Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
436 commits
Select commit Hold shift + click to select a range
54d4366
docs(roadmap): capture next-steps roadmap from the inspector branch
claude Jun 18, 2026
1cba0f7
feat(ddrm): two-layer forensic watermark (visible full-address + invi…
SashaMIT Jun 18, 2026
2a4ca10
fix(dkms): threshold-with-grace quorum recover so a dead node can't w…
SashaMIT Jun 18, 2026
b8cafe3
docs(ddrm): roadmap + design for AV forensic watermarking
SashaMIT Jun 18, 2026
273d0aa
fix(ddrm): bound pixel-lock decode/raster size (pixel-bomb defense)
SashaMIT Jun 18, 2026
eae67ff
fix(ddrm): serve-time content sniff + html-lock CSP/nosniff (mislabel…
SashaMIT Jun 18, 2026
9bc2c54
docs(ddrm): honest forensic-watermark scope + pixel-bomb bounds + htm…
SashaMIT Jun 18, 2026
b01ed34
feat(ddrm): authenticate the forensic watermark via the buyer's signe…
SashaMIT Jun 18, 2026
0eac1d0
feat(ddrm): retain the forensic grant anchor in the tamper-evident cu…
SashaMIT Jun 18, 2026
58380d3
fix(ddrm): audit cleanups (item 6) + reclassify media-tier egress as …
SashaMIT Jun 19, 2026
9f57172
ci(ddrm): gate the dDRM capsule crates + run the full `just verify` o…
SashaMIT Jun 19, 2026
a01cecc
ci: also run the gate on this feature branch (branch-scoped trigger)
SashaMIT Jun 19, 2026
391a438
fix(ci): rustfmt viewer_object.rs + install ripgrep for the verify job
SashaMIT Jun 19, 2026
0e1bd96
fix(rights): validate wallet linkage before resolving the rights-prov…
SashaMIT Jun 19, 2026
46cbeed
fix(ci): install wasm32-wasip1 target for the verify job's carrier smoke
SashaMIT Jun 19, 2026
e350a49
fix(ci): pin wasm32-wasip1 in rust-toolchain.toml so the pinned toolc…
SashaMIT Jun 19, 2026
2ecb7a6
ci: split out `verify-ci` (full gate minus the Carrier-network smoke)…
SashaMIT Jun 19, 2026
681d10a
docs(av): fold Phase-0 feasibility + FP correction into AV_WATERMARKING
SashaMIT Jun 19, 2026
1bfe59f
feat(approval): fail-closed approval decision core + inspect/intent p…
claude Jun 19, 2026
2b413b0
docs(approval): document inspect/intent + contract-honesty path note
claude Jun 19, 2026
5bc2381
fix(ddrm): pre-mainnet fix-pack ①–⑤ + dKMS open test runbook
SashaMIT Jun 19, 2026
fadad72
feat(av): land Phase 5 chunks 1/2/6 — variant schema + canonical code…
SashaMIT Jun 19, 2026
3d07444
feat(av): analytic Tardos threshold + Monte-Carlo certification gate
SashaMIT Jun 19, 2026
7feccd3
docs(audit): focused external-auditor packet for the dKMS decrypt plane
SashaMIT Jun 19, 2026
39fead5
fix(dkms): bind re-seal AAD into the recover possession-proof (close …
SashaMIT Jun 19, 2026
0720219
feat(av): serve-time variant selector + variant-set AAD weld (chunks …
SashaMIT Jun 19, 2026
65f0975
feat(av): mint-side asset-secret KDF + manifest builder (chunk 5 core)
SashaMIT Jun 19, 2026
2bbd45b
docs(av): reconcile Phase 5 status — 3/4/5 core landed, wiring + cert…
SashaMIT Jun 19, 2026
b241e1f
fix(smoke): build dkms-authority with dev-modes in quorum-helper-verify
SashaMIT Jun 19, 2026
643752e
feat(av): bounded placeholder variant embed in ddrm-media (mint DSP s…
SashaMIT Jun 19, 2026
4574eed
test(av): end-to-end variant pipeline on real fMP4 + CENC (chunks 3/4/5)
SashaMIT Jun 19, 2026
c596f1f
fix(dkms): revert recover-proof to v1 to match the deployed quorum nodes
SashaMIT Jun 20, 2026
1677023
feat(av): wire forensic variant mint-emit + serve selection into the …
SashaMIT Jun 20, 2026
d270500
perf(serve): single-copy in-place CENC decrypt + boot-stable gateway …
claude Jun 20, 2026
fea728b
harden(ddrm): bound untrusted CENC box counts + pin the H1 watermark-…
claude Jun 20, 2026
edb02ec
fix(open): refresh single-use grant nonce on quorum retries (A7) + pi…
claude Jun 20, 2026
e47f2be
docs(audit): record PRE-3 (audit tamper-evidence / GAP-8) as already …
claude Jun 20, 2026
b823c62
docs(pre-audit): record verification pass — 7/8 findings resolved, #2…
claude Jun 20, 2026
98b57c9
perf(library): hash each file once on the directory-list hot path
claude Jun 20, 2026
72550c4
perf(library): cache file listing facts on the directory-list path
claude Jun 20, 2026
9d8e6d9
perf(library-ui): bound the cover cache (LRU) and revoke evicted obje…
claude Jun 20, 2026
371bf21
chore(ci): satisfy fmt + clippy gates on the branch
claude Jun 20, 2026
ad84904
perf(serve): drop redundant per-segment capsule re-resolve from the v…
claude Jun 20, 2026
4894f50
test(conformance): close GAP-8's tamper-evidence half + pin it (ratch…
claude Jun 20, 2026
1e9e712
test(verdicts): build-visible DDRM audit-verdict ratchet + pin PRE-2 …
claude Jun 20, 2026
38b45bd
docs(roadmap): capture the path to 10/10 — audit, node-bundle redeplo…
claude Jun 20, 2026
3567f54
docs(auditor): point the external firm at the verified-safe scope-out…
claude Jun 20, 2026
cec3086
build(release): add a release profile to the elastos workspace (LTO +…
claude Jun 20, 2026
253d099
feat(wasm): enforce per-capsule memory/table/instance limits + share …
claude Jun 20, 2026
f2e9c53
docs(roadmap): track the per-capsule WASM memory budget + CPU-runaway…
claude Jun 20, 2026
ce2bd96
feat(wasm): honor each capsule's DECLARED memory budget (clamped), ma…
claude Jun 20, 2026
0d904c6
docs(roadmap): mark per-capsule WASM memory budget DONE (B1); CPU sti…
claude Jun 20, 2026
8bf1d29
feat(wasm): make a runaway capsule operator-terminable (epoch interru…
claude Jun 20, 2026
43eee84
docs(roadmap): mark WASM CPU-runaway operator-terminable DONE (B2a); …
claude Jun 20, 2026
5080468
chore(fmt): satisfy rustfmt on the branch's elastos-server additions
claude Jun 20, 2026
e5e6ad0
docs(handoff): branch-handoff note for the merge + live-validation pass
claude Jun 20, 2026
97bcd36
docs(runbook): mark the retry-replay grant gap RESOLVED by A7
SashaMIT Jun 20, 2026
5d23843
feat(capsule-inspector): declare the first real typed affordances
SashaMIT Jun 24, 2026
5363927
feat(capsules): declare typed affordances on documents, library, inbox
SashaMIT Jun 24, 2026
70b7976
feat(capsules): declare typed affordances on chat, archive-manager, g…
SashaMIT Jun 24, 2026
3c1d58f
test(inspect): prove the whole affordance registry via the inspect op…
SashaMIT Jun 24, 2026
0e85f07
test(inspect): prove providers reflect their authority via the inspec…
SashaMIT Jun 24, 2026
