feat: org setting to block attestations on released versions#3175
Conversation
Add an opt-in organization-level setting, block_attestations_on_released_versions, that rejects new attestations targeting project versions that are already released (prerelease == false). Default is false, preserving current behavior. Enforcement happens at two points: at attestation init, transactionally with a row lock when resolving the project version, providing fail-fast feedback before any work is done; and at push in SaveAttestation, which acts as the authoritative gate closing the window where a version could be released between init and push. Both return a dedicated typed error mapped to a FailedPrecondition gRPC code so the CLI surfaces a clear message. The setting is exposed through the organization settings API and the chainloop organization update CLI command. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 146f4ecb-bdc9-4562-8b1b-2481ea10d7bf
AI Session Analysis
|
| Status | Policy | Material | Messages |
|---|---|---|---|
| ✅ Passed | ai-config-ai-agents-allowed |
ai-coding-session-146f4e |
- |
| ✅ Passed | ai-config-no-dangerous-commands |
ai-coding-session-146f4e |
- |
ai-config-no-secrets |
ai-coding-session-146f4e |
Potential secret (Quoted API key/password) found in session content [turn=130, source=tool_result, line=58, value=PASSWORD...ase"] | |
| ✅ Passed | ai-config-mcp-servers-allowed |
ai-coding-session-146f4e |
- |
Powered by Chainloop and Chainloop Trace
There was a problem hiding this comment.
1 issue found across 37 files
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
Surface the org-level setting in `chainloop organization describe` so admins can confirm whether the guard is enabled. Rendered only when on, matching the existing selective output style. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 146f4ecb-bdc9-4562-8b1b-2481ea10d7bf
Add codes.FailedPrecondition to the set of gRPC codes whose server message is surfaced verbatim, stripping the wrapped chain prefix. This makes the released-version immutability error read as a clear, actionable message on both attestation init and push. Also align the organization describe output to use a colon separator for the policy strategy line, consistent with the other settings rows. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 146f4ecb-bdc9-4562-8b1b-2481ea10d7bf
The push-side guard previously read the project version's release status and then persisted the attestation in separate operations, leaving a TOCTOU window where a concurrent release could be bypassed (identified by cubic). Move the prerelease check into the persistence transaction and lock the project version row (FOR UPDATE) so the check and the attestation write are atomic and serialized against a concurrent release. The organization setting is resolved up front and threaded into the repo persistence methods, matching how the init path already passes the flag down. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 146f4ecb-bdc9-4562-8b1b-2481ea10d7bf
Summary
Adds an opt-in organization-level setting,
block_attestations_on_released_versions, that prevents new attestations from being pushed to project versions that are already released (prerelease == false). The default isfalse, so existing behavior is unchanged.When enabled, attempting to attest against a released version fails hard with a dedicated typed error mapped to a
FailedPreconditiongRPC code, so the CLI can render a clear, actionable message.Enforcement
The guard is applied at two points:
SaveAttestation) — the authoritative gate that closes the window where a version could be released concurrently between init and push.Exposure
The setting is exposed through the organization settings API and the
chainloop organization update --block-attestations-on-released-versionsCLI command.Closes #3174
AI assistance disclosure
This contribution was assisted by Claude Code.