Skip to content

v0.2.0 - Native eBPF Sensor Ingest and Hardened Provenance Gates

Choose a tag to compare

View all tags
@ByteYellow ByteYellow released this 27 Jun 13:12
· 20 commits to main since this release
v0.2.0
a297f38
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Native eBPF Sensor Ingest and Hardened Provenance Gates

This release adds AgentProvenance's own Linux eBPF sensor and wires its telemetry
end to end into the correlation -> risk -> unified-signal pipeline, plus a round
of provenance/correlation hardening and adversarial acceptance gates. It is a
feature milestone on top of v0.1.0, not yet v1 (see Boundary).

Highlights

  • Self-owned eBPF sensor for exec / file-write / network-connect telemetry
    (cmd/agentprov-sensor, internal/sensor; CO-RE, Linux). Verified live on a
    Linux lab VM against a real container (genuine kernel events, not fixtures).
  • Native sensor JSONL ingest into the provenance/risk pipeline: the sensor's
    normalized output is auto-detected (--format native, source=agentprov_ebpf)
    and flows through the same correlation -> policy -> risk -> unified security
    signal path as Falco/Tetragon. Supports piping the sensor straight into ingest
    (agentprov-sensor | agentprov telemetry ingest-jsonl --file -).
  • ToolCallScope correlation hardening: raw events need no tool_call_id;
    child / async / delayed events attribute to the original scope via
    container/cgroup + time window; correlation provenance is now labelled
    (self_observed vs kernel_correlated) so a self-join is not mistaken for
    independent corroboration.
  • Evidence tamper-detection acceptance: graph verify detects both an edited
    content-addressed object file (object_hash_mismatch) and a directly edited
    in-DB row (record_manifest_mismatch).
  • Reproducible sensor build: bpf2go bindings are committed, so a fresh Linux
    go build ./cmd/agentprov-sensor works without clang; scripts/regen-sensor.sh
    regenerates and drift-checks them.
  • Two-writer guard, concurrent-record graph-consistency test, and a
    fixed record crash when the .agentprov data dir lives inside the
    recorded workdir.

CI gates (all green on this commit)

  • Go tests (go test ./...)
  • Phase 1 observability/provenance smoke
  • eBPF sensor builds from committed bindings
  • eBPF sensor bindings drift check

Boundary (read before relying on the security claim)

This release provides integrity, not tamper-evidence against a host-root
attacker. graph verify recomputes hashes from the local SQLite store, which a
root user on the host can edit and re-derive. Off-host capture-time anchoring
(KMS/TPM/transparency log), the Deploy 3 central evidence service, and
notification integrations remain explicitly scoped to v2. See
docs/v1-definition-of-done.md.

Assets 2
Loading