the yarn proceed; an existing token-forwarding test now reflects the authenticated block. (Also fixes the Phase 0 harness_smoke test's check_package_version call for the token parameter added in this phase.)
juangaitanv
force-pushed
the
install-gate-phase-3-auth
branch
from
023419f to
fb1fbb3
Compare
Harvested from the install-vuln-gate spike (dfac68e). With a token, nothing unverifiable gets through. - authenticated mode: a Corgea token (CORGEA_TOKEN or corgea login) on the default vuln-api sends the auth header (JWT → Bearer, opaque → CORGEA-TOKEN; one definition shared with utils/api.rs) and fails closed — unverifiable verdicts and resolution errors block - custom-URL token opt-in: a custom CORGEA_VULN_API_URL stays public even with a token; CORGEA_VULN_API_SEND_TOKEN_TO_CUSTOM_URL=1 sends the token there and enables fail-closed enforcement - transient-failure retries in the vuln-api client: idempotent GETs retry twice (500ms/1500ms backoff) on send errors; HTTP 429 honors Retry-After (clamped 1-10s) once; stub gains scripted retry/drop modes to exercise both paths hermetically - PEP 668 refusal: pip installs into an externally managed environment are refused before any registry check, with a virtualenv hint; --break-system-packages/--target/--prefix/--root and --force bypass - tokenless public mode now discloses itself and what login adds - yanked-release handling shipped with the registry resolver in Phase 1 (non-exact resolution skips yanked releases; exact pins still match, like pip)
…ree pass Addresses Cursor review on #115. When a manager with a tree resolver (pip/npm/uv) degrades to a NamedOnly tree — pip --dry-run, npm lockfile resolution, or uv pip compile failed — the whole transitive set goes unverified. In public mode that warns and proceeds (fail-open), but in authenticated mode it now BLOCKS unless --force: the unchecked transitives can hide the vulnerable package the org guarantee exists to catch. yarn/pnpm have no resolver, so their NamedOnly is inherent and expected — the new `has_tree_resolver()` predicate keeps them on the named-only warning rather than fail-closing every authenticated yarn/pnpm install. e2e tests pin the pip fail-closed block, the public fail-open, and the yarn proceed; an existing token-forwarding test now reflects the authenticated block. (Also fixes the Phase 0 harness_smoke test's check_package_version call for the token parameter added in this phase.)
…aware docs, PEP 668 traces - run_locked_install now prints the same public-login hint as run_parsed_install: a tokenless 'npm ci'/'uv sync' runs public checks and should disclose that authenticated enforcement exists. - Module header and run_verdict_pass docs no longer describe only the public fail-open behavior — both modes and their decision point (verdict::block_reason) are named. - PEP 668 detection error arms are debug-traced (the deliberate fail-open stays; a silent miss is now diagnosable).
juangaitanv
force-pushed
the
install-gate-phase-3-json
branch
from
c79d501 to
07bb21d
Compare
juangaitanv
force-pushed
the
install-gate-phase-3-auth
branch
from
fb1fbb3 to
5d1d30a
Compare
|
is this the last phase? should we update PRD.md? or just remove it entirely? |
leenk7991
reviewed
Jun 15, 2026
| custom URL and make lookup failures fail closed. Overrides for testing: | ||
| `CORGEA_PYPI_REGISTRY`, `CORGEA_NPM_REGISTRY`, `CORGEA_VULN_API_URL`. | ||
|
|
||
| #### Limitations |
There was a problem hiding this comment.
should we add a line in limitations to mention something like: "git/URL/path specs are skipped (noted unverifiable), the skip never blocks, even in authenticated mode."
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR is Phase 3, lane 3 of the install-gate feature for the Corgea CLI.
Lane 3 turns the gate from public best-effort checks into an authenticated org guarantee. With a Corgea token on the default vuln-api, unverifiable packages, resolution failures, vuln-api outages, and degraded tree coverage block the install instead of warning and proceeding.
Tokenless mode remains public and fail-open. A custom vuln-api URL never receives a Corgea token unless explicitly opted in.
Stacked on #114. Base branch:
install-gate-phase-3-json. Review this PR's diff in isolation; it contains the Phase 3 lane 3 slice.What Phase 3 Lane 3 Includes
CORGEA_TOKENorcorgea loginon the default vuln-api endpoint.utils/api.rs: JWT tokens useBearer; opaque tokens useCORGEA-TOKEN.CORGEA_VULN_API_URLstays public even when a token exists.CORGEA_VULN_API_SEND_TOKEN_TO_CUSTOM_URL=1is required to send the token and enable enforcement there.Retry-After, clamped to 1-10s, once.--break-system-packages,--target,--prefix,--root, and--forcebypass.Deliberately Out Of Scope
Future work after this series includes:
Exit Criteria - Met
Demonstrated live with the real binary against the same dead vuln-api endpoint:
Also verified with
event-stream@3.3.6: the unpublished malware version resolves to a registry error, so npm cannot install it; public mode proceeds with disclosure, while authenticated mode blocks../harness checkpasses.