build(deps): bump actions/checkout from 4 to 6#40
Open
dependabot[bot] wants to merge 175 commits into
Open
Conversation
Complete architectural rewrite from Python/FastAPI to Go single binary, implementing the unified-core-plus-thin-adapters model. What's new: - Single ~13MB statically-linked Go binary (CGO_ENABLED=0) - Invariant Core: Policy Engine (YAML + expr-lang bytecode), DPR Chain, Session State, DEFER workflow — identical across all adapter environments - WAL ordering invariant: fsync before decision returned, no execution without durable audit record, DENY on WAL write failure - A1 SDK adapter: JSON-over-Unix-socket server, auto-started by govern() - Python SDK: govern() decorator with functools.wraps, type preservation, LangChain @tool metadata, DenyError/DeferredError, _binary.py downloader - faramesh demo: "docker run hello-world" moment, < 3 seconds, zero config - faramesh serve: governance daemon with WAL + SQLite DPR store - faramesh policy validate/inspect: policy linting and inspection - faramesh audit tail/verify: live decision stream + DPR chain verification - faramesh init: environment auto-detection (Python/K8s/Docker/Lambda/MCP) - faramesh agent approve/deny/kill: fleet management operations - Per-agent DPR chains with SHA256 integrity, UUID v7 record IDs - Pre-execution scanners: destructive shell, secret detection Architecture principles: - Invariant core: policy engine, DPR chain, session state, DEFER workflow run identically regardless of adapter - Non-bypassability documented per adapter (A1 threat model in README) - Credential broker, A3 proxy, A5 MCP, A6 eBPF are Phase 2 Closes: initial MVP milestone
- ci.yml: go vet, go test -race, cross-compile check (5 platforms), faramesh demo smoke test - release.yml: on v*.*.* tag → cross-compile binaries + SHA256 checksums, Docker multi-arch push to ghcr.io, GitHub Release with all artifacts, Python SDK publish to PyPI - Remove old Python lint/test/build/publish workflows
- Add install.sh (curl | sh, detects OS/arch, verifies SHA256) - README: fix all install commands to use verified working paths - brew install faramesh/tap/faramesh (tested ✓) - curl raw.githubusercontent.com/install.sh (tested ✓) - ghcr.io/faramesh/faramesh Docker image - go install .../cmd/faramesh@latest - release.yml: add update-homebrew job (auto-updates formula SHA256s on release) - release.yml: fix release notes install commands - Python SDK: bump to 1.0.0 - Tag as v1.0.0 (supersedes old Python v0.3.0; this is a full rewrite)
…n codes Authentication & Cloud Sync (horizon-auth) - Add `faramesh auth login/logout/status` and `faramesh whoami` shortcuts - Token stored in ~/.faramesh/auth.json (mode 0600) with atomic tmp→rename writes - Validates token against Horizon /v1/auth/me; works offline with warning - Add `faramesh serve --sync-horizon` to stream DPR decisions to Horizon API - cloud.Syncer: batched flush every 2s or 50 records, buffer 1000, retry on error - core.DecisionSyncer interface keeps core/ free of cloud/ imports - daemon.horizonSyncAdapter bridges core.Decision → cloud.Syncer.SendDecision Adapters - internal/adapter/proxy/server.go: A3 HTTP external authz proxy (Envoy/Kong) POST /v1/authorize, POST /v1/approve, GET /v1/defer/status - internal/adapter/mcp/gateway.go: A5 MCP Gateway (stdio + HTTP transports) Intercepts tools/call, returns MCP error on DENY, pending_approval on DEFER Core hardening - internal/core/reasons/codes.go: formal reason code constants throughout - pipeline.go: budget enforcement (max_calls, session_usd, daily_usd) - pipeline.go: expose session.history.* and tool.* metadata to policy conditions - pipeline.go: DPR chain seeded from SQLite on restart (chain continuity) - pipeline.go: fixed double Defer() via DeferWithToken (idempotent) - defer/workflow.go: DeferStatus enum + resolved map for accurate status reporting - dpr/sqlite.go: KnownAgents() for chain seeding - session/state.go: AddCost/CurrentCostUSD/DailyCostUSD for CostShield Policy CLI - `faramesh policy test <file> --tool <id> --args <json>`: dry-run decisions - `faramesh policy diff <old> <new>`: rule-level diff between policy versions - policies/default.yaml: rewritten to valid FPL v1.0 schema (was Python format) Product PRDs - docs/products/HORIZON.md, HUB.md, TESSERACT.md, COSTSHIELD.md, SVERM.md Python SDK: bump version to 1.0.0
