Skip to content

fix(deps): bump quinn-proto to 0.11.15 (RUSTSEC-2026-0185)#409

Merged
pallakatos merged 22 commits into
mainfrom
fix/rustsec-2026-0185-quinn-proto
Jun 23, 2026
Merged

fix(deps): bump quinn-proto to 0.11.15 (RUSTSEC-2026-0185)#409
pallakatos merged 22 commits into
mainfrom
fix/rustsec-2026-0185-quinn-proto

Conversation

@pallakatos

Copy link
Copy Markdown
Collaborator

New RustSec advisory RUSTSEC-2026-0185 (quinn-proto remote memory exhaustion) was published after #408 merged, turning main's Rust Dependency Audit red. Transitive-only; semver-compatible patch bump 0.11.14→0.11.15. cargo audit clean + cargo check --workspace passes locally.

Pal Lakatos-Toth and others added 22 commits June 22, 2026 14:59
Publishes pre-built, cosign-signed, multi-arch container images to PUBLIC
ghcr.io/azure/kars-* and attaches the @kars/cli tarball to a public GitHub
Release, so customers can run kars without cloning AGT or compiling.

This is the interim GHCR path from docs/PUBLISHING.md; npmjs `@kars`,
crates.io and MCR remain reserved for the ESRP-signed release. Includes a
release-build correctness guard that fails if the sandbox image would fall
back to the unpatched public AGT SDK instead of the vendored patched tarball.

Working branch only — not wired until the published-binaries quick-setup is
verified end-to-end.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The controller launches openclaw-sandbox (built FROM kars-sandbox-base +
router + the OpenClaw plugin), which is also where the patched AGT SDK is
baked in — not sandbox-base. Add a dedicated build-sandbox job that builds
openclaw-sandbox after the base/router are pushed, with the patched-AGT
correctness guard moved to the correct layer. Now the published set is a
complete runnable OpenClaw graph: controller + inference-router +
sandbox-base + openclaw-sandbox (+ a2a-gateway, conformance-runner).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds a build-agt-wheels job (clones the pinned AGT, builds the upstream
governance wheels) feeding a build-runtimes matrix that publishes the six
runtime adapter images: langgraph, hermes, maf-python, anthropic,
openai-agents, pydantic-ai. Each bundles the upstream AGT wheels plus
kars-agt-mesh (kars's spec-compliant Python MeshClient, COPYed hermetically
from the in-repo runtimes/agt-mesh-python source). cosign + SBOM + public.

Full published set: controller, inference-router, a2a-gateway,
conformance-runner, sandbox-base, openclaw-sandbox + 6 runtimes + CLI tarball.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Every published artefact is now attested with actions/attest-build-provenance
(GitHub-signed, verifiable via `gh attestation verify`):
- all 13 container images (by digest, attestation pushed to the registry)
- the Rust binaries (amd64 + arm64)
- the @kars/cli tarball

This is on top of the existing cosign keyless signatures + SBOMs (buildkit
in-registry SBOM attestation + standalone SPDX-JSON on the Release) and
buildkit inline SLSA provenance.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Two fixes surfaced by the first interim-release run:

1. build-binaries: the arm64 cross build of aws-lc-sys (BoringSSL C) failed
   with "sys/types.h: No such file or directory" because --no-install-recommends
   dropped the cross libc headers. Install libc6-dev-arm64-cross +
   linux-libc-dev-arm64-cross explicitly.

2. Five runtime adapters (langgraph, maf-python, anthropic, openai-agents,
   pydantic-ai) pinned a2a_agentmesh>=3.3.0,<4 and an UNUSED agent_sandbox
   dep, incompatible with the AGT 4.0.0 pin — pip fell back to PyPI and failed
   on a transitive agent-sandbox<4. Drop the unused agent_sandbox dep and bump
   a2a_agentmesh to <5. The a2a_agentmesh import is already behind a graceful
   try/except fallback. Verified locally: each adapter installs + imports
   cleanly against the 4.0.0 wheels.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The maf-python image failed to build: pip's resolver hit ResolutionTooDeep
(986s, 200k rounds) on the `agent-framework` meta-package, whose transitive
graph is too complex to solve. Depend on the split sub-packages instead —
agent-framework-core (`tool`, Executor, …) + agent-framework-openai
(`OpenAIChatClient`) — which resolve in seconds.

Also modernise the adapter to MAF 1.x: `ai_function` was removed; swap the
mesh-tool decorators to `@tool` (same name/description kwargs). Verified
locally: adapter installs in ~12s and build_mesh_tools() yields mesh_inbox +
mesh_send.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The openclaw-sandbox Dockerfile hard-COPYs mesh-plugin/dist/ (it ships
@kars/mesh as a file: dep with the prepare script stripped), so dist/ must
exist in the build context. The build-sandbox job was missing the build
step → "/mesh-plugin/dist: not found". Add npm ci + npm run build for
mesh-plugin before the buildx build, mirroring what the CLI's
stage-mesh-plugin helper does locally.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add a build-mesh job that builds the AGT relay + registry from the pinned
AGT checkout (agent-mesh/docker/Dockerfile, COMPONENT=relay|registry) and
publishes them as ghcr.io/azure/kars-agentmesh-{relay,registry}, signed +
SBOM'd + attested. This completes the published set so `kars dev --release`
can pull everything (sandbox + runtimes + relay + registry) with no AGT
clone and no local build.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Adds a no-compile, no-AGT-clone path: `kars dev --release v0.1.0-interim.N`
pulls the published images from ghcr.io/azure/* at the given tag instead of
building anything locally:
  - openclaw-sandbox  → the agent image (skips the local sandbox build)
  - kars-agentmesh-relay / -registry → pulled + tagged :dev for the run path

It forces --build off, skips the AGT auto-clone + wheel build entirely, and
errors clearly if combined with --build or --target local-k8s (docker only
for now). Typecheck + lint clean; 798 CLI tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Lets the exec-brief harness bring the sandbox up from published images via
`kars dev --release <ver>` (no local build, no AGT clone) by setting
KARS_RELEASE=v0.1.0-interim.N. Verifies the released quick-setup path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add a foolproof "fastest path" to README + getting-started: install the CLI
from a published release tarball and `kars dev --release <tag>` to launch
from pre-built, cosign-signed images — no Rust, no AGT checkout, no local
image build. The from-source path is preserved for contributors. Clarifies
the AGT-mesh clone is source-builds-only (--release pulls relay/registry).

NOTE: describes v0.1.0-interim.6 (first release carrying the --release CLI).
Pending end-to-end verification of the released quick-setup before merge.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
cli/src/commands/dev.ts gains a capability (--release pulls published
images), which the security-audit-required CI gate flags. Add the audit:
threat model (image tamper, isolation parity, supply chain, AGT-clone skip),
scope, and test posture. Force-added (docs/internal/ is gitignored).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The mesh-source and channels prompts fired unconditionally, crashing
`kars dev` (ExitPromptError) in non-interactive contexts — scripts, CI, and
the e2e harness — before the sandbox even came up. Guard both with
process.stdin.isTTY: non-interactive runs default to local mesh + no
channels. Interactive terminals are unchanged. This makes `kars dev`
(incl. --release) scriptable end-to-end.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…Macs)

The amd64-only openclaw-sandbox crashes under Rosetta on Apple Silicon
(rosetta error: rt_tgsigqueueinfo failed) — verified via the e2e harness on
an arm64 Mac. The vendored sandbox wheels (vendor/sandbox-wheels/) already
ship aarch64 manylinux variants, so the arm64 image installs pre-built wheels
(no source compile). Build sandbox-base + openclaw-sandbox for
linux/amd64,linux/arm64 so they run natively on Macs. QEMU + larger timeouts
for the arm64 leg.

Also corrects README + getting-started: the no-compile --release path is
amd64/Linux today; Apple Silicon uses the from-source build until the arm64
images land (this release).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
QEMU multi-arch for sandbox-base + openclaw-sandbox was far too slow
(>40 min for sandbox-base alone). Build each arch on its native
GitHub-hosted runner instead (amd64 → ubuntu-22.04, arm64 → ubuntu-24.04-arm,
free for public repos), push per-arch tags, then merge into multi-arch
manifests with imagetools + sign/attest/SBOM on the merged manifest. The
fast Rust images stay multi-arch via QEMU (trivial binary COPYs).

This gives a native arm64 openclaw-sandbox so kars dev --release runs on
Apple Silicon without the Rosetta rt_tgsigqueueinfo crash.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
openclaw-sandbox is now published multi-arch (amd64 + arm64), but --release
hardcoded `--platform linux/amd64`, so Apple Silicon pulled the amd64 variant
and crashed under Rosetta (rt_tgsigqueueinfo). Pull dockerPlatform (the host
arch) instead — arm64 Macs now get the native arm64 image and run it without
emulation. Verified: container Up (healthy), gateway HTTP 200 on an M-series Mac.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…mage

The published openclaw-sandbox shipped the UNPATCHED npm SDK (3.7.0, no
proof-of-possession), so the agent's mesh client sent bare connect frames.
The relay rejected them ("missing did/public_key/timestamp/signature") and
the sandbox entered a reconnect flood — sub-agent collaboration never came up.

