Skip to content

app-server: define device key v2 protocol#18428

Merged
euroelessar merged 1 commit intomainfrom
ruslan/device-key-v2-protocol
Apr 21, 2026
Merged

app-server: define device key v2 protocol#18428
euroelessar merged 1 commit intomainfrom
ruslan/device-key-v2-protocol

Conversation

@euroelessar
Copy link
Copy Markdown
Collaborator

@euroelessar euroelessar commented Apr 18, 2026

Why

Clients need a stable app-server protocol surface for enrolling a local device key, retrieving its public key, and producing a device-bound proof.

The protocol reports protectionClass explicitly so clients can distinguish hardware-backed keys from an explicitly allowed OS-protected fallback. Signing uses a tagged DeviceKeySignPayload enum rather than arbitrary bytes so each signed statement is auditable at the API boundary.

What changed

  • Added v2 JSON-RPC methods for device/key/create, device/key/public, and device/key/sign.
  • Added request/response types for device-key metadata, SPKI public keys, protection classes, and ECDSA signatures.
  • Added DeviceKeyProtectionPolicy with hardware-only default behavior and an explicit allow_os_protected_nonextractable option.
  • Added the initial remoteControlClientConnection signing payload variant.
  • Regenerated JSON Schema and TypeScript fixtures for app-server clients.

Stack

This is PR 1 of 4 in the device-key app-server stack.

Validation

  • just write-app-server-schema
  • cargo test -p codex-app-server-protocol

@euroelessar euroelessar mentioned this pull request Apr 18, 2026
Merged
@euroelessar euroelessar force-pushed the ruslan/device-key-v2-protocol branch 2 times, most recently from b857fcc to 9a85c6c Compare April 18, 2026 00:22
viyatb-oai
viyatb-oai reviewed Apr 18, 2026
View reviewed changes
Comment thread codex-rs/app-server-protocol/src/protocol/v2.rs
viyatb-oai
viyatb-oai reviewed Apr 18, 2026
View reviewed changes
Comment thread codex-rs/app-server-protocol/src/protocol/v2.rs
@euroelessar euroelessar force-pushed the ruslan/device-key-v2-protocol branch 2 times, most recently from bf613e8 to 9915c86 Compare April 18, 2026 01:25
@viyatb-oai
Copy link
Copy Markdown
Collaborator

viyatb-oai commented Apr 18, 2026
edited
Loading

[P1] Target binding is still implicit. The signed payload only carries targetOrigin/targetPath + token hash, but no explicit server_id/environment_id/session_id. If the backend controller token isn’t already bound to the target server/session, PoP doesn’t prevent cross‑server lateral movement. Either enforce target binding via token claims on the backend, or add explicit target identifiers to the signed payload.

@euroelessar euroelessar force-pushed the ruslan/device-key-v2-protocol branch from 9915c86 to a38e6c1 Compare April 18, 2026 02:36
@euroelessar
Copy link
Copy Markdown
Collaborator Author

euroelessar commented Apr 18, 2026

[codex] Addressed in a38e6c1: the remote-control client connection signed payload now includes an explicit sessionId binding. That puts the backend-issued websocket session identifier inside the bytes signed by the device key, alongside nonce/audience/target/token binding.

@euroelessar euroelessar marked this pull request as draft April 18, 2026 02:38
@euroelessar euroelessar force-pushed the ruslan/device-key-v2-protocol branch from a38e6c1 to 3f76329 Compare April 18, 2026 19:25
@euroelessar euroelessar marked this pull request as ready for review April 20, 2026 21:14
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3f76329516

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/app-server/src/codex_message_processor.rs
Comment on lines +1164 to +1167
ClientRequest::DeviceKeyCreate { .. }
| ClientRequest::DeviceKeyPublic { .. }
| ClientRequest::DeviceKeySign { .. } => {
warn!("Device key request reached CodexMessageProcessor unexpectedly");
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Return an error for unhandled device key RPC methods

device/key/create, device/key/public, and device/key/sign are now part of ClientRequest, but this branch only logs a warning and exits without send_response/send_error. Requests that reach here will hang until client timeout instead of receiving a deterministic JSON-RPC failure.

Useful? React with 👍 / 👎.

@euroelessar euroelessar marked this pull request as draft April 20, 2026 21:39
@euroelessar euroelessar marked this pull request as ready for review April 20, 2026 21:49
@euroelessar euroelessar marked this pull request as draft April 21, 2026 07:44
@euroelessar
app-server: define device key v2 protocol
bd1ef3b 
Clients need a stable app-server protocol surface for enrolling a local device key, retrieving its public key, and producing a device-bound proof.

The protocol reports `protectionClass` explicitly so clients can distinguish hardware-backed keys from an explicitly allowed OS-protected fallback. This keeps degraded protection visible instead of hiding it behind a generic success response.

Signing uses a tagged `DeviceKeySignPayload` enum rather than arbitrary bytes. That makes each signed statement auditable at the API boundary and keeps future payload additions compatible with the same `device/key/sign` method shape.

- Added v2 JSON-RPC methods for `device/key/create`, `device/key/public`, and `device/key/sign`.
- Added request/response types for device-key metadata, SPKI public keys, protection classes, and ECDSA signatures.
- Added `DeviceKeyProtectionPolicy` with a default hardware-only behavior and an explicit `allow_os_protected_nonextractable` option.
- Added the initial `remoteControlClientConnection` signing payload variant.
- Regenerated JSON Schema and TypeScript fixtures for downstream app-server clients.

- `just write-app-server-schema`
- `cargo test -p codex-app-server-protocol`
@euroelessar euroelessar force-pushed the ruslan/device-key-v2-protocol branch from 3f76329 to bd1ef3b Compare April 21, 2026 08:00
@euroelessar euroelessar marked this pull request as ready for review April 21, 2026 08:01
@euroelessar euroelessar enabled auto-merge (squash) April 21, 2026 08:04
@euroelessar euroelessar disabled auto-merge April 21, 2026 08:12
@euroelessar euroelessar merged commit 48f82ca into main Apr 21, 2026
25 checks passed
@euroelessar euroelessar deleted the ruslan/device-key-v2-protocol branch April 21, 2026 17:08
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 21, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@etraut-openai etraut-openai etraut-openai approved these changes

@viyatb-oai viyatb-oai viyatb-oai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@euroelessar @viyatb-oai @etraut-openai