Compare commits
base: mosaicstack:main
mosaicstack:main
mosaicstack:docs/framework-agency-patterns
mosaicstack:feat/framework-constitution-alpha
mosaicstack:feat/us007-agent-registration
mosaicstack:docs/merge-authority-rule
mosaicstack:feat/mosaic-as-provisioning
mosaicstack:fix/pr-ci-wait-stdin-collision
mosaicstack:fix/t_301e4e3b-pr-merge-gitea-empty-uid
mosaicstack:ci/publish-appservice-image
mosaicstack:feat/mosaic-as-daemon
mosaicstack:feat/mosaic-as-m4a
mosaicstack:fix/pi-token-lean-skills
mosaicstack:fix/git-wrapper-rollup-20260526
mosaicstack:fix/git-wrapper-repo-detection
mosaicstack:fix/woodpecker-wrapper-legacy-mosaic
mosaicstack:fix/t-a292e96f-gitea-pr-metadata
mosaicstack:fix/gitea-pr-metadata-login-t-a292e96f
mosaicstack:fix/t_a292e96f-pr-metadata-gitea
mosaicstack:fix/t_3a368a52-gitea-usc-login
mosaicstack:fix/bootstrap-hotfix
mosaicstack:fix/populate-known-packages-list
mosaicstack:fix/idempotent-init
mosaicstack:mosaic-v0.0.31
mosaicstack:fed-v0.2.0-m2
mosaicstack:fed-v0.1.0-m1
mosaicstack:mosaic-v0.0.29
mosaicstack:mosaic-v0.0.28
mosaicstack:mosaic-v0.0.27
mosaicstack:mosaic-v0.0.26
mosaicstack:mosaic-v0.0.25
mosaicstack:mosaic-v0.0.24
mosaicstack:v0.2.0
mosaicstack:v0.1.0
mosaicstack:v0.0.8
mosaicstack:v0.0.7
mosaicstack:v0.0.6
mosaicstack:v0.0.5
mosaicstack:v0.0.4
..
compare: mosaicstack:feat/us007-agent-registration
mosaicstack:docs/framework-agency-patterns
mosaicstack:feat/framework-constitution-alpha
mosaicstack:main
mosaicstack:feat/us007-agent-registration
mosaicstack:docs/merge-authority-rule
mosaicstack:feat/mosaic-as-provisioning
mosaicstack:fix/pr-ci-wait-stdin-collision
mosaicstack:fix/t_301e4e3b-pr-merge-gitea-empty-uid
mosaicstack:ci/publish-appservice-image
mosaicstack:feat/mosaic-as-daemon
mosaicstack:feat/mosaic-as-m4a
mosaicstack:fix/pi-token-lean-skills
mosaicstack:fix/git-wrapper-rollup-20260526
mosaicstack:fix/git-wrapper-repo-detection
mosaicstack:fix/woodpecker-wrapper-legacy-mosaic
mosaicstack:fix/t-a292e96f-gitea-pr-metadata
mosaicstack:fix/gitea-pr-metadata-login-t-a292e96f
mosaicstack:fix/t_a292e96f-pr-metadata-gitea
mosaicstack:fix/t_3a368a52-gitea-usc-login
mosaicstack:fix/bootstrap-hotfix
mosaicstack:fix/populate-known-packages-list
mosaicstack:fix/idempotent-init
mosaicstack:mosaic-v0.0.31
mosaicstack:fed-v0.2.0-m2
mosaicstack:fed-v0.1.0-m1
mosaicstack:mosaic-v0.0.29
mosaicstack:mosaic-v0.0.28
mosaicstack:mosaic-v0.0.27
mosaicstack:mosaic-v0.0.26
mosaicstack:mosaic-v0.0.25
mosaicstack:mosaic-v0.0.24
mosaicstack:v0.2.0
mosaicstack:v0.1.0
mosaicstack:v0.0.8
mosaicstack:v0.0.7
mosaicstack:v0.0.6
mosaicstack:v0.0.5
mosaicstack:v0.0.4
1 Commits
main
...
feat/us007
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jason Woltje
|
5a11e3c121 |
feat(mosaic-as): agent registration endpoint + scoped/revocable tokens (US-007)
POST /bridge/v1/agents mints/ensures @agent-<alias>-<host> and returns a scoped, revocable per-agent bridge token. Adds POST /bridge/v1/agents/revoke (manual revoke from day one) and GET /bridge/v1/agents (reconciliation source that never advertises revoked/phantom agents). Persistence: per-agent token sha256 hashes stored in Matrix account_data on the AS sender user (org.uscllc.mosaic_as.agents) — no new infra, survives restart. Tokens are magt_-prefixed high-entropy random; plaintext is never persisted and returned exactly once. Per-agent tokens are scoped: usable only to act as their own agent on /bridge/v1/messages|typing; host bridgeTokens stay unscoped. Registration/revoke/list are host-token-only. Independent opus security review: PASS (no critical/high). Remediated the one MEDIUM (agent-slug collision: distinct alias/host pairs joining to the same Matrix id now rejected instead of silently overwriting) + regression test. Closes #540 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |