wifi-densepose

Commit Graph

Author	SHA1	Message	Date
ruv	e7b1b66f74	docs(adr): ADR-162 — plugin security + bounded RunModes; mark ADR-161 P4/P5/§A5 DONE ADR-162 records the M8 work that makes ADR-161's honestly-deferred plugin security claims TRUE: P4 (Ed25519 signature + SHA-256 integrity verification, secure-default trust policy), P5 (capability/authority isolation on hc_state_set), and §A5 (bounded Restart/Queued/max RunModes). Each fix MEASURED with a failing-on-old test; threat model table (tampered module, untrusted publisher, over-privileged write, run-mode exhaustion); cog-ha-matter Ed25519 reuse cited; remaining honest deferral (key provisioning/rotation, native in-process plugins, HAP pairing). ADR-161 deferred-backlog lines for P4/P5/RunModes struck through and marked DONE → ADR-162; §B5 note points forward to the now-implemented P4 gate. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-12 01:47:30 -04:00
ruv	d0da5888e3	docs(adr): ADR-161 — HOMECORE server-layer security & honest-labeling sweep (M7) Records the Milestone 7 audit: library cores are real (anti-slop positive) but the network boundary had a CRITICAL WS auth bypass (A1) + reply-theater (A2) + documented-but-no-op automation (A3-A7) + a network-exposed dev bin (A8), all fixed and graded MEASURED with failing-on-old tests. Cites the NO-ACTION security positives (uuid::v4 CSPRNG refuted-suspicion, hardened CORS, no-traversal migrate, no-secrets-in-logs, honest HAP stub) and the deferred backlog (plugin authority-isolation P5, sig-verification P4, HAP real pairing P2, bounded run-modes, YAML load-at-boot). Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-12 00:55:52 -04:00

Author

SHA1

Message

Date

ruv

e7b1b66f74

docs(adr): ADR-162 — plugin security + bounded RunModes; mark ADR-161 P4/P5/§A5 DONE

ADR-162 records the M8 work that makes ADR-161's honestly-deferred plugin
security claims TRUE: P4 (Ed25519 signature + SHA-256 integrity verification,
secure-default trust policy), P5 (capability/authority isolation on
hc_state_set), and §A5 (bounded Restart/Queued/max RunModes). Each fix MEASURED
with a failing-on-old test; threat model table (tampered module, untrusted
publisher, over-privileged write, run-mode exhaustion); cog-ha-matter Ed25519
reuse cited; remaining honest deferral (key provisioning/rotation, native
in-process plugins, HAP pairing).

ADR-161 deferred-backlog lines for P4/P5/RunModes struck through and marked
DONE → ADR-162; §B5 note points forward to the now-implemented P4 gate.

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-06-12 01:47:30 -04:00

ruv

d0da5888e3

docs(adr): ADR-161 — HOMECORE server-layer security & honest-labeling sweep (M7)

Records the Milestone 7 audit: library cores are real (anti-slop positive) but
the network boundary had a CRITICAL WS auth bypass (A1) + reply-theater (A2) +
documented-but-no-op automation (A3-A7) + a network-exposed dev bin (A8), all
fixed and graded MEASURED with failing-on-old tests. Cites the NO-ACTION
security positives (uuid::v4 CSPRNG refuted-suspicion, hardened CORS,
no-traversal migrate, no-secrets-in-logs, honest HAP stub) and the deferred
backlog (plugin authority-isolation P5, sig-verification P4, HAP real pairing
P2, bounded run-modes, YAML load-at-boot).

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-06-12 00:55:52 -04:00

2 Commits