Skip to content

Define authority containment and credential binding#5

Merged
SoundBlaster merged 3 commits into
mainfrom
codex/authority-containment-rfc
Jul 11, 2026
Merged

Define authority containment and credential binding#5
SoundBlaster merged 3 commits into
mainfrom
codex/authority-containment-rfc

Conversation

@SoundBlaster

Copy link
Copy Markdown
Member

Motivation

The first dashboard-selected RFC slice (#1#5) left the protocol's core authority boundary partly advisory and did not define how a grant credential proves its runtime, agent, and passport binding.

Goals

  • Make runtime mediation a normative reference-monitor invariant.
  • Keep raw credentials and downstream delegation from becoming alternate authority paths.
  • Require application-verifiable grant binding and production proof-of-possession support.

Changes

  • Define the runtime reference-monitor role and require every agent-initiated Agent Surface action to traverse it.
  • Add credential binding requirements, DPoP/mTLS references, proof replay checks, and a sender-constrained production profile.
  • Make raw credential release default-deny behind the explicit credential.release capability with consent, approval, and receipts.
  • Define subdelegation rules for subagents, MCP servers, tools, remote models, adapters, and secondary runtimes.
  • Update review cards Add Agent Surface RFC draft #1Define authority containment and credential binding #5 to present and regenerate the standalone dashboard.

Validation

  • make review-build PYTHON=/opt/homebrew/opt/python@3.10/libexec/bin/python3
  • make review-check PYTHON=/opt/homebrew/opt/python@3.10/libexec/bin/python3
  • /opt/homebrew/opt/python@3.10/libexec/bin/python3 -m json.tool review/review-data.json >/dev/null
  • curl --fail --silent --show-error --location https://www.rfc-editor.org/rfc/rfc8705.txt -o /dev/null
  • curl --fail --silent --show-error --location https://www.rfc-editor.org/rfc/rfc9449.txt -o /dev/null
  • git diff --check

Boundaries and Non-Goals

  • Does not define a single interoperable OAuth, DPoP, mTLS, or workload-identity wire profile; those remain follow-up profile work.
  • Does not implement the next dashboard groups, including OAuth RAR, Token Exchange, or grant hashing.
  • This PR is intentionally left unmerged for review.

Notes

  • A production application must not authorize a surface action on mere bearer-token possession; a development or compatibility bearer profile remains explicitly labeled.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e5ad7a2a62

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread drafts/agent-surface.md Outdated

@SoundBlaster SoundBlaster left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed current head a8dbce5. make review-check, JSON parsing, git diff --check, and the GitHub Docs check all pass; the generated dashboard is current. I found four normative/security conflicts and one consistency issue below. I would treat the P1 items as merge blockers. This is submitted as COMMENT because the connected GitHub account owns the PR.

Comment thread drafts/agent-surface.md
Comment thread drafts/agent-surface.md Outdated
Comment thread drafts/agent-surface.md Outdated
Comment thread drafts/agent-surface.md Outdated
Comment thread drafts/agent-surface.md
@SoundBlaster SoundBlaster merged commit 8ba118f into main Jul 11, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant