vcl-ut #25 P5d: Tier-2 C-ABI Ed25519 attestation fallback (RESOLVED) — closes the workstream#34
Merged
Conversation
…— closes the workstream The Tier-2 fallback of the two-tier boundary model (VERIFICATION-STANCE.adoc). For consumers that cannot run the Tier-1 recompute wasm: a C ABI cannot carry a re-checkable proof, so the honest ceiling is trusted-certifier attestation — and it is now reached. This was the last NAMED-OWED item under #25. New crate src/interface/attest (vcltotal-attest; standalone workspace; deps contained, never touch the zero-dep #![forbid(unsafe_code)] core): - mint(stmt_wire, schema_wire, sk): decode (vcltotal-parse), run the conformance-pinned certified_level, and sign IFF 0..=10. Token = Ed25519 over DOMAIN("VCLT-ATTEST-v1") ‖ sha256(stmt_wire) ‖ sha256(schema_wire) ‖ level. Fail-closed: decode failure / Reject ⇒ no token, never a signed unestablished level. - verify(...): recompute the bound message + Ed25519-verify vs the certifier pubkey. Unforgeable + bound: tampered query/schema/level/ sig or wrong key all reject. Does not re-run the decider (Tier-2 trusts the certifier — by construction of a C ABI; weaker than Tier-1, labelled as such). - vclut_rs_verify C-ABI: the previously declared-but-unlinked backend. One audited, documented host/guest unsafe block; all logic in the forbid-unsafe parse crate + audited ed25519-dalek. - Crypto: ed25519-dalek (de-facto standard, audited — maintainer decision 2026-05-19) + sha2, default-features minimal, contained to this Tier-2 crate. Cargo.lock pins them (trust surface). - 9 tests: roundtrip; 5 tamper variants (query/schema/level/sig/key); fail-closed garbage; C-ABI roundtrip+fail-closed; C-ABI small-out/ null. clippy -D warnings + fmt clean. ffi/zig wiring (P5d-2): build.zig cargo-builds libvcltotal_attest.a and links it (with gcc_s for std's _Unwind_* under panic=abort) into every artefact incl. the test runner. lib.zig: extern vclut_rs_verify + new export vclut_verify_wire (fail-closed wrapper, last-error set). New end-to-end Zig test: garbage wire ⇒ -1 across the Zig↔Rust boundary, out untouched. `zig build test` 4/4 (real backend linked, not a stub). Docs / authoritative flip (P5d-3/4): - src/interface/attest/ATTESTATION-FORMAT.adoc (normative wire spec) + README.adoc; .gitignore /target. - VERIFICATION-STANCE.adoc: Tier-2/P5d OWED→RESOLVED across the canonical two-tier model, headline, NAMED-OWED, consumer guidance, roadmap, provenance, closing. Both tiers now RESOLVED; the only remaining items are the precisely-scoped DISCLOSED limits (NaN payload; find/elemBy cross-module Refl non-reduction; L9/L10 predicate depth; additive↔ceil sliver; Idris→wire encode — needed by neither tier) — not gaps. - ADR-0002 status → both tiers RESOLVED; CHANGELOG/PROOF-NEEDS currency. Verified: corpus idris2 --build exit 0 (12 modules, escape-scan OK, unchanged); parse 6/6, recompute-wasm 3/3, attest 9/9 (all clippy -D warnings + fmt clean); `zig build test` 4/4 end-to-end. This closes the vcl-ut#25 boundary-reinforcement workstream: both the Tier-1 recompute-PCC path and the Tier-2 attestation fallback are RESOLVED, every limitation disclosed not faked. Refs #25. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 25 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
"type": "codeql_language_matrix_mismatch",
"file": "codeql.yml",
"action": "switch_codeql_matrix_to_actions",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "assert_smaller bypasses termination checker (1 occurrences, CWE-704)",
"type": "assert_smaller",
"file": "/home/runner/work/vcl-ut/vcl-ut/src/core/Checker.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (2 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/vcl-ut/vcl-ut/src/core/Decide.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (3 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/vcl-ut/vcl-ut/src/core/Composition.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
"type": "assert_total",
"file": "/home/runner/work/vcl-ut/vcl-ut/src/core/Composition.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
P5d — Tier-2 C-ABI Ed25519 attestation fallback (RESOLVED) — closes vcl-ut#25
The Tier-2 fallback of the canonical two-tier boundary model
(
VERIFICATION-STANCE.adoc). For consumers that cannot run the Tier-1recompute
wasm32module: a C ABI cannot carry a re-checkable proof,so the honest ceiling is trusted-certifier attestation — now
reached. This was the last NAMED-OWED item under #25.
New crate
src/interface/attest(vcltotal-attest)Standalone workspace; crypto contained here, never touches the
zero-dep
#![forbid(unsafe_code)]core.mint: decode → run the conformance-pinnedvcltotal_parse::certified_level→ sign iff0..=10. Token =Ed25519 over
DOMAIN ‖ sha256(stmt_wire) ‖ sha256(schema_wire) ‖ level. Fail-closed: decode failure / Reject ⇒ no token.verify: recompute the bound message, Ed25519-verify vs thecertifier pubkey. Unforgeable + bound — tampered
query/schema/level/sig or wrong key all reject. Does not re-run
the decider (Tier-2 trusts the certifier; weaker than Tier-1,
labelled so).
vclut_rs_verifyC-ABI — the previously declared-but-unlinkedbackend. One audited, documented host/guest
unsafeblock; alllogic in the forbid-unsafe parse crate + audited
ed25519-dalek.ed25519-dalek(de-facto standard, audited — yourdecision) +
sha2, minimal features,Cargo.lockpinned.(query/schema/level/sig/key); fail-closed garbage; C-ABI
roundtrip+fail-closed; C-ABI small-out/null. clippy
-D warnings+fmt clean.
Zig linkage
build.zigcargo-buildslibvcltotal_attest.aand links it (+gcc_sfor
std's_Unwind_*underpanic=abort) into every artefact incl.the test runner.
lib.zig:extern vclut_rs_verify+ newvclut_verify_wireexport (fail-closed wrapper). New end-to-end Zigtest: garbage wire ⇒
-1across the Zig↔Rust boundary,outuntouched.
zig build test4/4 (real backend linked, not a stub).Authoritative flip
VERIFICATION-STANCE.adoc: Tier-2/P5dOWED→RESOLVEDacross thecanonical two-tier model, headline, NAMED-OWED, consumer guidance,
roadmap, provenance, closing — both tiers now RESOLVED. ADR-0002
status → both tiers RESOLVED. New
src/interface/attest/ATTESTATION-FORMAT.adoc(normative wire spec) +README; CHANGELOG/PROOF-NEEDS currency. The only remaining items are
the precisely-scoped disclosed limits (NaN payload;
find/elemBycross-module
Reflnon-reduction; L9/L10 predicate depth;additive↔ceil sliver; Idris→wire encode — needed by neither tier) —
not gaps.
Verified locally
Corpus
idris2 --buildexit 0 (12 modules, escape-scan OK,unchanged);
parse6/6,recompute-wasm3/3,attest9/9 (allclippy
-D warnings+ fmt clean);zig build test4/4 end-to-end.Closes the workstream
Both the Tier-1 recompute-PCC path and the Tier-2 attestation fallback
are RESOLVED; every limitation disclosed, not faked. vcl-ut#25 is
complete.
Refs #25.
🤖 Generated with Claude Code