feat(mos): add logical identity connector fencing #757

Merged
jason.woltje merged 4 commits from feat/mos-logical-identity-fencing into main 2026-07-14 23:33:07 +00:00
Owner

Summary

  • add normalized runtime-neutral logical-agent, binding, connector, scope, and decimal fencing-epoch contracts
  • add PostgreSQL-durable exclusive connector leases with CAS takeover, monotonic epochs, TTL, heartbeat, release, restart recovery, and credential-safe lifecycle audit
  • add server-minted execution grants validated against durable current authority immediately before adapter side effects
  • add a gateway-owned deny-by-default policy boundary and normalized fenced adapter context
  • document M1 architecture, operations, migration, rollback, and residual exactly-once limitations

Security properties

  • tenant authority is derived from authenticated gateway context
  • stale, expired, released, forged, malformed, scope-mismatched, cross-tenant, cross-binding, and cross-connector authority fails closed before effects
  • lease TTL is capped at 5 minutes; grant TTL is capped at 30 seconds and cannot outlive the durable current lease
  • audit records exclude scopes, grants, payloads, credentials, tokens, and approval references
  • production policy remains deny-all until a later concrete connector cutover

Verification

  • TDD RED/GREEN evidence recorded in docs/scratchpads/755-mos-logical-identity-fencing.md
  • types connector contract: 6/6 passed
  • agent fencing/grant suite: 10/10 passed
  • gateway PGlite repository + policy integration: 8/8 passed
  • real PostgreSQL close/reopen/CAS integration: 1/1 passed with configured DATABASE_URL
  • pnpm typecheck: 42/42 Turbo tasks passed
  • pnpm lint: 23/23 Turbo tasks passed
  • pnpm format:check: passed
  • pnpm test: 42/42 Turbo tasks passed; gateway 617 passed / 12 environment-gated skipped
  • independent Codex code review: APPROVE, no findings
  • independent Codex security review: no critical/high/medium/low findings
  • final credential-pattern and diff checks: clean

Deferred by scope

Checkpoint/handoff payloads, exactly-once journal/receipts, concrete Claude/Pi/Codex adapters, channel cutover, and full cross-harness failover E2E remain later #754 work.

Refs #755

## Summary - add normalized runtime-neutral logical-agent, binding, connector, scope, and decimal fencing-epoch contracts - add PostgreSQL-durable exclusive connector leases with CAS takeover, monotonic epochs, TTL, heartbeat, release, restart recovery, and credential-safe lifecycle audit - add server-minted execution grants validated against durable current authority immediately before adapter side effects - add a gateway-owned deny-by-default policy boundary and normalized fenced adapter context - document M1 architecture, operations, migration, rollback, and residual exactly-once limitations ## Security properties - tenant authority is derived from authenticated gateway context - stale, expired, released, forged, malformed, scope-mismatched, cross-tenant, cross-binding, and cross-connector authority fails closed before effects - lease TTL is capped at 5 minutes; grant TTL is capped at 30 seconds and cannot outlive the durable current lease - audit records exclude scopes, grants, payloads, credentials, tokens, and approval references - production policy remains deny-all until a later concrete connector cutover ## Verification - TDD RED/GREEN evidence recorded in `docs/scratchpads/755-mos-logical-identity-fencing.md` - types connector contract: 6/6 passed - agent fencing/grant suite: 10/10 passed - gateway PGlite repository + policy integration: 8/8 passed - real PostgreSQL close/reopen/CAS integration: 1/1 passed with configured `DATABASE_URL` - `pnpm typecheck`: 42/42 Turbo tasks passed - `pnpm lint`: 23/23 Turbo tasks passed - `pnpm format:check`: passed - `pnpm test`: 42/42 Turbo tasks passed; gateway 617 passed / 12 environment-gated skipped - independent Codex code review: APPROVE, no findings - independent Codex security review: no critical/high/medium/low findings - final credential-pattern and diff checks: clean ## Deferred by scope Checkpoint/handoff payloads, exactly-once journal/receipts, concrete Claude/Pi/Codex adapters, channel cutover, and full cross-harness failover E2E remain later #754 work. Refs #755
jason.woltje added 2 commits 2026-07-14 18:18:57 +00:00
feat(#755): add logical agent connector fencing
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
dff8ce4f79
Add normalized runtime-neutral identity, durable PostgreSQL CAS leases, monotonic epochs, short-lived server grants, fail-closed adapter validation, credential-safe audit, and concurrency/restart/abuse coverage.\n\nRefs #755
jason.woltje force-pushed feat/mos-logical-identity-fencing from dff8ce4f79 to 894434ce1a 2026-07-14 22:31:15 +00:00 Compare
jason.woltje added 1 commit 2026-07-14 22:58:55 +00:00
fix(gateway): fence lifecycle authority against durable lease
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
b7302a94c3
Author
Owner

Durable exact-head reviewer-of-record evidence

APPROVE for exact PR head b7302a94c316e56f24b8021426e2fc12cf990067.

Independent code/security/DB rereviewer web1:fencing-ror APPROVE; Codex-Ultron reviewer web1:coder0 APPROVE. Pipeline #1817 is terminal green with PostgreSQL. The lifecycle scope-substitution finding is closed; migration 0016 is consistent; deny-all/no-cutover/#754 deferrals and typed authority separation remain.

Rereview report SHA-256 10aa1982569162019ca9731c4f1bd3d311609a0038dbca5cff3fbd427501954b; Ultron report SHA-256 4614853727059303f6794ca9d6eff780c5794dfd28334fc9984873897f5d73fe.

This approves M1 delivery only. It grants no consumer, channel, concrete adapter, #754 failover, or production cutover authority.

### Durable exact-head reviewer-of-record evidence **APPROVE** for exact PR head `b7302a94c316e56f24b8021426e2fc12cf990067`. Independent code/security/DB rereviewer `web1:fencing-ror` APPROVE; Codex-Ultron reviewer `web1:coder0` APPROVE. Pipeline #1817 is terminal green with PostgreSQL. The lifecycle scope-substitution finding is closed; migration 0016 is consistent; deny-all/no-cutover/#754 deferrals and typed authority separation remain. Rereview report SHA-256 `10aa1982569162019ca9731c4f1bd3d311609a0038dbca5cff3fbd427501954b`; Ultron report SHA-256 `4614853727059303f6794ca9d6eff780c5794dfd28334fc9984873897f5d73fe`. This approves M1 delivery only. It grants no consumer, channel, concrete adapter, #754 failover, or production cutover authority.
jason.woltje merged commit eb4e14ae5c into main 2026-07-14 23:33:07 +00:00
Sign in to join this conversation.
No Reviewers
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#757