feat(trust): implement verification locality (RFC-001 §2.3)#88
Merged
Conversation
Phase 0.1-0.4 implementation: pkg/trust/: - locality.go: TrustMaterial, FreshnessPolicy, BootstrapConfig types - bootstrap.go: MaterialManager for trust material lifecycle - jwks_cache.go: Tiered JWKS cache (L1=memory, L2=filesystem) - revocation_cache.go: Local revocation status caching pkg/badge/: - local_verifier.go: LocalVerifier for network-independent verification pkg/mediation/: - hook.go: Core Hook interface and mediation context - tool.go: ToolHook for MCP tool authorization - filesystem.go: FilesystemHook for file operation boundaries - network.go: NetworkHook for egress control - shell.go: ShellHook for dangerous command detection pkg/envelope/, pkg/gateway/: - TrustMaterial integration in VerifyOptions and PEPConfig - LocalVerifier creation when TrustMaterial bootstrapped Invariants per RFC-001 §2.3: - Verifiers validate trust artifacts using local cached material - No synchronous registry calls in verification critical path - Revocation data distributable as cacheable artifacts
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
Implements RFC-001 §2.3 “verification locality” by introducing locally cached trust material (JWKS + revocations), a local/offline badge verification path, and new runtime mediation hooks (tool/filesystem/network/shell). Integrates local-first verification into envelope verification options and gateway PEP middleware when trust material is bootstrapped.
Changes:
- Added
pkg/trusttrust-material lifecycle primitives: JWKS + revocation caches, bootstrap/export/import, and locality test helpers. - Added
pkg/badge/LocalVerifierto verify badges using only locally cached trust material. - Introduced
pkg/mediationhooks to enforce runtime boundaries and wired local verification into gateway/envelope verification flows.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/trust/locality.go | Defines trust material types and freshness policy primitives. |
| pkg/trust/bootstrap.go | Adds MaterialManager bootstrap/export/import for local trust material. |
| pkg/trust/jwks_cache.go | Introduces tiered JWKS cache (memory + filesystem) with TTL semantics. |
| pkg/trust/revocation_cache.go | Adds revocation cache with staleness policy and async sync hooks. |
| pkg/trust/locality_test_helpers.go | Adds test helpers intended to detect locality violations. |
| pkg/trust/locality_test.go | Adds tests around cache locality and freshness evaluation. |
| pkg/badge/local_verifier.go | Adds offline/local badge verification based on MaterialManager. |
| pkg/badge/local_verifier_test.go | Adds tests for local verifier behavior and locality invariants. |
| pkg/mediation/doc.go | Documents mediation architecture and locality requirements. |
| pkg/mediation/hook.go | Defines core Hook/Request interfaces plus logging/emission interfaces. |
| pkg/mediation/decision.go | Adds mediation decision/result types and helpers. |
| pkg/mediation/context.go | Adds mediation context carrying verified artifacts and trust material. |
| pkg/mediation/tool.go | Implements tool invocation mediation. |
| pkg/mediation/tool_test.go | Adds tests for ToolHook behavior and pattern matching. |
| pkg/mediation/filesystem.go | Implements filesystem mediation with path canonicalization. |
| pkg/mediation/filesystem_test.go | Adds tests for filesystem mediation behavior. |
| pkg/mediation/network.go | Implements network egress mediation with URL parsing and host rules. |
| pkg/mediation/network_test.go | Adds tests for network mediation behavior. |
| pkg/mediation/shell.go | Implements shell-command mediation with dangerous-pattern detection. |
| pkg/mediation/shell_test.go | Adds tests for shell mediation behavior. |
| pkg/envelope/verifier.go | Adds TrustMaterial option to prefer local badge verification. |
| pkg/envelope/verifier_test.go | Adds a test intended to cover TrustMaterial option. |
| pkg/gateway/middleware.go | Uses LocalVerifier for badge verification when TrustMaterial is bootstrapped. |
| docs/verification-locality-audit.md | Adds an audit document enumerating sync network call sites. |
Comments suppressed due to low confidence (1)
pkg/envelope/verifier.go:274
- The fallback (registry-based) badge verification path also hard-codes AcceptSelfSigned=true. This weakens default verification semantics compared to badge.Verifier.VerifyWithOptions() which defaults to rejecting self-signed badges unless configured.
badgeOpts := badge.VerifyOptions{
TrustedIssuers: opts.TrustedIssuers,
AcceptSelfSigned: true,
SkipRevocationCheck: false,
SkipAgentStatusCheck: false,
}
- Reduce cyclomatic complexity in mediation hooks (extract helper methods) - Add #nosec G304 for legitimate file operations from configured paths - Fix unnecessary nil check before len() - Add nolint:revive for TrustMaterial name (clearer at call sites)
Fix GO-2026-4945 vulnerability in JWE decryption
Critical Bug Fixes: - Fix range variable pointer bug in revocation_cache.go (all entries pointed to same address) - Fix nil MaterialManager panic in LocalVerifier.Verify() - Apply DefaultFreshnessPolicy when config.FreshnessPolicy is zero - Fix key lookup to use JWS header kid, not CNF.kid (subject's PoP key) - Add iat validation for future-dated badges - Use badge TrustLevel() not IAL for mediation context - Fix WarnAndAllow returning expired instead of degraded freshness - Respect StalePolicyFailClosed for revocation errors Security Fixes: - Add AcceptSelfSigned option to envelope VerifyOptions (don't force true) - Apply safe defaults (DefaultDeny=true) in mediation hooks when unconfigured - Fix path traversal with ~ prefix in filesystem mediation - SetSyncMetadata now persists both revocations and metadata Code Quality: - Refactor LocalVerifier.Verify to reduce cyclomatic complexity - Remove unused saveMetadataToDisk function - Update test to set VC.CredentialSubject.Level for TrustLevel
…rt, CapabilitySatisfied scoping - Change GetPublicKey return type from any to crypto.PublicKey (type safety) - Improve filenameToIssuer to handle both DID and HTTPS issuer formats - Update CapabilitySatisfied to use envelope.IsWithinScope per RFC-008 §7.2 - Remove invalid '*' wildcard support from capability matching Co-authored-by: GitHub Copilot <copilot@github.com>
This was referenced May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Phase 0.1-0.4 of Verification Locality per RFC-001 §2.3. This establishes local-first runtime trust verification and mediation boundaries.
Changes
pkg/trust/— Trust Material Lifecyclelocality.go: Core types (TrustMaterial,FreshnessPolicy,BootstrapConfig)bootstrap.go:MaterialManagerfor trust material lifecyclejwks_cache.go: Tiered JWKS cache (L1=memory, L2=filesystem)revocation_cache.go: Local revocation status cachingpkg/badge/— Local Verificationlocal_verifier.go:LocalVerifierfor network-independent badge verificationpkg/mediation/— Runtime Mediation Boundaries (NEW)hook.go: CoreHookinterface andResulttypecontext.go:Contextwith badge claims for mediation decisionstool.go:ToolHookfor MCP tool authorizationfilesystem.go:FilesystemHookfor file operation boundariesnetwork.go:NetworkHookfor egress controlshell.go:ShellHookfor dangerous command detectionIntegration
pkg/envelope/verifier.go:TrustMaterialinVerifyOptionspkg/gateway/middleware.go:LocalVerifierwhenTrustMaterialbootstrappedRFC Compliance
Per RFC-001 §2.3:
This PR ensures:
Testing
All tests pass:
31 test scenarios across 4 mediation hooks (tool, filesystem, network, shell).
Related
.context/IMPLEMENTATION_PLAN_VERIFICATION_LOCALITY.md