Root cause: the Dockerfile's `COPY .agt-sdk/` resolves against the build
CONTEXT root (the repo root — `context: .`), but the release workflow staged
the patched SDK tarball into `sandbox-images/openclaw/.agt-sdk/`. The COPY
never saw it, so the Dockerfile silently fell back to the public npm SDK.
The CLI from-source build always staged into `<repo-root>/.agt-sdk/`
(cli/src/commands/dev.ts), which is why dev mode worked but `--release` didn't.

Fixes:
- release-public-interim.yml: stage the tarball into <repo-root>/.agt-sdk/
  (matching the Dockerfile COPY context) and pass MESH_PROVIDER=agt.
- openclaw/Dockerfile: when AGT_SDK_TARBALL is set but the file is absent,
  FAIL the build loudly instead of silently installing the unpatched npm SDK.
  This makes the staging-path class of bug impossible to ship again.
- e2e-harness/platforms/docker.sh: `kars dev --name X` creates container
  `kars-X`; use the prefixed name for docker exec/logs/ps.

Verified locally: rebuilt openclaw-sandbox with the corrected staging →
image now bundles @microsoft/agent-governance-sdk@4.0.0 with POP signing
(proof_timestamp present in registry-client.js + x3dh.js).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The exec-brief `check_relay_pairs` resolved sibling DIDs via `kubectl get
pods` / `kubectl logs`, which returns nothing in docker mode (no K8s
pods/namespaces). The check therefore always fell to the "0/3 sub-agents
had router chat activity" fallback and FAILED on docker even when the mesh
worked perfectly.

The harness already collects each agent's gateway log into OUT_DIR on every
platform (`<sub>-gateway.log`). Those logs authoritatively record outbound
sibling sends:
    AGT sub-agent mesh_transfer_file: to=writer file=/sandbox/...
    AGT relay: sent to viz (did:mesh:...) via E2E encrypted relay
Parse those instead — the log's owner is the sender, the parsed peer the
target — so the check is correct on docker, kind, and AKS alike. The legacy
kubectl/registry heuristic is kept as a fallback when no gateway logs were
collected.

Verified: exec-brief now PASSES 3/3 sibling pairs (analyst↔viz, analyst↔
writer, viz↔writer) and 9/9 overall on docker with the patched POP-aware SDK.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The operator's `securityStates` and `egressByAgent` maps were keyed by the
bare sandbox `name`. Agent names are NOT unique across runtimes/clusters —
the same name (e.g. "analyst") can exist at once as a docker container, a
kind pod, and an AKS pod. With overlapping agents present, a stale/empty
same-named entry overwrote the live one, so the operator showed no DID and
no audit entries for the shadowed agent (observed: the docker "analyst",
whose router actually reported did:agentmesh:analyst + 157 audit entries,
rendered blank while viz/writer — with fewer duplicates — rendered fine).

Add `sandboxKey(sb)` = `${kubeContext ?? runtime}::${namespace}::${name}`
and use it at every set/get site in operator.ts and the security/topology
render paths. Same-named agents across docker/kind/aks now get distinct
keys, so each renders its own DID, trust scores, and audit log.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The sandbox images are now multi-arch (amd64 + arm64, built on native arm64
runners) and `kars dev --release` pulls the host-arch variant automatically.
Remove the obsolete "linux/amd64 only / crashes under Rosetta" caveat and the
"build from source on Apple Silicon" workaround; bump the quick-start tag to
v0.1.0-interim.9 (the first release with the patched POP-aware mesh SDK).
Verified end-to-end on an M-series Mac: the full multi-agent exec-brief
scenario passes 9/9 via `--release v0.1.0-interim.9`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Extends the published-images path to `--target local-k8s` (kind) and makes
the AGT relay/registry multi-arch so they run on arm64 kind nodes.

Workflow:
- build-mesh now builds agentmesh-relay/registry on NATIVE per-arch runners
  (amd64→ubuntu-22.04, arm64→ubuntu-24.04-arm), pushing :VERSION-<arch>.
- new merge-mesh job fuses them into multi-arch manifests + attest + SBOM +
  cosign + make-public (mirrors merge-sandbox). release job needs it.
  Previously amd64-only → "exec format error" on an Apple Silicon kind node.

CLI:
- `kars dev --release <tag> --target local-k8s` now works: runLocalK8s pulls
  the published controller/router/sandbox + relay/registry, tags them as the
  local dev aliases the existing kind-load + chart plumbing expects, and skips
  every from-source build. local-k8s still needs the repo (Helm chart +
  agentmesh manifest); only image *building* is skipped.
- deployAgentMesh pulls published relay/registry in release mode instead of
  building from an AGT checkout.

