Jason Woltje
73074932f6
feat(#360): Add federation credential isolation
Implement explicit deny-lists in QueryService and CommandService to prevent
user credentials from leaking across federation boundaries.
## Changes
### Core Implementation
- QueryService: Block all credential-related queries with keyword detection
- CommandService: Block all credential operations (create/update/delete/read)
- Case-insensitive keyword matching for both queries and commands
### Security Features
- Deny-list includes: credential, api_key, secret, token, password, oauth
- Errors returned for blocked operations
- No impact on existing allowed operations (tasks, events, projects, agent commands)
### Testing
- Added 2 unit tests to query.service.spec.ts
- Added 3 unit tests to command.service.spec.ts
- Added 8 integration tests in credential-isolation.integration.spec.ts
- All 377 federation tests passing
### Documentation
- Created comprehensive security doc at docs/security/federation-credential-isolation.md
- Documents 4 security guarantees (G1-G4)
- Includes testing strategy and incident response procedures
## Security Guarantees
1. G1: Credential Confidentiality - Credentials never leave instance in plaintext
2. G2: Cross-Instance Isolation - Compromised key on one instance doesn't affect others
3. G3: Query/Command Isolation - Federated instances cannot query/modify credentials
4. G4: Accidental Exposure Prevention - Credentials cannot leak via messages
## Defense-in-Depth
This implementation adds application-layer protection on top of existing:
- Transit key separation (mosaic-credentials vs mosaic-federation)
- Per-instance OpenBao servers
- Workspace-scoped credential access
Fixes #360
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 16:55:49 -06:00
..
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 20:24:41 -06:00
2026-02-03 19:17:13 -06:00
2026-02-02 14:33:31 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-02 15:27:00 -06:00
2026-02-02 15:27:00 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 12:34:24 -06:00
2026-02-03 12:55:37 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 13:30:16 -06:00
2026-02-03 13:30:16 -06:00
2026-02-03 13:30:16 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 13:45:00 -06:00
2026-02-03 14:03:44 -06:00
2026-02-03 14:18:18 -06:00
2026-02-03 14:51:59 -06:00
2026-02-03 14:51:59 -06:00
2026-01-31 11:38:38 -06:00
2026-01-31 12:10:43 -06:00
2026-01-31 12:22:14 -06:00
2026-01-31 11:57:40 -06:00
2026-02-01 17:56:04 -06:00
2026-02-01 20:52:43 -06:00
2026-02-01 20:22:07 -06:00
2026-02-01 20:52:43 -06:00
2026-02-01 20:52:43 -06:00
2026-02-01 20:52:43 -06:00
2026-02-01 20:56:45 -06:00
2026-02-01 21:09:03 -06:00
2026-02-01 21:01:25 -06:00
2026-02-01 21:09:03 -06:00
2026-02-01 21:16:23 -06:00
2026-02-01 21:16:23 -06:00
2026-02-01 21:16:23 -06:00
2026-02-01 21:26:40 -06:00
2026-02-01 21:32:53 -06:00
2026-02-01 21:42:44 -06:00
2026-02-03 14:37:06 -06:00
2026-02-02 08:18:55 -06:00
2026-02-01 21:44:04 -06:00
2026-02-01 21:54:34 -06:00
2026-02-01 20:54:25 -06:00
2026-02-01 21:09:03 -06:00
2026-02-01 20:54:57 -06:00
2026-02-02 11:41:11 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-02 12:51:17 -06:00
2026-02-02 12:41:12 -06:00
2026-02-03 14:37:06 -06:00
2026-02-02 12:30:19 -06:00
2026-02-02 12:03:36 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 22:29:42 -06:00
2026-02-03 22:38:13 -06:00
2026-02-03 22:44:54 -06:00
2026-02-02 12:51:17 -06:00
2026-02-02 12:55:17 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 22:55:57 -06:00
2026-02-03 22:59:41 -06:00
2026-02-03 16:50:06 -06:00
2026-02-03 18:58:00 -06:00
2026-02-03 19:53:09 -06:00
2026-02-03 20:17:47 -06:00
2026-02-03 20:21:06 -06:00
2026-02-03 20:24:46 -06:00
2026-02-03 20:27:45 -06:00
2026-02-03 20:35:00 -06:00
2026-02-03 20:47:41 -06:00
2026-02-04 03:08:09 +00:00
2026-02-04 03:08:09 +00:00
2026-02-04 03:08:09 +00:00
2026-02-03 22:48:59 -06:00
2026-02-03 22:51:25 -06:00
2026-02-07 16:39:15 -06:00
2026-02-07 16:50:02 -06:00
2026-02-07 16:49:37 -06:00
2026-02-07 16:55:49 -06:00
2026-02-02 14:33:31 -06:00
2026-02-02 14:33:31 -06:00
2026-02-02 14:33:31 -06:00
2026-02-02 14:33:31 -06:00
2026-02-02 14:33:31 -06:00
2026-02-02 14:33:31 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00
2026-02-02 14:33:31 -06:00
2026-02-03 21:43:01 -06:00
2026-02-03 14:37:06 -06:00
2026-02-03 14:37:06 -06:00