3b6241b
feat(signature): resolve the verified signer, not just a bool (G2 cap…
SashaMIT Jun 24, 2026
4936f66
feat(inspect): surface a verified signer + "verified" trust (G2 proje…
SashaMIT Jun 24, 2026
210864e
feat(inspect): list observed granted capabilities (G1 projection)
SashaMIT Jun 24, 2026
f54b65e
feat(capability): one canonical grant authorization path (G4a)
SashaMIT Jun 24, 2026
9163c77
chore(lint): clear orphaned imports/const left by the G4a neutralization
SashaMIT Jun 24, 2026
7b581f9
feat(audit): fail-closed audit on the user-deny write (G8a)
SashaMIT Jun 24, 2026
a2f54c6
feat(inspect): self-tier route — an app can inspect itself, fail-clos…
SashaMIT Jun 24, 2026
3901d0b
feat(capsules): typed affordances on chat-room + chat-wasm; defer G1b…
SashaMIT Jun 24, 2026
f05de26
feat(crypto): domain_separated_verify — make signed audit events veri…
SashaMIT Jun 24, 2026
5d3b63c
merge: bring the dDRM hardening line into flint (the agent substrate …
SashaMIT Jun 25, 2026
0db4660
docs(gaps): merge reframes the registry — G3/G4b unblocked, G8 plane …
SashaMIT Jun 25, 2026
1b32cae
feat(invoke): prove the act leg — previewed gate == enforced gate thr…
SashaMIT Jun 25, 2026
caec873
docs(gaps): G3 core landed (executed-gate proof + conformance pin); G…
SashaMIT Jun 25, 2026
7d6bf5d
feat(consent): record a signed, fail-closed approve decision symmetri…
SashaMIT Jun 25, 2026
bcdeac1
docs(gaps): G4 recording DONE — signed fail-closed approve/deny on dD…
SashaMIT Jun 25, 2026
f1ac9d3
test(e2e): the full five-beat loop turns once over a real crown-jewel…
SashaMIT Jun 25, 2026
8173da0
docs(gaps): the full five-beat loop turns once on one signed chain (e…
SashaMIT Jun 25, 2026
34be723
docs(gaps): G-ID — capsule identity is not canonical (five-beat loop …
SashaMIT Jun 25, 2026
938013a
feat(identity): record the real capsule identity on capability reques…
SashaMIT Jun 25, 2026
13f706b
docs(gaps): G-ID interim landed (vm-{name} recorded); the flip is the…
SashaMIT Jun 25, 2026
cbc8929
feat(identity): the flip — mint+validate+inspector on canonical vm-{n…
SashaMIT Jun 25, 2026
4377cef
docs(gaps): G-ID CLOSED by the flip; G1b narrows to the serve composi…
SashaMIT Jun 25, 2026
21a72b4
feat(inspect): CompositeAuditSource — live granted-capabilities on a …
SashaMIT Jun 25, 2026
64eba4c
docs(gaps): G1b CLOSED — live granted-capabilities via CompositeAudit…
SashaMIT Jun 25, 2026
103b34e
feat(intent): the intent compiler — resolve a capability goal to a pr…
SashaMIT Jun 25, 2026
7031395
feat(intent): multi-step composition — compile an ordered goal sequen…
SashaMIT Jun 25, 2026
0178a2a
feat(intent): cross-capsule discovery — find which capsule offers a g…
SashaMIT Jun 25, 2026
3e22deb
feat(intent): discovered multi-step — a goal sequence whose steps are…
SashaMIT Jun 25, 2026
3360822
feat(intent): serialize the failure path — IntentError + InvokeError …
SashaMIT Jun 25, 2026
aa523ce
feat(inspect): gateway "discover" op — resolve which capsule offers a…
SashaMIT Jun 25, 2026
9c06bfa
docs(known-gaps): track discover (System-only + carrier-locked) as in…
SashaMIT Jun 25, 2026
d214693
docs(known-gaps): re-assess G-CIE — the carrier inspect surface is th…
SashaMIT Jun 25, 2026
6f438b0
docs(known-gaps): G-CIE hardening is decision-needed + not worth the …
SashaMIT Jun 25, 2026
d93ae21
docs(known-gaps): record the 0.01% security audit — grade 7/10, 5 con…
SashaMIT Jun 25, 2026
628783e
fix(security/AUD-3): revocation is now fail-closed on its audit recor…
SashaMIT Jun 25, 2026
e68f850
fix(security/AUD-2): gateway audit log fails closed instead of downgr…
SashaMIT Jun 25, 2026
302d9b2
docs(known-gaps): mark AUD-2 + AUD-3 CLOSED (both fail-open gaps now …
SashaMIT Jun 25, 2026
8954590
fix(security/AUD-1 prereq): canonical signing form — multi-provider m…
SashaMIT Jun 25, 2026
e88f436
feat(security/AUD-1): fail-closed-when-configured author-signature ga…
SashaMIT Jun 25, 2026
4d183b5
docs(known-gaps): AUD-1 mostly closed (author-signing gate on the VM …
SashaMIT Jun 25, 2026
afc5c4e
fix(security/AUD-5): refuse the bare scheme://* super-wildcard at the…
SashaMIT Jun 26, 2026
2914232
fix(security/AUD-4): verify-on-read — the inspector's "attested" now …
SashaMIT Jun 26, 2026
b095973
docs(known-gaps): AUD-4 plane-(b) + AUD-5 CLOSED; record the speed ro…
SashaMIT Jun 26, 2026
0a7d170
docs(roadmap): master living map — status + adoption-wedge roadmap + …
SashaMIT Jun 26, 2026
6c524ba
feat(mcp): `elastos mcp serve` — read-only MCP bridge, enforcement in…
SashaMIT Jun 26, 2026
ea26ad9
docs(roadmap): wedge 1 (elastos mcp serve) DONE; next = wedge 2 (type…
SashaMIT Jun 26, 2026
11b017b
feat(intent): typed dataflow binding — compile_pipeline validates cal…
SashaMIT Jun 26, 2026
0ebe0bc
docs(roadmap): wedges 1+2 (mcp serve + dataflow binding) DONE — the c…
SashaMIT Jun 26, 2026
0558c57
docs(flint): canonical Flint shell UX vision — the "glass delegation …
SashaMIT Jun 26, 2026
5084be3
docs(flint): KEEP — the synthesized "ultimate agentic OS" concept (co…
SashaMIT Jun 26, 2026
824a0e8
docs(flint): PDR — ElastOS the Sovereign Computer (council swarm w878…
SashaMIT Jun 26, 2026
e76da05
docs(flint): ESP shell protocol + wedges + the narrative (council swa…
SashaMIT Jun 26, 2026
083174f
docs(flint): W2 consent-act-path approval-ready plan (swarm wuuc4f5jd…
SashaMIT Jun 26, 2026
a013b42
docs(roadmap): consolidate the SINGLE living map — reconcile adoption…
SashaMIT Jun 27, 2026
4833f89
feat(capability): re-integrate W2 consent-request path (steps 3-4) + …
claude Jun 27, 2026
08329d0
feat(capability): W2 step 6 — the grant reads the binding (affordance…
claude Jun 27, 2026
83aa364
feat(capability): W2 step 7 — validate-and-consume endpoint + canonic…
claude Jun 27, 2026
025109e
feat(capability): W2 step 8 — ValidatedAffordanceGrant witness gates …
claude Jun 27, 2026
c290d65
feat(capability): W2 step 9 — signed AffordanceGrantReceiptV1 + block…
claude Jun 27, 2026
1365acc
test(capability): W2 step 10 — end-to-end affordance consent journey …
claude Jun 28, 2026
f531f31
chore(w2): step 11 — pin consent-path invariants in the alignment gat…
claude Jun 28, 2026
b750d25
feat(reach): W0a — core-derived ReachDescriptorV1 (the honest halo en…
claude Jun 28, 2026
808e3c3
feat(reach): W0b — project core-derived reach onto the catalog the sh…
claude Jun 28, 2026
aad72ca
feat(reach): W1a — egress-as-capability model (Allowlisted vs Open, f…
claude Jun 28, 2026
15f2bcc
feat(supervisor): W3a — de-hardcode the shell (role-based active-shel…
claude Jun 28, 2026
494a626
docs(esp): W4 — ESP v0 protocol spec + shared TS types, extracted fro…
claude Jun 28, 2026
d94c2b8
feat(esp): W5a — two-channel projection client + hero consent act (ES…
claude Jun 28, 2026
d6192d0
feat(esp): W6 — shell-picker + refraction toggle (pure projection, fa…
claude Jun 28, 2026
6a996d1
feat(esp): W7 — export the signed receipt as the EU AI Act audit arti…
claude Jun 28, 2026
588f217
refactor(consent): W3b — name the consent-broker at its seam (not a w…
claude Jun 28, 2026
ac38220
fix(carrier): BUG-6 — bound carrier-bridge line reads before allocati…
claude Jun 28, 2026
173ecbb
fix(supervisor): BUG-8 — checked, collision-free vsock CID allocation
claude Jun 28, 2026
fada7b9
fix(carrier): BUG-5 — don't drop a consent grant that lands after the…
claude Jun 28, 2026
b72ab2f
fix(capability): BUG-4 safe slice — refund single-use grant on routin…
claude Jun 28, 2026
99163c4
docs(esp): W5b spec — the visual projection shell as component contracts
claude Jun 28, 2026
7d093a5
refactor(carrier): apply verified code-quality audit findings
claude Jun 28, 2026
74524a9
feat(capability): BUG-4 op-failure slice — ProviderError::DidNotAct +…
claude Jun 28, 2026
eb321a1
test(g3b): universal preview==enforce conformance pin across ALL prov…
claude Jun 28, 2026
d339058
docs(bug-4): record InspectProvider DidNotAct migration is a multi-ca…
claude Jun 28, 2026
6483e96
feat(authz): G3b drain ch1 — complete the verb map for 11 manifest-ba…
claude Jun 28, 2026
33a1a01
feat(manifests): G3b drain ch2 — split blanket capability blocks (did…
claude Jun 28, 2026
48085c1
feat(manifests): G3b drain ch3 — egress (net/exit) + encrypt manifest…
claude Jun 28, 2026
64fd85c
feat(manifests): G3b drain ch4 — browser-actuator manifest split
claude Jun 28, 2026
ea7398e
docs(w1b): egress-firewall design — turn the reach model into enforce…
claude Jun 28, 2026
ee33170
feat(carrier): BUG-4 first real DidNotAct migration — CarrierGossipPr…
claude Jun 28, 2026
45f290e
fix(carrier): close the BUG-5 HTTP-poll residual (trailing read)
claude Jun 28, 2026
18fcf44
feat(carrier): BUG-4 second DidNotAct migration + more gossip rejections
claude Jun 28, 2026
e661b46
feat(carrier): refine DidNotAct contract (capacity≠no-op) + ContentPr…
claude Jun 28, 2026
64a264a
feat(content): drain ContentProvider write-path request-shape rejecti…
claude Jun 28, 2026
ae080a7
feat(content): finish publish request-shape drain (DidNotAct)
claude Jun 28, 2026
4f81209
docs(handoff): make READY_FOR_CURSOR comprehensive — no blind spots
claude Jun 28, 2026
9542e1e
G8b: make token-level capability revoke fail-closed (durable signed c…
claude Jun 28, 2026
ee29bcf
G8b verify-on-read: opt-in durable, tamper-verified audit log
claude Jun 28, 2026
d169c70
G8 verify-on-read: close tail-truncation with a committed head-anchor
claude Jun 28, 2026
71c2b30
spend meter: land the per-capsule budget mechanism (NEXT-band foothold)
claude Jun 28, 2026
1c1f81a
act-over-MCP: wire the spend meter into the carrier act path (fail-cl…
claude Jun 28, 2026
e4e8acb
spend meter: provider-reported variable cost (bound real spend, not c…
claude Jun 28, 2026
27f92aa
spend meter: meter microVM capsule acts under the canonical vm-{name}…
claude Jun 28, 2026
5b0e0d3
spend meter: meter WASM capsule acts (the third/last carrier act path)
claude Jun 28, 2026
0563d74
spend meter: read-only BudgetSnapshot projection + honest path accoun…
claude Jun 29, 2026
624ed95
spend meter: project a capsule's live budget on the inspector (read-o…
claude Jun 29, 2026
f639226
audit: live full-chain verify-on-read on the inspector (beyond startup)
claude Jun 29, 2026
74c9573
W7: make the EU-AI-Act audit artifact self-verifying (embed ChainAtte…
claude Jun 29, 2026
fc4c712
audit: inspector audit_attestation op — the live global chain read pa…
claude Jun 29, 2026
4632c0e
gateway: thread the shared spend meter onto GatewayState (unification…
claude Jun 29, 2026
da7783e
gateway: meter the consent/affordance dispatch — unify the budget acr…
claude Jun 29, 2026
1e6a2ed
gateway: unify the audit sink onto the shared custody chain (durable-…
SashaMIT Jun 29, 2026
65e5a58
esp: project spend_budget + audit.chain as read-only view-models (W5b)
SashaMIT Jun 29, 2026
3f374ba
gateway: prove the unified audit sink with a real content_open + chai…
SashaMIT Jun 29, 2026
81be538
esp: homeCustodyView — pure composition of spend + audit for the Home…
SashaMIT Jun 29, 2026
9dc41b5
esp(W5b): <CapsuleCustodyPanel> Svelte paint + headless SSR snapshot …
SashaMIT Jun 29, 2026
871c8da
signature(AUD-1): fail-closed from_trusted_keys_hex activation seed +…
SashaMIT Jun 29, 2026
f8ae852
esp(W5b): <CapsuleDetail> — compose trust + custody as independent ch…
SashaMIT Jun 29, 2026
5d4f4c7
supervisor(AUD-1): pin the config-hex -> seed -> gate activation roun…
SashaMIT Jun 29, 2026
c77ac9b
verify(microVM): 7/7 spend+audit on real nested-KVM + act-emitter fix…
SashaMIT Jun 29, 2026
76cc209
feat(W1b): egress-firewall enforcement spine (default-deny + lifecycl…
SashaMIT Jun 30, 2026
57a3b06
feat(W1b): C3-glue — kernel egress drops become signed EgressDenied c…
claude Jun 30, 2026
85c22ac
verify(W1b): egress-firewall spine VERIFIED 7/7 on real kernel + supp…
SashaMIT Jun 30, 2026
267cb17
fix(supervisor): BUG-2/BUG-3 — stop leaking the microVM Carrier bridg…
SashaMIT Jun 30, 2026
bd23ec9
fix(supervisor): BUG-7 — reap dead carrier services via a pending-saf…
SashaMIT Jun 30, 2026
aa09f6b
test(supervisor): box-validate BUG-2/3/7 VM-lifecycle leak fixes on r…
SashaMIT Jun 30, 2026
31bef0e
docs(KNOWN_GAPS): log G-EGR-TIDY — empty per-VM egress nft table not …
SashaMIT Jun 30, 2026
c281c4e
esp(W5b): <Home> fleet surface — independent honest paint at fleet sc…
claude Jun 30, 2026
4cd2bf1
esp(W5b): Home fleet data path — catalog ⨝ inspector custody, fail-ho…
claude Jun 30, 2026
9fac7f9
feat(G2b): wire verified_signer at launch so inspector trust is "veri…
claude Jun 30, 2026
478fd4d
esp(W5b): scope Home to user-facing capsules — stop infra providers c…