…ization
Sequential enforcement (Cat 1 gap — the main one)
- Add history_contains_within(tool_pattern, seconds) bool to policy condition surface
Example: when: "history_contains_within('http/post', 120)"
- Add history_sequence(tool_a, tool_b, ...) bool — ordered trajectory detection
Example: when: "history_sequence('read_file', 'http/post')"
- Add history_tool_count(tool_pattern) int — burst/rate detection
Example: when: "history_tool_count('stripe/*') >= 5"
- All three are live closures over the actual session history at eval time
- Add policies/examples/sequence_enforcement.yaml with exfil, credential, burst patterns
- Add 4 passing tests covering exfil→delete, dangerous trajectory, burst, innocent delete
USD budget enforcement bug (Cat 1/8 gap)
- sess.AddCost() was never called in the pipeline, making session_usd/daily_usd
budget checks read zero forever (silent fail-open for cost limits)
- Add Tool.CostUSD field to policy schema (cost_usd per tool declaration)
- Pipeline now calls accountCost() asynchronously after PERMIT/SHADOW
so declared cost accumulates correctly against budget thresholds
Args canonicalization (Cat 2 gap)
- Null-field stripping: {amount:500, extra:null} and {amount:500} now canonical-equal
for both policy evaluation and DPR structural signature
- Float precision normalization: 0.1+0.2 → 0.3 (rounds to 9 decimal places)
eliminates IEEE 754 artifacts from LLM arithmetic before policy evaluation
- canonicalizeArgs() runs at step [0] of every Evaluate() call
- Add 2 passing tests for null stripping and float normalization
Glob overlap / unreachable rule detection (Cat 5 gap)
- policy validate now detects when an earlier broad glob pattern shadows a later rule
- stripe/* before stripe/refund → "may be unreachable" warning
- Uses probe set of ~30 representative tool IDs to test pattern coverage
- Duplicate rule ID detection also added
- Warnings print in yellow, exit 0 (non-fatal); hard errors still exit 1
…mework adapters Credential Broker (6 backends): - Azure Key Vault (OAuth2 client credentials, REST API v7.4) - 1Password Connect (vault/item lookup via Connect API) - Infisical (REST API v3, project/environment scoped) - Existing: HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager Cross-Platform Network Interception: - macOS: proxy env vars (HTTP_PROXY/HTTPS_PROXY/ALL_PROXY) + PF rules with sudo - Windows: proxy env vars + WinDivert stub (pre-signed driver bundling) - Linux: iptables REDIRECT in network namespaces (existing) - Universal: ProxyEnvVars() cross-platform helper Framework Auto-Patching (13 frameworks): - LangGraph, LangChain, CrewAI, AutoGen/AG2, OpenAI Agents SDK - Pydantic AI, Google ADK, LlamaIndex, AWS Strands Agents - Smolagents, Haystack, Deep Agents (middleware), AWS Bedrock AgentCore faramesh run enforcement: - Detects OS and activates strongest available enforcement - macOS/Windows: proxy env vars injected into child process - Enforcement report shows per-layer status and trust level - Trust levels: STRONG (Linux+root), MODERATE, PARTIAL, CREDENTIAL_ONLY OS enforcement (Linux, wired into faramesh run): - seccomp-BPF immutable syscall filter - Landlock LSM filesystem restrictions - Network namespace + iptables REDIRECT All Go tests pass (28+ packages). All Python SDK tests pass (31 tests).
…ler, MIT license - Add .gitattributes for FPL file detection and example .fpl policies - Add FPL language reference documentation (docs/fpl/LANGUAGE_REFERENCE.md) - Add structured FPL parser, NLP compiler, and decompiler - Add 15 new CLI command families (session, credential, identity, provenance, model, schedule, incident, ops, delegate, federation, status, stop, policy-nlp) - Add shared daemon HTTP client for consistent CLI output - Add Homebrew formula and interactive install.sh with checksum verification - Add reproducible build and release Makefile targets - Switch license from Elastic License 2.0 to MIT - Rewrite README with FPL examples, architecture diagram, 130+ CLI commands
Creates the npm/faramesh package with a postinstall script that downloads the platform-specific binary from GitHub releases and a thin wrapper script that proxies CLI args to the real binary.
