feat(d3): D-1 Acceptance-Gate Phase A (did:moltrust JWS verification)#129
Merged
Conversation
added 2 commits
June 3, 2026 08:09
acceptance_gate.verify_aae_jws: AAE draft-04 §5 Step1+2 (signature+signing-authority+payload/schema/cty), fail-closed. Hardened: explicit algorithms=[EdDSA] allowlist (no header-alg trust), strict kid DID-URL parsing (path-traversal/look-alike), raw_canonical = exact b64url-decoded payload bytes (never re-serialize), object_pairs_hook duplicate-key reject. did:moltrust resolved via agents.public_key_hex (assertionMethod {did}#key-1); did:web = Phase B NotImplemented. Migration 013 issuer_trust_tier (additive). aae_submit -> {aae_jws} contract, verify before persist, rate-limit. persist_envelope takes raw_canonical bytes + issuer_trust_tier. Removed old split-field test_aae_endpoint.py.
Per brief #128. Code+migration+CI only — NOT applied to live.
…on (design-only)
verify_aae_jws: DoS size-caps (JWS<=16KB, payload-b64url<=11000 ~8KB) BEFORE base64-decode/parse/verify; explicit options={verify_signature:True} on PyJWS decode (no library-default trust); pass validated kid var (not header[kid] re-access). Scope-note: temporal exp/nbf = Evaluator (Komponente 2, §5 Step 3), by-design not D-1. Crypto core was review-validated; these are peripheral hardenings.
MoltyCel
added a commit
that referenced
this pull request
Jun 3, 2026
requests is imported directly in 13 places (requests_oauthlib for X/Twitter, agents/traffic_monitor.py, smoke), but was only present transitively via web3/stripe -> fresh-install/CI fragile (same class as the PyJWT #129 red). Declared requests>=2.33.0. redis NOT added: 0 direct imports in app/scripts/agents (installed-but-unused = not a code dependency). After this, no production-used package is undeclared. Co-authored-by: Lars Kroehl <kersten.kroehl@cryptokri.ch>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
D-1 Acceptance-Gate, Phase A (did:moltrust-only) — verifiziert die Issuer-Signatur am submit-Gate (AAE draft-04 §5 Step 1+2), fail-closed. Schließt die Lücke: Komponente 1 speicherte issuer_did/envelope_signature, prüfte sie nie. Verweist Brief #128 (+ Review-Härtung). Phase B (did:web) = Follow-on (egress-proxy).
app/enforcement/acceptance_gate.py—verify_aae_jwsalgorithms=["EdDSA"]-Allowlist (PyJWT PyJWS, kein neues dep) — header-alg nie vertraut (alg=none/HS*/RS* → reject).agents.public_key_hex(assertionMethod{did}#key-1); did:web → NotImplementedError (Phase B).raw_canonical= exakte base64url-decoded payload-bytes (NIE re-serialize); JSON nur für Schema, mit object_pairs_hook gegen duplicate-keys.Weitere Änderungen
issuer_trust_tier(additive, trusted/unverified_issuer) + fork-ci.aae_submit→ Contract{aae_jws}, verify VOR persist, fail-closed reject, rate-limit (replay/DoS).persist_envelopenimmt jetztraw_canonical(bytes) +issuer_trust_tier(statt server-gebautes raw_envelope).test_aae_endpoint.pyentfernt (Contract abgelöst).Tests (server-venv, 58 grün — D-1 + Regression store/evaluator/evaluate-endpoint)
verify_aae_jws: valid-accept (+ exakte-bytes), alg=none/HS256→reject, kid-path-traversal→reject, wrong-kid-fragment→reject, signing-DID≠issuer→reject, key-substitution→reject, cty-wrong→reject, duplicate-JSON-keys→reject, unregistered-DID→reject, did:web→NotImplemented. Endpoint: accept (issuer_trust_tier=trusted), auth-missing→401, invalid→422, replay→409.
Konformität
§3.1 + §3.2 ✅. NICHT auf Live — Code+Migration+CI; 013 wurde für den Test transient angewandt + revertet (live-Schema unverändert). CI validiert 013 gegen frische Postgres.
NEXT
Security-Code-Review von acceptance_gate.py (JWS-Verifikations-Präzision). did:web = Phase B.
🤖 Generated with Claude Code