claude Jun 30, 2026
5d08a03
test(gateway): add sanctioned #[ignore] dev-mint for a local SYSTEM h…
SashaMIT Jun 30, 2026
8fe5e3b
docs(KNOWN_GAPS): pin G-AUTH-LOCAL — proof-unbound SYSTEM token skips…
SashaMIT Jun 30, 2026
dfd1169
esp(W5b): add homeFleetScope (user-facing AND installed) — the runnin…
claude Jun 30, 2026
0110d7d
docs(design): intent-proof loop — the prover/verifier loop for agent …
claude Jun 30, 2026
6a14f4d
feat(intent-proof ch1): the two signed records + the fail-closed veri…
claude Jun 30, 2026
4913ba9
feat(intent-proof ch2): emit intent/denied/reconciled onto the signed…
claude Jun 30, 2026
3ace8d8
feat(intent-proof ch3): derive the standing envelope from a real Capa…
claude Jun 30, 2026
7c93c49
feat(intent-proof ch4): run_intent_gate — the fail-closed enforcement…
claude Jun 30, 2026
34030d7
feat(intent-proof ch5): project the verdict as a third independent cu…
claude Jun 30, 2026
b5e501b
feat(intent-proof ch5b): per-capsule intent-proof tally + AuditLog qu…
claude Jun 30, 2026
2a38131
fix(intent-proof ch5b): make the tally PRESENCE-aware (absent ≠ false…
claude Jun 30, 2026
4cbe50e
docs: bank intent-proof loop status (ch1–5b built; 5b-inspector + 4b …
claude Jun 30, 2026
334eb7f
docs: track the honest UI/shell integration gaps + pin ESP branding
claude Jul 1, 2026
5eb3dee
feat(dev): one-command shell bootstrap for macOS/arm64 (build all was…
SashaMIT Jul 1, 2026
072de9a
docs(dev-bootstrap): document the dKMS access model (on-chain token i…
SashaMIT Jul 1, 2026
87e9f7c
docs: add FLINT_MASTER_STATUS — the consolidated goal (3 tiers, merge…
claude Jul 1, 2026
0c5ea5a
esp(2a-lib): custodyDisplayRows — one tested display contract for eve…
claude Jul 1, 2026
fd1336a
inspector(2a-mount): mount the Custody panel into the capsule-inspector
claude Jul 1, 2026
2a8fe33
docs(status): mark Tier 2a done (custody panel mounted), 2b is next
claude Jul 1, 2026
98d6eea
inspector(2b): intent-proof custody channel — absent → LIVE end-to-end
claude Jul 1, 2026
fe9211f
intent(2c-1): StandingGrantStore — fail-closed issue/revoke registry
claude Jul 1, 2026
19e3e9e
intent(2c-2): dispatch_standing_act — run a self-declared act through…
claude Jul 1, 2026
f30646b
intent(2c-3): end-to-end proof — a real token runs the agent, revocat…
claude Jul 1, 2026
90b609d
docs(2c): state revocation semantics precisely (no over-claim)
claude Jul 1, 2026
95f2f7b
intent(2c-gw-A): StandingGrantService — the API-facing seam for stand…
claude Jul 1, 2026
e6609d3
gateway(2c-gw-B): shell-only issue/revoke standing-grant HTTP verbs
claude Jul 1, 2026
c7b61a8
gateway(2c-gw-C): read-only signed-intent preview verb (dry-run the g…
claude Jul 1, 2026
a360f1d
docs(esp): document the standing-grant verbs (issue/revoke/preview)
claude Jul 1, 2026
9339d10
merge: integrate 0.5.0 (People/Services/Browser-VM/WebRTC) onto flint
claude Jul 1, 2026
65b4691
fix(spend): restore WASM/carrier act-path spend metering after 0.5 merge
claude Jul 1, 2026
ea24e5d
test(runtime): restore flint's verified_signer_tests dropped in the 0…
claude Jul 1, 2026
02613d7
feat(inspect): graft 0.5 approved-provider dispatch onto the custody …
claude Jul 1, 2026
981ba78
feat(inspect): make approved-provider dispatch live on production reg…
claude Jul 1, 2026
763cac9
fix(registry): restore encrypt/publish/media to RESERVED_SUB_NAMES
SashaMIT Jul 1, 2026
0e03d59
test(auth): make trusted-auth-dir env tests hermetic under parallelism
SashaMIT Jul 1, 2026
95ff8f9
fix(runtime): macOS hardware-validation fixes from real-device bring-up
SashaMIT Jul 2, 2026
bfce458
fix(home): restore owned-open windows and open-target sources dropped…
SashaMIT Jul 2, 2026
a52bd5f
fix(carrier): restore localhost body-token redaction dropped in the 0…
SashaMIT Jul 2, 2026
01cae3d
fix(inspect): restore gate-preview schema, inbox-approval tests, and …
SashaMIT Jul 2, 2026
57fbee0
fix(capsules): satisfy fail-closed and boundary checks in capsule sou…
SashaMIT Jul 2, 2026
f46e634
fix(verify): make the full gate pass on macOS and align checkers with…
SashaMIT Jul 2, 2026
c0d457b
chore(lint): clear clippy -D warnings across the workspace
SashaMIT Jul 2, 2026
279dac1
fix(auth): attached host sessions carry an honest G-ID identity — unb…
claude Jul 2, 2026
1fc2a14
fix(registry): reserve market/object/operator-drive-adapter + manifes…
claude Jul 2, 2026
d9bf5cc
fix(inspect): request_act intake fails closed on undeclared op + rest…
claude Jul 2, 2026
8b688fc
feat(registry): pin security-critical sub-providers first-writer-wins
claude Jul 2, 2026
72a103c
refactor(test+api): unify DDRM env-lock across modules; dedup trusted…
claude Jul 2, 2026
e51be7b
docs+checker(inspect): align inspect/self to the live fail-closed sel…
claude Jul 2, 2026
930c9bd
fix(dkms): reject unknown fields on the Status/Shutdown protocol vari…
claude Jul 2, 2026
a89755c
docs(gaps): register AUD-6 (boot-critical registration warn-swallow) …
claude Jul 2, 2026
cfb77f0
docs(registry): reconcile KNOWN_GAPS + PRINCIPLES_CONFORMANCE with th…
claude Jul 2, 2026
4de24eb
feat(boot): fail loud if encrypt (CEK escrow) can't register + AUD-6 …
claude Jul 2, 2026
2ef8496
fix(carrier): bound line reads on the unauthenticated inbound + clien…
claude Jul 2, 2026
299b907
fix(carrier): lock the unauthenticated provider_invoke plane to read-…
claude Jul 2, 2026
2b6a29e
fix(egress): block IPv4-mapped IPv6 SSRF bypass in exit/net providers…
claude Jul 2, 2026
ace2df6
fix(audit): refuse signature-downgrade forgery in verify_chain (T4)
claude Jul 2, 2026
7502970
fix(egress+carrier): no auto-redirect follow (T5) + carrier operation…
claude Jul 2, 2026
4578168
style: rustfmt-canonicalize the audit/carrier T1/T2/T4 test additions
claude Jul 2, 2026
1ba016b
docs(known-gaps): record the 2026-07-02 audit swarm + T1–T6 closures
claude Jul 2, 2026
9837e6d
perf(vm-launch): reflink (CoW) the rootfs overlay instead of a full b…
claude Jul 2, 2026
dbd997c
perf(ddrm-open): run the content_open custody fsync off the tokio worker
claude Jul 2, 2026
9af4177
refactor(security): single-source the SSRF/CRLF/path-traversal valida…
claude Jul 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
100 changes: 99 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,16 @@ name: CI

on:
push:
branches: [main]
# `main` is the live line. The feature branch is included so we can run the full
# gate on our own work in isolation (this entry lives only on the branch; it does
# NOT affect main or other branches until/unless it is merged). Drop or generalise
# to `feat/**` at merge time.
branches: [main, feat/ddrm-hardening-and-creator-parity]
pull_request:
branches: [main]
# Manual trigger so a feature branch can be put through the full Linux gate
# (incl. the Linux-only carrier smoke in `just verify`) before merge.
workflow_dispatch:

env:
CARGO_TERM_COLOR: always
Expand Down Expand Up @@ -64,3 +71,94 @@ jobs:
- name: cargo build --release
working-directory: elastos
run: cargo build --workspace --release

# The canonical gate on Linux, MINUS the Carrier-network setup smoke: alignment-check +
# command smoke + candidate-command-audit + fmt/clippy/test (elastos workspace) + the dDRM
# capsule build+test (verify-capsules). This turns "manually covered" into "green on a clean
# runner". The `local-carrier-setup-smoke` step is excluded here because it fetches the
# net-provider artifact over Elastos Carrier, which a stock GitHub runner cannot reach — run
# the full `just verify` on a Carrier-capable Linux box / self-hosted runner before merge.
# RUSTFLAGS=-D warnings is inherited from `env` above.
verify:
name: Verify (Linux CI gate)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- uses: Swatinem/rust-cache@v2
with:
workspaces: |
elastos
capsules/decrypt-provider
capsules/ddrm-envelope
scripts/dev/ddrm-media-authority
- uses: extractions/setup-just@v2
- name: Install ripgrep (required by alignment-check; not preinstalled on the runner)
run: sudo apt-get update && sudo apt-get install -y ripgrep
- name: just verify-ci
run: just verify-ci