Harness:
- platforms/local-k8s.sh honors KARS_RELEASE=<tag> to drive the released path
  on kind (mirrors platforms/docker.sh).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
A new RustSec advisory (RUSTSEC-2026-0185) was published for quinn-proto:
remote memory exhaustion via unbounded out-of-order stream reassembly.
It surfaced on main right after #408 merged (cargo-audit fetches the live
advisory DB, so it passed on the PR run hours earlier). Transitive-only;
the fix is a semver-compatible patch bump to 0.11.15.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 7 package(s) with unknown licenses.
See the Details below.

License Issues

runtimes/anthropic/pyproject.toml

PackageVersionLicenseIssue Type
a2a_agentmesh>= 3.3.0,< 5NullUnknown License

runtimes/langgraph/pyproject.toml

PackageVersionLicenseIssue Type
a2a_agentmesh>= 3.3.0,< 5NullUnknown License

runtimes/maf-python/pyproject.toml

PackageVersionLicenseIssue Type
a2a_agentmesh>= 3.3.0,< 5NullUnknown License
agent-framework-core>= 1.8,< 2NullUnknown License
agent-framework-openai>= 1.8,< 2NullUnknown License

runtimes/openai-agents/pyproject.toml

PackageVersionLicenseIssue Type
a2a_agentmesh>= 3.3.0,< 5NullUnknown License

runtimes/pydantic-ai/pyproject.toml

PackageVersionLicenseIssue Type
a2a_agentmesh>= 3.3.0,< 5NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/Swatinem/rust-cache e18b497796c12c097a38f9edb9d0641fb99eee32 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 4Found 5/12 approved changesets -- score normalized to 4
Maintained🟢 1021 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 7SAST tool is not run on all commits -- score normalized to 7
actions/actions/attest-build-provenance a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 UnknownUnknown
actions/actions/checkout 34e114876b0b11c390a56381ad16ebd13914f8d5 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/download-artifact d3f86a106a0bac45b974a628896c90dbdf5c8093 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
actions/actions/setup-node 1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 9binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/setup-python a26af69be951a213d495a4c3e4e4022e16d87065 🟢 5.1
Details
CheckScoreReason
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/upload-artifact 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
actions/anchore/sbom-action e22c389904149dbc22b58101806040fa8d37a610 🟢 7.5
Details
CheckScoreReason
Code-Review⚠️ 2Found 1/4 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 9binaries present in source code
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
actions/docker/build-push-action f9f3042f7e2789586610d6e8b85c8f03e5195baf 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/login-action 4907a6ddec9925e35a0a9e82d7399ccc52663121 🟢 8.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/setup-buildx-action 988b5a0280414f521da01fcc63a27aeeb4b104db 🟢 8.6
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
actions/docker/setup-qemu-action 49b3bc8e6bdd4a60e6116a5414239cba5943d3cf 🟢 8.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
SAST🟢 10SAST tool is run on all commits
actions/dtolnay/rust-toolchain 631a55b12751854ce901bb631d5902ceb48146f7 🟢 4.6
Details
CheckScoreReason
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 0/19 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 3security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/sigstore/cosign-installer 1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 🟢 7.5
Details
CheckScoreReason
Maintained🟢 54 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/softprops/action-gh-release 718ea10b132b3b2eba29c1007bb80653f286566b 🟢 5.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/16 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1019 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/quinn-proto 0.11.15 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/a2a_agentmesh >= 3.3.0,< 5 UnknownUnknown
pip/a2a_agentmesh >= 3.3.0,< 5 UnknownUnknown
pip/a2a_agentmesh >= 3.3.0,< 5 UnknownUnknown
pip/agent-framework-core >= 1.8,< 2 UnknownUnknown
pip/agent-framework-openai >= 1.8,< 2 UnknownUnknown
pip/a2a_agentmesh >= 3.3.0,< 5 UnknownUnknown
pip/a2a_agentmesh >= 3.3.0,< 5 UnknownUnknown

Scanned Files

  • .github/workflows/release-public-interim.yml
  • Cargo.lock
  • runtimes/anthropic/pyproject.toml
  • runtimes/langgraph/pyproject.toml
  • runtimes/maf-python/pyproject.toml
  • runtimes/openai-agents/pyproject.toml
  • runtimes/pydantic-ai/pyproject.toml

MeshHealth,
} from "./operator/types.js";
import { timeSince, kctl, platformTag, clusterOriginTag } from "./operator/helpers.js";
import { timeSince, kctl, platformTag, clusterOriginTag, sandboxKey } from "./operator/helpers.js";
@pallakatos
pallakatos merged commit 57287bc into main Jun 23, 2026
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant