Skip to content

feat(runtime): implement signed checkpoint lineage (Task 13)#18

Merged
simonovic86 merged 1 commit intomainfrom
claude/suspicious-mccarthy
Mar 5, 2026
Merged

feat(runtime): implement signed checkpoint lineage (Task 13)#18
simonovic86 merged 1 commit intomainfrom
claude/suspicious-mccarthy

Conversation

@simonovic86
Copy link
Owner

@simonovic86 simonovic86 commented Mar 5, 2026

Summary

Implements cryptographic signed checkpoint lineage enabling verifiable checkpoint authenticity and divergent lineage detection without trusting the executing node.

Key Changes

New Packages

  • pkg/identity/ — Agent Ed25519 keypair generation, serialization, and persistent storage
  • pkg/lineage/ — Signed checkpoint types, content hashing (SHA-256), Ed25519 signing/verification, and signing domain construction

Checkpoint Format v0x04

  • Extended v0x03 header (81 bytes) with 128 bytes of lineage metadata:
    • PrevHash [32]byte — SHA-256 of previous checkpoint (hash chain)
    • AgentPubKey [32]byte — Agent's Ed25519 public key
    • Signature [64]byte — Ed25519 signature over header + state
  • Total header: 209 bytes
  • Backward compatible: reads v0x02/v0x03, writes v0x04 when identity set, v0x03 when disabled

Signature Protocol

  • Signing domain covers everything except signature slot: checkpoint[0:145] || state
  • Sign flow (SaveCheckpointToStorage): build checkpoint, construct signing domain, sign with private key, embed signature, compute content hash for next checkpoint
  • Verify flow (LoadCheckpointFromStorage): extract public key and signature from checkpoint, reconstruct signing domain, verify with Ed25519

Agent Identity Management

  • Identity generated on first load, persisted as <agentID>.identity
  • Transferred during migration via AgentPackage.AgentIdentity
  • Deleted from source after confirmed migration

Storage Provider Extension

  • SaveIdentity(ctx, agentID, data) — Persist agent identity
  • LoadIdentity(ctx, agentID) — Load persisted identity

Instance Changes

  • Added AgentIdentity and PrevCheckpointHash fields
  • buildCheckpoint() handles v3 (no lineage) and v4 (signed) formats
  • ParseCheckpointHeader() refactored to return CheckpointHeader struct

Invariant Support

  • EI-3 (Checkpoint Lineage Integrity): PrevHash chain + signatures
  • EI-11 (Divergent Lineage Detection): conflicting PrevHash values prove forks
  • OA-1 (Canonical Logical Identity): agent public key in each checkpoint
  • MC-3 (Migration Continuity): identity and hash chain preserved across nodes

Documentation

  • Added docs/runtime/SIGNED_LINEAGE.md with protocol, format, signing flow, and security considerations
  • Updated IMPLEMENTATION_STATUS.md to mark Task 13 complete
  • Updated CLAUDE.md with checkpoint v0x04 format details

Testing & CLI

  • Refactored cmd/igord to load/generate identity via loadOrGenerateIdentity()
  • Added initLocalAgent() helper for local agent setup
  • Inspector updated to parse and verify v0x04 signatures
  • All checkpoint parsing tests updated to use new CheckpointHeader struct

@simonovic86 @claude
feat(runtime): implement signed checkpoint lineage — Task 13
e0123cd 
Add cryptographic agent identity (Ed25519 keypairs) and signed checkpoint
hash chains, enabling verifiable checkpoint authenticity and divergent
lineage detection without trusting the executing node.

New packages:
- pkg/identity/: agent Ed25519 keypair generation, serialization, persistence
- pkg/lineage/: checkpoint signing, verification, content hashing (CID-compatible)

Checkpoint format v0x04 (209-byte header) extends v0x03 with:
- 32-byte PrevHash (SHA-256 chain to previous checkpoint)
- 32-byte AgentPubKey (Ed25519 public key)
- 64-byte Signature (covers header + state, excluding signature slot)

Key changes:
- Refactor ParseCheckpointHeader from 8 return values to CheckpointHeader struct
- Extend storage Provider with SaveIdentity/LoadIdentity/DeleteIdentity
- Migration protocol carries agent identity in AgentPackage
- Inspector displays lineage fields and verifies signatures
- CLI generates/loads agent identity on startup

Derives from: EI-3 (Checkpoint Lineage Integrity), EI-11 (Divergent Lineage
Detection), OA-1 (Canonical Logical Identity)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 5, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@simonovic86 simonovic86 merged commit 046523d into main Mar 5, 2026
1 check passed
@simonovic86 simonovic86 deleted the claude/suspicious-mccarthy branch March 5, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@simonovic86