Skip to content

Comments

feat(dir): domain ownership verification#803

Merged
adamtagscherer merged 16 commits intomainfrom
feat/secure-domain
Jan 15, 2026
Merged

feat(dir): domain ownership verification#803
adamtagscherer merged 16 commits intomainfrom
feat/secure-domain

Conversation

@adamtagscherer
Copy link
Member

@adamtagscherer adamtagscherer commented Jan 12, 2026

This PR adds domain ownership verification for OASF records. Publishers can prove they control the domain in their record's name field by publishing their signing public key via DNS TXT record or well-known file.

Features Implemented
Name verification via JWKS - Uses standard RFC 7517 /.well-known/jwks.json
Name verification via DNS TXT - Uses _oasf. TXT records
Protocol prefixes - dns:// or http:// or https:// to specify verification method
Automatic verification on sign - Best-effort verification after dirctl sign
New dirctl naming commands - verify and check subcommands
Persistent storage - Verification results stored as OCI referrers

Future Work

  • Implement ListVerifiedAgents (requires domain index in DB)
  • Re-verification based on TTL
  • Name resolution (dirctl pull name instead of cid)

@adamtagscherer adamtagscherer added this to the DIR v1.0.0 milestone Jan 12, 2026
@adamtagscherer adamtagscherer self-assigned this Jan 12, 2026
@adamtagscherer adamtagscherer added the go Pull requests that update go code label Jan 12, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 12, 2026

The latest Buf updates on your PR. Results from workflow Buf CI / verify-proto (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed⏩ skipped⏩ skipped✅ passedJan 15, 2026, 12:30 PM

@github-actions github-actions bot added size/L Denotes a PR that changes 1000-1999 lines size/XL Denotes a PR that changes 2000+ lines and removed size/L Denotes a PR that changes 1000-1999 lines labels Jan 12, 2026
@adamtagscherer adamtagscherer changed the title feat(dir): secure domains feat(dir): domain ownership verification Jan 13, 2026
@adamtagscherer adamtagscherer marked this pull request as ready for review January 13, 2026 14:40
@adamtagscherer adamtagscherer requested a review from a team as a code owner January 13, 2026 14:40
@adamtagscherer adamtagscherer linked an issue Jan 14, 2026 that may be closed by this pull request
@github-actions github-actions bot added size/L Denotes a PR that changes 1000-1999 lines size/XL Denotes a PR that changes 2000+ lines and removed size/XL Denotes a PR that changes 2000+ lines size/L Denotes a PR that changes 1000-1999 lines labels Jan 14, 2026
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
Copy link
Member

@ramizpolic ramizpolic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Signed-off-by: Tagscherer Ádám <adam.tagscherer@gmail.com>
@adamtagscherer adamtagscherer merged commit e24fc4a into main Jan 15, 2026
27 checks passed
@adamtagscherer adamtagscherer deleted the feat/secure-domain branch January 15, 2026 13:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

go Pull requests that update go code size/XL Denotes a PR that changes 2000+ lines

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Secure URLs with HTTP challenges

3 participants