v2 stage 2 — Hardening: K11 WebAuthn + multi-device recovery + audit/memory/email workers

[hanwencheng]

GH issue body — v2 stage 2: Hardening (K11 WebAuthn + multi-device recovery + audit/memory/email workers)

Title: v2 stage 2 — Hardening: K11 WebAuthn + multi-device recovery + audit/memory/email workers

File via:

gh issue create \
  --title "v2 stage 2 — Hardening: K11 WebAuthn + multi-device recovery + audit/memory/email workers" \
  --label "documentation,enhancement" \
  --body-file docs/spec/plans/v2-issues/issue-v2-stage-2-hardening.md

---

Stage 2 of the v2 architecture. Adds K11 WebAuthn-bound master mutations (closes Codex finding #2), multi-master-device M-of-N recovery quorum (no anchor wallet, no seed phrase), and the remaining per-service workers (audit, memory, email).

What ships in stage 2

K11 WebAuthn binding (replaces v1c per-identity pop_sig)

• Per arch.md v2 §5 stages: Stage 2 = WebAuthn enrollment; K11 commits D_pub atomically inside challenge SHA256(binding_nonce || D_pub)
• Master binding ceremony per arch.md §5a.1
• All master-only mutations require fresh K11 WebAuthn assertion in addition to K10 sig:
  • Scope grant (set_scope_with_webauthn on ScopeContract)
  • Scope revoke (same)
  • New device bind (master-device or agent-device flow)
  • K10 rotation (per arch.md §5a.3.2)
  • Device revocation (recovery flow)
• Closes Codex finding docs: mirror wiki/ folder to GitHub Wiki via CI #2 — stolen K10 alone cannot escalate to master powers
• arch.md §5a Q7 fix preserved: email-account compromise alone cannot rebind

Multi-master-device registration + role bitfield

• Role bitfield per SidecarRegistry entry: CAP_MINT (0x01) | RECOVERY (0x02) | SCOPE_MGMT (0x04)
• Default role assignments:
  • First master device of a new operator: all roles (CAP_MINT | RECOVERY | SCOPE_MGMT)
  • Subsequent master devices: CAP_MINT | RECOVERY (SCOPE_MGMT opt-in to prevent mobile-mgmt sprawl)
  • Agent devices: CAP_MINT only (no RECOVERY because no K11; no SCOPE_MGMT because agents can't grant scope)
• Per-operator recovery_threshold (default 1; prompt to bump to 2 on 3rd-device add)

Recovery flow (no anchor wallet, no seed phrase)

• Operator detects lost/compromised master device
• On surviving master device: opens agentkeys app → "Lost device — revoke & rotate"
• App constructs revoke + rotate payload; signs with K10 + K11 (Face ID / Touch ID)
• M-of-N device sigs (≥ recovery_threshold) authorize the rotation
• Relay submits SidecarRegistry.revoke_device + WalletRotated audit event
• Signer subscribes to chain event; drops revoked device from authorized set
• Brokers push SSE drop event to all daemons under operator_omni
• Within ~60s: attacker's cap-mints rejected; attacker's cached creds expire on TTL
• New-device registration post-recovery per arch.md §5a.3.1 conventions

audit-service worker

• Sovereign default (tier C): per-event chain tx, operator's wallet signs (master_wallet visible per event)
• Hosted-relay opt-in (tier A): Merkle-batched audit-roots on chain; reduces gas + enables tx batching
• audit-service-relay holds zero credential decrypt authority; cannot forge audit events (chain-anchored Merkle roots)
• Operator chooses tier via deployment config; both tiers preserve auditability
• Hosted relay does NOT contradict self-sovereignty because tier B (operator runs own relay) is always available as fallback

memory-service worker

• Per-actor memory at s3://$BUCKET/bots/<actor_omni_hex>/memory/...
• High-frequency reads/writes (agent state, chat history, scratch space)
• STS session policies enable direct S3 access from agent — broker NOT in LLM-call hot path
• TTL-bounded cap-tokens minted at session start; agent uses STS creds for many ops within TTL

email-service worker

• Sends via SES from operator's domain (e.g., agent-a@bots.litentry.org)
• Receives via SES routing Lambda (extension of openrouter scraper: SelectorTimeout at signup_flow — DOM drift #83's existing infrastructure)
• Per-actor inbox at s3://$BUCKET/bots/<actor_omni_hex>/inbound/...
• Inbox migration from <wallet> to <actor_omni_hex> per stage 1 path migration