# Isolated, fast signal for the protected-content capsule crates that live OUTSIDE
# the elastos workspace (so the `check`/`test` jobs and `cargo --workspace` never
# reach them): the watermark codec, the grant-digest envelope, the media-authority.
# Independent of the carrier smoke, so a flaky/heavy smoke run never masks a capsule
# regression. Build+test only (these crates still carry pre-existing clippy debt).
capsules:
name: dDRM Capsule Gate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: |
capsules/decrypt-provider
capsules/ddrm-envelope
scripts/dev/ddrm-media-authority
- uses: extractions/setup-just@v2
- name: just verify-capsules
run: just verify-capsules

# Pre-mainnet deploy invariant (fix-pack ②): a PRODUCTION dkms-authority node must be a release
# build with DEFAULT features — the legacy unsigned-receipt path (`legacy-receipt-authz`) and the
# `dev-modes` opt-in that pulls it in must NEVER ship. The crate enforces this with a
# `compile_error!` keyed on a release build (no `debug_assertions`); this job asserts BOTH
# directions so the guard can't silently rot. See `docs/DEPLOY_CHECKLIST.md`.
# `dkms-authority` lives OUTSIDE the elastos workspace, so the other jobs never reach it.
dkms-release-invariant:
name: dKMS Release Invariant (no dev-modes/legacy)
runs-on: ubuntu-latest
# Assert the FEATURE invariant only; do not let unrelated pre-existing rustc warnings in this
# out-of-workspace crate mask it (the rest of CI keeps -D warnings).
env:
RUSTFLAGS: ""
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: capsules/dkms-authority
- name: Release build with DEFAULT features must succeed (no legacy path compiled)
run: cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml
- name: Release build with legacy-receipt-authz must FAIL closed (compile guard)
run: |
if out=$(cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml --features legacy-receipt-authz 2>&1); then
echo "::error::release build ACCEPTED legacy-receipt-authz — the release-invariant guard is missing"
exit 1
fi
echo "$out" | grep -q "release build must not enable" || {
echo "::error::release build failed, but NOT via the release-invariant guard:"; echo "$out"; exit 1;
}
echo "ok: release + legacy-receipt-authz rejected at compile time"
- name: Release build with dev-modes must FAIL closed (compile guard)
run: |
if out=$(cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml --features dev-modes 2>&1); then
echo "::error::release build ACCEPTED dev-modes — the release-invariant guard is missing"
exit 1
fi
echo "$out" | grep -q "release build must not enable" || {
echo "::error::release build failed, but NOT via the release-invariant guard:"; echo "$out"; exit 1;
}
echo "ok: release + dev-modes rejected at compile time"
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ elastos/storage/
artifacts/
artifacts-aarch64/

# Local scratch build tree (vendored linux kernel source, cargo output, etc.)
build/

# Secrets and credentials
.env
*.pem
Expand Down
7 changes: 7 additions & 0 deletions ROADMAP.md
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,13 @@ clean.
Encrypted capsules, remote trust, reproducible builds, TPM/TEE-backed attestation, and dDRM-like flows remain future work.
They matter, but they should not distort the core runtime contract before the local base is stable.

Forensic watermarking for **audio/video** is a dedicated track: rasterizable types already ship a
two-layer (visible + invisible) per-buyer mark, but AV is key-protected, not yet fingerprinted. The
plan — A/B forensic variant watermarking (video) and spread-spectrum/echo-hiding (audio), produced
once at mint and selected per buyer from their signed grant at serve time, keeping the CEK boundary
and one canonical path intact — is designed in [docs/AV_WATERMARKING.md](docs/AV_WATERMARKING.md).
The heavy lift is a mint-time transcode pipeline, so it is a roadmap item, not a patch.

### AI and operator surfaces

Agent and AI provider surfaces should keep moving toward one stable runtime contract with explicit policy, identity, and budget boundaries instead of ad hoc special cases.
Expand Down
21 changes: 21 additions & 0 deletions capsules/act-emitter/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
[package]
name = "act-emitter"
version = "0.1.0"
edition = "2021"
description = "ElastOS spend/audit verification fixture: emits exactly N metered carrier_invoke acts"
license = "MIT"

[[bin]]
name = "act-emitter"
path = "src/main.rs"

[dependencies]
elastos-guest = { path = "../../elastos/crates/elastos-guest" }
serde_json = "1.0"
base64 = "0.22"

[profile.release]
opt-level = "s"
lto = true

[workspace]
65 changes: 65 additions & 0 deletions capsules/act-emitter/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# act-emitter — spend/audit VERIFICATION FIXTURE (not a shipped product capsule)

This capsule exists **only** to verify the microVM spend-meter and durable-audit
path on real hardware. It is intentionally tiny, non-interactive, and
deterministic. Do **not** ship it, list it in a product catalog, or treat it as
an example app — it is a test instrument.

## What it does

On boot it reads `count` from the launch config (`elastos.command` →
`ELASTOS_COMMAND_B64`, default `7`), acquires a write capability, then performs
**exactly `count`** `carrier_invoke` storage writes via the *shipped* guest
carrier client (`elastos_guest::runtime::RuntimeClient` — the same
`carrier_invoke` path `capsules/chat/src/carrier.rs` uses). It prints a
machine-greppable trace to the guest console:

```
ACT_EMITTER_START count=<N>
ACT_EMITTER_CAP ok | ERR <msg>
ACT <i> ok | ACT <i> REFUSED budget_exhausted | ACT <i> ERR <msg>
ACT_EMITTER_DONE ok=<n> exhausted=<n> other_err=<n>
```

So with `ELASTOS_DEFAULT_SPEND_BUDGET=N` and `count=N+1`, the run yields exactly
`N` successful debits (`spent=N`, `remaining=0`) and a `budget_exhausted`
refusal on the `N+1`-th act — counted, reproducible evidence.

## Storage root: `localhost://Public/ActEmitter/*` (deliberate)

The fixture targets the `Public/` root, **not** `Users/self`. `Public` is a
plaintext, file-backed root that the bridge's `scope_current_user_alias` passes
through without a principal — so the fixture exercises the metered carrier path
under the plain `elastos capsule` CLI, which cannot inject a signed Home
launch-grant (that is the production identity flow).

The spend meter / carrier / audit code is **byte-identical regardless of storage
root** (the debit is `CARRIER_ACT_COST` per `carrier_invoke`, charged before
dispatch; the `SpendDebit`/`BudgetExhausted` records are the same), so the
verification is valid. The one honest residual: `Users/self`-scoped storage
metering is still unverified on hardware — see `docs/KNOWN_GAPS.md` (G-HWV).

