Production-readiness audit: security/resilience fixes, coverage tools, template-inheritance guidance#1
Merged
Conversation
…eritance guidance Audit-driven fixes: SSRF guard, read-path redaction, retry/timeout resilience, mTLS https. Adds coverage gate, Dependabot, SECURITY/CONTRIBUTING; engines >=22.19. New tools: get_published_crl/aia/krl, list_enabled_identity_providers. Knowledge: prefer CA inheritance (crldpsFromCA/aiaFromCA), minimal general templates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Production-readiness hardening from a full audit of the server, plus a knowledge-base fix for a real LLM failure mode. 56 files, all gates green. Rebased onto the latest
main(includes the recentpublishConfigcommit;package.jsonreconciled).Security & data-leak fixes
[::ffff:127.0.0.1], which the URL parser compresses to hex) and NAT64-wrapped internal addresses. Now blocked, with regression tests.get_*/list_*), matching the write path — defense-in-depth against secret-bearing fields reaching the model.secure(the encrypted half of Stream's{clear, secure}) to the redaction set.test_triggernow scrubs reflected credential headers (Authorization, …) and request/response bodies from the returned REST result.redactValueno longer mangles hex identifiers (thumbprints/serials) as "blobs".HTTP client resilience
429/5xxbodies (undici connection-leak fix) and adds jitter.postMultiparthonorsexportTimeout;noRetryfor the state-changinggenerate_crl/generate_krlGETs.Auth
https://URL (a plainhttp://URL silently dropped the client cert).STREAM_VERIFY_SSL=falseand for both auth modes configured at once; mTLS files read once; removed a dead base-class hook.MCP ergonomics & correctness
List CAs,Get OCSP signer); auto-appended "Safety tier" line for tools that lacked it.search_docs/ the tool-selection playbook.getStripMergePut,src/models/payloads.ts,assertConfigBody).New read-only coverage tools
get_published_crl,get_published_aia,get_published_krl— fetch the actual published artifacts (closes the "generate then verify the CRL" loop; wires the previously-deadgetBytes).list_enabled_identity_providers.verify-truthnow prints an advisory reverse-coverage report (97/98/api/v1routes referenced).Knowledge: template inheritance (the reported failure)
An LLM building a trust chain created multiple OCSP/CRL-bearing templates instead of one that inherits from the CA. Verified against the Stream source (
X509LifecycleApiV1Controllerresolvesca.crldps/ca.aiawhen the template's*FromCAflag is set) and updated thecreate_templatedescription + param docs + thetemplates/ca-management/revocationknowledge resources to: prefercrldpsFromCA/aiaFromCA(AIA carries the OCSP responder URL), configure that wiring once on the CA, and keep templates general — one template per genuine policy difference, not per CA.Ops / release
publishConfig(reconciled with main: keptregistry+access: public, addedprovenance).engines.nodelowered to>=22.19(undici's real floor; the code uses no Node-24-only APIs) — see decision below.prepublishOnlybuild guard, coverage provider + CI gate, advisorybun audit, Dependabot,SECURITY.md+CONTRIBUTING.md, doc tool-counts updated to 157 with an exact-count drift test.Decision for reviewers
engines.node >=22.19vs main's prior>=24.10. Lowered per the audit (broader compatibility, no Node-24 API dependency). Flip back if a Node-24 floor is intentional policy.Test plan
format:check,lint,typecheck,buildverify:truth(route-truth + advisory coverage)STREAM_E2E_MUTATE=1) against QAtest:llm:livesmoke — 8/8engines >=22.19is acceptableNot in scope (deferred)
SBOM generation and a hard
bun auditgate; retrofittingoutputSchema/structuredContentacross all mutate tools. The full audit report is kept out of VCS (gitignored).