RFC: content-addressed authority profiles#36
Draft
joshuajbouw wants to merge 5 commits into
Draft
Conversation
This was referenced Jul 14, 2026
This was referenced Jul 14, 2026
joshuajbouw
added a commit
to astrid-runtime/astrid
that referenced
this pull request
Jul 15, 2026
## Linked Issue Closes #1233 Refs #1228 and astrid-runtime/rfcs#36. ## Summary Adds passive content-addressed capability-registry primitives and moves short device key IDs to BLAKE3 before wider adoption. The profile shape remains unchanged and stored device IDs self-heal from their public keys; active device-scoped bearer sessions re-authenticate after upgrade. ## Changes - add exact capability IDs with borrowed and owned storage - add validated 32-byte entry, registry, and signed-extension-package digest newtypes - type the nonzero capability-registry schema revision - add content-bound capability references and exact resolution - add registered definitions and canonical registry manifests - implement deterministic canonical CBOR and domain-separated BLAKE3 identities - derive device key IDs from BLAKE3 with a legacy SHA-256 self-heal regression - freeze the private 51-ID capability-registry revision 1 set - isolate hashing, encoding, checked conversions, and digest validation in a private util module - encode canonical integer widths with one checked conversion per representation - keep the registry as a public Astrid runtime API without exposing it over HTTP, WIT, or the control socket - cover canonical bytes, BLAKE3 digest goldens, tampering, duplicates, invalid lengths, ordering, schema revisions, and fail-closed errors ## Verification - `cargo fmt --all -- --check` - `cargo metadata --locked --offline --no-deps` - `git diff --check` - golden vectors independently recomputed with `b3sum` - device-key BLAKE3 golden independently recomputed with `b3sum` - targeted local compilation reached the existing native BLAKE3 build-script stall; GitHub CI is the execution gate for the new head ## Checklist - [x] Linked to an issue - [x] CHANGELOG.md updated under `[Unreleased]`
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
The current wildcard authority can inherit capabilities added in the future and can activate bypasses that are not represented in the capability catalog. Astrid needs explicit, inspectable administrative authority without giving up complete sysadmin control.
Status
Draft. This RFC must remain open and unmerged. Generated registry and profile digests, migration fixtures, and implementation artifacts remain acceptance gates.
Tracks astrid-runtime/astrid#1228. Companion design: #37.
Validation
git diff --checkpython3 generate-book.py