K3 rotation flow

• Signer-governance multisig calls K3EpochCounter.bump_epoch() on chain (1 tx, global)
• Signer (in TEE per issue Replace dev_key_service with TEE worker for omni-anchored EVM keypair derivation #74 step 2) retains K3_v[N] for decrypt of pre-rotation blobs
• Signer generates K3_v[N+1] inside TEE
• Workers read new epoch from chain; new writes use new K3 epoch
• Lazy on-read re-encryption (optional): blob read → decrypt under old K3 → re-encrypt under new K3 → upload to same S3 path
• Operator-driven eager re-encryption tool available
• ZERO S3 path migration (actor_omni-keyed paths)
• ZERO PrincipalTag changes (actor_omni stable)
• ZERO IAM changes (bucket policy stays put)

Tasks

• Signer: K11 WebAuthn verification helpers + cap-mint endpoint with K11 requirement
• Broker: K11 requirement on master-only endpoints (scope mutation, device bind, K10 rotation)
• SidecarRegistry contract update: role bitfield + k11_cred_id storage + per-operator recovery_threshold
• ScopeContract update: set_scope_with_webauthn requires both K10 + K11 sigs
• CLI: bootstrap flow restructured to arch.md v2 §5 stages 0-3 (K10 gen → identity → K11 enrollment → SIWE)
• CLI: agentkeys agent create with K11 prompt (Touch ID)
• CLI: agentkeys scope add/remove with K11 prompt
• CLI: agentkeys device add (new-master-device pairing flow per §5a.3.1)
• CLI: agentkeys recovery (M-of-N flow via web UI / mobile app)
• Mobile app (iOS + Android): agentkeys companion app with Face ID/Touch ID for K11
  • Bootstrap pairing via QR scan from laptop
  • Recovery flow (revoke device, authorize new device)
  • Scope grant approvals from mobile
• audit-service worker (Lambda variant) — supports both tier C direct-write + tier A relay batches
• memory-service worker (Lambda + microservice variants)
• email-service worker (integrate with existing SES routing Lambda from openrouter scraper: SelectorTimeout at signup_flow — DOM drift #83)
• K3 rotation operational runbook (signer-governance multisig procedure, migration timing)
• Eager re-encryption tool: per-operator scan + re-encrypt all blobs from old K3 epoch
• Test plan: K11 binding + multi-device flows + recovery + K3 rotation end-to-end against staging

Dependencies

• Depends on: stage 1 (foundation must ship first)
• Depends on: arch.md v2 (the consolidated reference)
• Parallel track: issue Replace dev_key_service with TEE worker for omni-anchored EVM keypair derivation #74 step 2 (signer in TEE) — stage 2 works with signer in mock-server too; TEE migration strengthens K3 confidentiality but is independent

Out of scope (separate issues)

• payment-service worker (deferred — separate issue)
• ZK-proven cap minting (v3+; tracked separately)
• One-shot CAS-burn caps for state-mutating ops (tracked as v3 hardening)
• Per-operator K3 (tracked as v3+ multi-tenancy hardening)

Cross-reference

Design context: see consolidated arch.md v2.
Predecessor stage: v2 stage 1.

[hanwencheng]

Partial coverage landing in PR #87

PR #87 (v2 stage 1 — Foundation, closes #89) lands part of the stage-2 hardening scope. Tracking the delta here so the residual #90 work is well-scoped.

