Skip to content

[AAASM-4136] 🔒 (python-sdk): Harden control-plane TLS guard and sidecar checksum#214

Merged
Chisanan232 merged 2 commits into
masterfrom
v0.0.1/AAASM-4136/plaintext_guard_and_sidecar_checksum
Jul 5, 2026
Merged

[AAASM-4136] 🔒 (python-sdk): Harden control-plane TLS guard and sidecar checksum#214
Chisanan232 merged 2 commits into
masterfrom
v0.0.1/AAASM-4136/plaintext_guard_and_sidecar_checksum

Conversation

@Chisanan232

Copy link
Copy Markdown
Contributor

Description

Two low-severity hardening fixes from sweep AAASM-4120.

  1. Keyless control-plane plaintext-http guardcore/transport_security.py
    require_secure_http_url / warn_if_insecure_http_url early-returned when no
    API key was set, so the control-plane channel (which carries dispatch_tool
    resolved secrets and report_edge topology metadata, not only the Bearer key)
    could transit plaintext http:// to a non-loopback host with no refusal or
    warning. The guard is now gated on non-loopback regardless of has_api_key;
    the key only sharpens the error/warning message. Loopback and allow_insecure
    opt-outs are unchanged.

  2. Unchecksummed bundled aasm sidecarrelease-python.yml's four
    "Stage aasm sidecar binary" steps downloaded + extracted + chmod'd the
    aasm-*.tar.gz with no integrity check, while protoc in the same workflow is
    SHA256-verified. Each step now downloads the core release's SHA256SUMS and
    verifies the sidecar tarball against it (fail-closed if the asset is absent or
    the digest mismatches) before bundling. Uses shasum -a 256 for Linux+macOS
    runner portability.

Type of Change

  • 🔧 Bug fix

Breaking Changes

  • No

A non-loopback plaintext http:// control-plane target with no API key is now
refused where it was silently allowed — but this is the intended hardening, and
allow_insecure=True / loopback / https:// all remain accepted.

Related Issues

  • Related JIRA ticket: AAASM-4136

Testing

  • Unit tests added/updated

  • test/unit/core/test_transport_security.py: keyless non-loopback http:// is
    now refused (require) and warned (warn); contract tests updated.

  • test/unit/client/test_gateway_endpoints.py /
    test_gateway_control_plane.py: base-URL/header contract tests that used a
    non-loopback plaintext fixture now opt past the guard with allow_insecure=True
    (their intent is routing/header behaviour, not transport security).

  • Full suite: 738 passed, 0 failed, 17 skipped (uv run pytest test/).

  • Workflow YAML validated (yaml.safe_load) and the grep/shasum verification
    logic exercised against a real aasm-x86_64-unknown-linux-gnu.tar.gz +
    SHA256SUMS (matches; fails closed on a missing asset). GitHub Actions cannot
    be run locally (org billing-blocked).

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • Comments added for complex logic
  • All tests passing

🤖 Generated with Claude Code

Chisanan232 and others added 2 commits July 5, 2026 00:02
…dless of API key

require_secure_http_url / warn_if_insecure_http_url early-returned when no
API key was set, so dispatch_tool (resolved secrets) and report_edge
(topology metadata) could transit plaintext http:// to a non-loopback host
undetected. Gate the guard on non-loopback regardless of has_api_key; the
key now only sharpens the error/warning message.

Updates the transport and gateway-client contract tests that used a
non-loopback plaintext http:// fixture (opting past the guard with
allow_insecure where the test's intent is base-URL/header behaviour, not
transport security), and adds coverage for the keyless refusal/warning.

Refs AAASM-4136

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
The four "Stage aasm sidecar binary" steps downloaded, extracted, and
chmod'd the aasm-*.tar.gz with no integrity check, while protoc in the same
workflow is SHA256-verified. Download the core release's SHA256SUMS and
verify the sidecar tarball against it (fail-closed if the asset is absent or
mismatched) before bundling. Uses shasum -a 256 for Linux+macOS runner
portability.

Refs AAASM-4136

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
@sonarqubecloud

sonarqubecloud Bot commented Jul 4, 2026

Copy link
Copy Markdown

@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Chisanan232

Copy link
Copy Markdown
Contributor Author

Senior review — APPROVE-READY (comment only, not an approval)

Verdict: LGTM. Both hardening items in AAASM-4136 correctly implemented and fail-closed.

1. CI: Green — 20/20 checks pass.

2. Scope vs ticket: Full coverage of both gaps.

  • Plaintext-http guard: require_secure_http_url + warn_if_insecure_http_url no longer early-return on not has_api_key. A non-loopback http:// control-plane target is now refused/warned regardless of key, because dispatch_tool (resolved credentials) and report_edge (topology metadata) ride that channel even keyless. has_api_key now only sharpens the message. Matches the ticket precisely.
  • Sidecar checksum: all four release-python.yml staging blocks (linux x86_64/aarch64, darwin x86_64/aarch64) now gh release download SHA256SUMS from the same pinned core tag, grep the per-arch tarball basename, and shasum -a 256 compare before extract — mirroring the existing protoc integrity gate.

3. Side effects — verified:

  • Loopback plaintext still allowed: is_loopback_target() check is preserved before the refusal, so http://localhost / 127.0.0.1 dev flow is untouched. ✅
  • Only non-loopback plaintext refused. https:// and non-http schemes still pass unconditionally. ✅
  • No dev/test flow broke: tests that assert base-URL routing on non-loopback http:// were updated to pass allow_insecure=True (the legitimate opt-in), and test_http_non_loopback_without_key_* was correctly flipped from allowed to rejected. No behavior silently weakened.
  • GHA change is fail-closed and introduces no untrusted input: digest source is gh release download of the pinned tag (not attacker-controllable); missing listing → ::error + exit 1, mismatch → exit 1. Refuses to bundle on either. ✅

4. FE: N/A.

Local validation (worktree @ ff194f2): pytest on transport_security + gateway_control_plane + gateway_endpoints → 46 passed. Pre-commit gate green — isort / autoflake / black / mypy all Passed. (ruff check flags SIM117 x2 in test_gateway_endpoints.py on untouched nested-with methods — identical on master; pre-existing baseline, not this PR, and not part of the pre-commit gate. This PR's own new test uses the combined-with form.)

Independence: disjoint from #212 and #213 — independently mergeable.

— Claude Code

@Chisanan232 Chisanan232 merged commit 91dd187 into master Jul 5, 2026
27 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-4136/plaintext_guard_and_sidecar_checksum branch July 5, 2026 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant