[AAASM-4136] 🔒 (python-sdk): Harden control-plane TLS guard and sidecar checksum#214
Conversation
…dless of API key require_secure_http_url / warn_if_insecure_http_url early-returned when no API key was set, so dispatch_tool (resolved secrets) and report_edge (topology metadata) could transit plaintext http:// to a non-loopback host undetected. Gate the guard on non-loopback regardless of has_api_key; the key now only sharpens the error/warning message. Updates the transport and gateway-client contract tests that used a non-loopback plaintext http:// fixture (opting past the guard with allow_insecure where the test's intent is base-URL/header behaviour, not transport security), and adds coverage for the keyless refusal/warning. Refs AAASM-4136 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
The four "Stage aasm sidecar binary" steps downloaded, extracted, and chmod'd the aasm-*.tar.gz with no integrity check, while protoc in the same workflow is SHA256-verified. Download the core release's SHA256SUMS and verify the sidecar tarball against it (fail-closed if the asset is absent or mismatched) before bundling. Uses shasum -a 256 for Linux+macOS runner portability. Refs AAASM-4136 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Senior review — APPROVE-READY (comment only, not an approval)Verdict: LGTM. Both hardening items in AAASM-4136 correctly implemented and fail-closed. 1. CI: Green — 20/20 checks pass. 2. Scope vs ticket: Full coverage of both gaps.
3. Side effects — verified:
4. FE: N/A. Local validation (worktree @ ff194f2): Independence: disjoint from #212 and #213 — independently mergeable. — Claude Code |



Description
Two low-severity hardening fixes from sweep AAASM-4120.
Keyless control-plane plaintext-http guard —
core/transport_security.pyrequire_secure_http_url/warn_if_insecure_http_urlearly-returned when noAPI key was set, so the control-plane channel (which carries
dispatch_toolresolved secrets and
report_edgetopology metadata, not only the Bearer key)could transit plaintext
http://to a non-loopback host with no refusal orwarning. The guard is now gated on non-loopback regardless of
has_api_key;the key only sharpens the error/warning message. Loopback and
allow_insecureopt-outs are unchanged.
Unchecksummed bundled
aasmsidecar —release-python.yml's four"Stage aasm sidecar binary" steps downloaded + extracted + chmod'd the
aasm-*.tar.gzwith no integrity check, whileprotocin the same workflow isSHA256-verified. Each step now downloads the core release's
SHA256SUMSandverifies the sidecar tarball against it (fail-closed if the asset is absent or
the digest mismatches) before bundling. Uses
shasum -a 256for Linux+macOSrunner portability.
Type of Change
Breaking Changes
A non-loopback plaintext
http://control-plane target with no API key is nowrefused where it was silently allowed — but this is the intended hardening, and
allow_insecure=True/ loopback /https://all remain accepted.Related Issues
Testing
Unit tests added/updated
test/unit/core/test_transport_security.py: keyless non-loopbackhttp://isnow refused (require) and warned (warn); contract tests updated.
test/unit/client/test_gateway_endpoints.py/test_gateway_control_plane.py: base-URL/header contract tests that used anon-loopback plaintext fixture now opt past the guard with
allow_insecure=True(their intent is routing/header behaviour, not transport security).
Full suite: 738 passed, 0 failed, 17 skipped (
uv run pytest test/).Workflow YAML validated (
yaml.safe_load) and the grep/shasumverificationlogic exercised against a real
aasm-x86_64-unknown-linux-gnu.tar.gz+SHA256SUMS(matches; fails closed on a missing asset). GitHub Actions cannotbe run locally (org billing-blocked).
Checklist
🤖 Generated with Claude Code