Already shipped in PR #87

• ✅ K11 WebAuthn enroll + assert via Touch ID — agentkeys k11 {enroll,assert} --webauthn ships a real platform-authenticator ceremony in crates/agentkeys-cli/src/k11_webauthn.rs. Localhost axum server, opens default browser, prompts Touch ID (macOS) / Windows Hello / Secure Enclave, validates clientDataJSON challenge/type/origin, parses attestationObject CBOR (rpIdHash, UP|UV|AT flags, credentialId-match), extracts P-256 X+Y from COSE pubkey. Assert binds to application message via challenge = sha256(message) so the resulting signature is bound to the exact (operator, agent, services, caps) tuple. Persisted with mode: "webauthn" to ~/.agentkeys/k11/<omni>.json (mode 0600).
• ✅ Role bitfield in SidecarRegistry — CAP_MINT=1 | RECOVERY=2 | SCOPE_MGMT=4 is on chain. First master device of a new operator gets all three; subsequent masters get CAP_MINT | RECOVERY (no SCOPE_MGMT by default).
• ✅ CLI/script integration of K11 — scripts/heima-{scope-set,scope-revoke,device-revoke}.sh all accept --webauthn and shell out to agentkeys k11 assert --webauthn to get real WebAuthn assertion bytes bound to a domain-separated message.
• ✅ agentkeys-worker-memory — memory worker shipped alongside agentkeys-worker-creds. Same envelope shape (1B version || 12B nonce || ciphertext || 16B tag), distinct KEK per arch.md §17 per-data-class separation.
• ✅ arch.md §22b stage-1 simplifications inventory — documents which simplifications are authorised (K11 stub default, KEK from env, attestation empty bytes, on-chain length != 0-only gate) and which issues track each one's stage-2 hardening.

Residual #90 work

These remain after PR #87 merges:

• On-chain P-256 verify of K11 assertions — gated on Heima shipping the EIP-7212 P-256 precompile. Today contracts only verify k11Assertion.length != 0. When EIP-7212 ships, swap setScopeWithWebauthn's K11 check to a real ecRecover-style precompile call.
• Multi-master M-of-N recovery quorum — heima-device-revoke.sh only handles single-master revoke today. Multi-master rotation flow + recovery_threshold enforcement on chain needs:
  • SidecarRegistry.revoke_device to accept N K11 assertions when role bitfield includes RECOVERY
  • Per-operator recovery_threshold storage (default 1; prompt to bump on 3rd-device add)
  • Mobile-app companion for the M-of-N ceremony (Face ID/Touch ID prompts on N devices)
• audit-service worker (tier A Merkle relay) — PR v2 stage 1 — sovereign sidecar + on-chain identity + credentials-service worker (#89) #87 ships CredentialAudit.append (tier C direct-write); a tier-A worker that batches audit events into a Merkle tree + submits one tx per batch is still pending.
• email-service worker — extending the existing SES routing Lambda (from openrouter scraper: SelectorTimeout at signup_flow — DOM drift #83) to per-actor inbox at s3://$VAULT_BUCKET/bots/<actor_omni_hex>/inbound/....
• K3 rotation operational runbook — K3EpochCounter is deployed with currentEpoch=1 and signerGovernance initialized to the deployer wallet. Rotation procedure (signer-governance multisig calling advanceEpoch(), lazy on-read re-encryption, eager re-encrypt tool) is documented in arch.md §22b.5 but no operational script yet.
• Mobile app (iOS + Android) — companion app for the M-of-N recovery flow + scope-grant approvals from mobile. Bootstrap pairing via QR scan.
• CLI: agentkeys device add (new-master-device pairing) — the agent-create flow exists; new-master-device flow per arch.md §5a.3.1 doesn't.
• Stage-2 hardening of K11 path: bash helpers default to --webauthn — today --webauthn is opt-in; on stage 2 it should be the default and the stub path should be CI-only-gated.

Cross-references

• arch.md §22b — stage-1 simplifications inventory (live in PR v2 stage 1 — sovereign sidecar + on-chain identity + credentials-service worker (#89) #87)
• arch.md §5a — K10/K11 binding ceremony (target shape)
• arch.md §10.3 — multi-master M-of-N recovery design
• arch.md §15.3 — audit-relay vs direct-write tiers

[hanwencheng]

Mobile app would be an overkill, let's postpone mobile app work and find an alternative as a second daemon so we can test