fix(#207): attach source token to Sigstore bundle download#208
Merged
Conversation
…ked signed installs
The registry's GET /storage/bundle/:sha256 is requireAuth()'d ('same
access level as tarball download'), but downloadSigstoreBundle fetched
anonymously per a stale DD-80 assumption. Unreachable-in-practice until
the identity gap (#303 / meta-factory#523) was fixed — the first fully
verifiable signed install then died at the bundle fetch with HTTP 401.
- attach Authorization: Bearer <token> when the source has one (same
contract as downloadPackage's tarball fetch); tokenless sources stay
anonymous
- redirect: 'manual' fail-closes if the route ever starts redirecting
to third-party storage, so the bearer can't silently forward
cross-origin (mirrors downloadPackage's stripping concern)
- verifyPackageSigstore passes its existing source through
Tests: token attached when present; anonymous without source; old
anonymous-enforcement test replaced.
Fixes #207
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jcfischer
commented
Jun 4, 2026
Contributor
Author
jcfischer
left a comment
jcfischer
left a comment
There was a problem hiding this comment.
CodeReview — CodeQuality + Security + Architecture
Clean, surgical fix. +41/−5 across two files. Root cause well-documented, tests cover both branches (token present, token absent), CI green.
Findings
- Security model correct — bearer only attached when
source?.tokenexists;redirect: "manual"fail-closes cross-origin forwarding (mirrorsdownloadPackagepattern) - Backward-compatible —
source?optional param, anonymous callers unaffected - Tests solid — token-attached + anonymous cases; old anonymous-enforcement test replaced with rationale
Nit (non-blocking)
Module-level doc comment (line 10) still says Anonymous bundle fetch (DD-80): no Authorization header — stale after this PR. The in-function doc comment is correct.
blockers=0 majors=0 nits=1 — recommend: approve
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Symptom
First fully-verifiable signed install (soma 0.8.5, post meta-factory#523 + arc#205):
Root cause
Registry
GET /storage/bundle/:sha256=requireAuth()('same access level as tarball download'). arc fetched it anonymously per a stale DD-80 comment. Dead code path until the #303 identity hard-fail was removed — nobody had ever reached the bundle fetch with real data.Fix
downloadSigstoreBundle(url, tempDir, source?):Authorization: Bearerwhen the source carries a token (same contract asdownloadPackage); anonymous otherwiseredirect: 'manual'so a future cross-origin redirect fail-closes instead of forwarding the bearer (mirrorsdownloadPackage's stripping concern — the bundle route is same-origin today, no redirect handling needed)sourcethroughTests
Token-attached + anonymous cases; old anonymous-enforcement test replaced with rationale. Suite 988/988, tsc clean.
Verification after merge
arc install @metafactory/soma→ Sigstore bundle verified for the GH-Actions identity → install completes. Will post output on #207.Fixes #207
🤖 Generated with Claude Code