## How to run (real nested-KVM box)

Prereqs: a box prepared per `docs/MICROVM_LOCAL_KVM_PROVISIONING.md` (a kernel
that actually boots crosvm + the AppArmor sysctl + the offline catalog).

```bash
# 1. build the rootfs (musl-static binary + busybox + vsock-proxy → ext4)
bash scripts/build/build-rootfs.sh act-emitter --output <artifacts>

# 2. stage into the data-dir catalog (capsules/act-emitter/ + components.json entry)

# 3. start serve with durable audit + a budget
ELASTOS_AUDIT_LOG_PATH=<data_dir>/audit/custody.log \
ELASTOS_DEFAULT_SPEND_BUDGET=5 \
elastos serve

# 4. launch through the supervisor (the metered path)
elastos capsule act-emitter --config '{"count":6}'
# → ACT 1..5 ok ; ACT 6 REFUSED budget_exhausted ; ok=5 exhausted=1
```

First verified 7/7 on real nested-KVM (`flint @ 5d4f4c7d1`, 2026-06-29). The
build is self-contained (`[workspace]` in `Cargo.toml`); it is not part of the
main Rust workspace.
20 changes: 20 additions & 0 deletions capsules/act-emitter/capsule.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"schema": "elastos.capsule/v1",
"name": "act-emitter",
"version": "0.1.0",
"description": "Spend/audit verification fixture: performs exactly N metered carrier_invoke storage writes via the shipped guest carrier client, so a budget of N yields spent=N and budget_exhausted at N+1.",
"author": "elastos",
"role": "app",
"type": "microvm",
"entrypoint": "rootfs.ext4",
"requires": [],
"interfaces": [],
"resources": {
"memory_mb": 256,
"gpu": false
},
"permissions": {
"storage": ["localhost://Public/ActEmitter/*"],
"messaging": []
}
}
95 changes: 95 additions & 0 deletions capsules/act-emitter/src/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
//! ElastOS spend/audit verification fixture.
//!
//! Performs exactly N metered `carrier_invoke` storage writes via the SAME shipped
//! guest carrier client (`elastos_guest::runtime::RuntimeClient`) that real capsules
//! (e.g. chat) use. Each successful write debits one unit of the capsule's spend
//! budget under the canonical `vm-{name}` key, so a serve daemon started with
//! `ELASTOS_DEFAULT_SPEND_BUDGET=N` yields `spent=N` and `budget_exhausted` on the
//! (N+1)-th act. Deterministic, counted evidence — not a hand-rolled vsock call.
//!
//! Act count is read from the launch config (`ELASTOS_COMMAND`/`ELASTOS_COMMAND_B64`
//! JSON `{"count": N}`), defaulting to 7.

use elastos_guest::runtime::RuntimeClient;
use serde_json::json;

const STORAGE_RESOURCE: &str = "localhost://Public/ActEmitter/*";
const DEFAULT_COUNT: u64 = 7;

fn act_count() -> u64 {
let payload = std::env::var("ELASTOS_COMMAND")
.ok()
.filter(|s| !s.is_empty())
.or_else(|| {
std::env::var("ELASTOS_COMMAND_B64")
.ok()
.filter(|s| !s.is_empty())
.and_then(|b64| {
use base64::Engine as _;
base64::engine::general_purpose::STANDARD
.decode(b64)
.ok()
.and_then(|bytes| String::from_utf8(bytes).ok())
})
});

payload
.and_then(|p| serde_json::from_str::<serde_json::Value>(&p).ok())
.and_then(|v| v.get("count").and_then(|c| c.as_u64()))
.unwrap_or(DEFAULT_COUNT)
}

fn act_uri(i: u64) -> String {
format!("localhost://Public/ActEmitter/act-{i}.txt")
}

fn main() {
let count = act_count();
println!("ACT_EMITTER_START count={count}");

let mut client = RuntimeClient::new();

let token = match client.request_capability(STORAGE_RESOURCE, "write") {
Ok(t) => {
println!("ACT_EMITTER_CAP ok");
t
}
Err(e) => {
println!("ACT_EMITTER_CAP ERR {e}");
println!("ACT_EMITTER_DONE ok=0 exhausted=0 other_err=0");
return;
}
};

let mut ok = 0u64;
let mut exhausted = 0u64;
let mut other_err = 0u64;

for i in 1..=count {
let uri = act_uri(i);
let body = json!({
"path": uri,
"token": token,
"content": format!("act {i}").into_bytes(),
"append": false,
});
match client.carrier_invoke(&uri, "write", &body, &token) {
Ok(_) => {
ok += 1;
println!("ACT {i} ok");
}
Err(e) => {
let msg = e.to_string();
if msg.contains("budget_exhausted") {
exhausted += 1;
println!("ACT {i} REFUSED budget_exhausted");
} else {
other_err += 1;
println!("ACT {i} ERR {msg}");
}
}
}
}

println!("ACT_EMITTER_DONE ok={ok} exhausted={exhausted} other_err={other_err}");
}
7 changes: 6 additions & 1 deletion capsules/ai-provider/capsule.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,15 @@
"authority": {
"reason": "Routes AI requests to configured model providers without exposing model processes or hosted API credentials to app capsules.",
"capabilities": [
{
"resource": "elastos://ai/*",
"actions": ["read"],
"operations": ["list_backends", "ping"]
},
{
"resource": "elastos://ai/*",
"actions": ["execute"],
"operations": ["chat_completions", "list_backends", "ping"]
"operations": ["chat_completions"]
}
],
"audit_events": ["ai.request", "ai.backend_select"]
Expand Down
Loading