Real NATS JetStream durable spine + rivet baseline release handling#11
Open
avrabe wants to merge 3 commits into
Open
Real NATS JetStream durable spine + rivet baseline release handling#11avrabe wants to merge 3 commits into
avrabe wants to merge 3 commits into
Conversation
…d release field rivet's release-scope primitive is the schema-declared `baseline:` field plus a `baselines:` block in rivet.yaml — `release:` is still REQ-214 (draft), which is why it emitted "field not defined in schema" INFO on every artifact. Switch all artifacts release: -> baseline: and declare v0.1.0/v0.2.0/v0.3.0 baselines. Tested: `rivet list --filter '(= baseline "vX.Y")'` scopes each release; v0.1.0 readiness = 7 verified / 3 implemented (REQ-002/006 sigil-blocked). INFO diagnostics 21 -> 0; validate PASS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KutNHFvNmKa3nKydP6aoK2
…mory Vec) Replace the faked in-memory bus with a real JetStream stream (`AGORA`, subjects `agora.>`) — the substrate's core functionality, no longer stubbed: - Global ordering from the stream sequence; durable pull consumers per agent. - Capability channel-scoping is now STRUCTURAL at the subject filter: an agent's consumer is created only for the subjects of its granted channels, so the ungranted `secret-ops` message sits in the log but no consumer subscribes to it → never delivered (stronger than a runtime check). REQ-AGORA-003. - Nats-Msg-Id dedup (idempotent publish) + durable-consumer replay — REQ-AGORA-009 (global ordering / late-join replay), now implemented. The in-memory `run_simulation` is retained, #[cfg(test)]-gated, as the unit-tested reference oracle; `cargo test` still asserts the controls against it. Run: `nats-server -js & cd host && cargo run --release`. Verified end-to-end: 8 messages in the stream (last seq 8), cascade converges at the hop limit, 6 signed facts, secret-ops in-log=true but undelivered. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KutNHFvNmKa3nKydP6aoK2
…ject injection Address the push security-review findings (all map to agora's own STPA-Sec hazards — the analysis was real): 1. Sender spoofing (SEC-HAZ-4) — the host now stamps `sender = me` on every emitted message instead of trusting the agent's self-reported `sender`, so an agent cannot publish under another persona. (Cross-publisher trust still needs the signed sigil identity, REQ-006 / sigil#164.) 2. YAML injection into the durable record (SEC-LOSS-3) — fact string fields are now JSON-encoded (a JSON string literal is a valid YAML scalar), so a payload with quotes/newlines/`- id:` can no longer inject forged artifacts. Verified: the facts file parses as valid YAML; round-trips losslessly. 3. Subject injection / emit-side capability bypass (SEC-HAZ-1) — an agent-supplied channel is validated (`is_safe_channel`: single `[A-Za-z0-9_-]` token) AND checked against the agent's granted channels before publish, so it cannot reach `secret-ops` or inject extra subject levels/wildcards. Capability scoping is now structural on BOTH consume and emit sides. Adds unit tests: channel_validator_rejects_subject_injection, fact_payload_cannot_inject_yaml. `cargo test` 3 passed; NATS run unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KutNHFvNmKa3nKydP6aoK2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two post-merge follow-ups, headlined by the core functionality: agora's durable spine is now real.
1. Real NATS JetStream durable spine (the main functionality)
The host no longer fakes the bus with a
Vec— it runs on a real JetStream stream (AGORA, subjectsagora.>):secret-opsmessage is in the log but no consumer subscribes to it → never delivered (stronger than a runtime check).Nats-Msg-Ididempotent publish + durable consumers (late-join replay) → REQ-AGORA-009 now implemented.run_simulationis retained#[cfg(test)]as the unit-tested reference oracle;cargo teststill asserts the controls.Run:
nats-server -js & cd host && cargo run --release.2. rivet baseline release handling
rivet's release-scope primitive is the schema-declared
baseline:field + abaselines:block —release:is still REQ-214 (draft), which emitted "field not defined" INFO on every artifact. Switched tobaseline:; INFO diagnostics 21 → 0, validate PASS, release scopes queryable ((= baseline "v0.1.0")).Verification
cargo build --releaseclean (0 warnings) ·cargo test1 passed (reference oracle)nats-server -js: 8 msgs / last seq 8, converged, 6 facts, secret-ops in-log=true & undeliveredbazel build //agent:agentstill green ·rivet validatePASS (0 warnings)🤖 Generated with Claude Code