- Rewrite CONTRIBUTING.md from Python/pip to Go toolchain - Rewrite SECURITY.md with accurate enforcement architecture - Fix CODEOWNERS paths to match actual Go project layout - Fix NOTICE to reference MIT license - Fix PR template and bug report template (Go, not Python) - Update CI workflow: add lint job (golangci-lint), validate FPL examples, separate test/build/cross-compile/docker jobs - Rewrite README: FPL as THE standard policy language, YAML as alternative interchange format, CI badge, Go Report Card badge, release badge, policy packs table, comparison table vs Rego/Cedar - Add 3 new FPL policy packs: starter.fpl, customer-support.fpl, mcp-server.fpl
…nal files - Convert all YAML policies to FPL in policies/ and packs/ (18 files) - Add Python and TypeScript SDKs (sdk/python, sdk/node) - Fix CI: define O_PATH and SYS_SECCOMP constants for sandbox, fix release-gate workflow paths, fix eBPF adapter Close() call - Remove internal files: IMPLEMENTATION_PLAN.md, NOTICE, docs/products/, docs/LAUNCH_POST_KIT.md, docs/MVP_PRODUCTION_RUNBOOK.md, faramesh/policy.yaml - Remove redundant "Faramesh" h1 from README (logo already has it) - Add SDKs section to README
- Update TestSeedPacksValidate to handle .fpl files using the FPL parser instead of the YAML loader - Downgrade go directive from 1.25 to 1.23 to fix golangci-lint compatibility (lint tool built with Go 1.24 cannot target 1.25)
…flict) - All CI jobs now use go-version-file: go.mod instead of hardcoded versions - Remove golangci-lint action (built with Go 1.24, incompatible with our module version). go vet provides sufficient static analysis. - Remove Go 1.22 from test matrix (not supported, causes covdata errors) - Downgrade go directive to 1.23.0
LoadFile now detects .fpl extension and parses with the FPL toolchain instead of trying YAML. The policy validate command uses FPL-native parsing and compilation for .fpl files, while YAML files continue through the existing expr-lang validation path. Also extends the FPL credential block parser to accept backend, path, and ttl keywords, and adds deny! support in phase blocks.
Updated logo path in README to reflect new directory structure.
…pair; audit exposes signature verification
…eline config flag to enable it
…; make key export minimal by default with --verbose
…ence/verification
- Remove unused 'encoding/base64' import from verify.go - Export ComputeSignerIDFromPubB64, MarshalWithoutSignature, AttachOperatorSignature, VerifyOperatorSignature methods - Add standalone ComputeSignerIDFromPubB64 utility function for CLI usage - Update compliance.go to use exported methods and standalone function - Verify build and full test suite pass
Phase 1: Type System & Decision Framework - Add EffectModify and EffectStepUp to Effect enum in types.go - Extend Decision struct with: - ModifiedArgs, ModifyReason, RequiredModifications (for MODIFY effect) - ElevationLevel, RequiredAuthority, StepUpReason, StepUpToken (for STEP_UP effect) - Add DeferCascadePolicy struct for cascade configuration: - MaxDepth, OnMaxDepthReached, MaxTotalResolveTime, DetectCycles - Extend Handle struct in defer/workflow.go with cascade tracking: - ParentDeferToken, CascadeReason, CascadeDepth, CascadePath - Add Handle.GetCascadeMetrics() and Handle.IsInCascade() methods - Extend DeferItem in defer/backends with cascade fields - All changes compile; full test suite to run in Phase 2+
Phase 2: Policy Language Support (FPL Parser) - Extended fpl.ebnf grammar with StructuredEffect rule - Added ModifyEffect rule with limit, required, reason properties - Added StepUpEffect rule with level, authority, reason properties - Updated SimpleEffect uses (DefaultDecl, BudgetProp, SelectorProp) - Extended Rule struct in policy schema with: - ModifyArgs, ModifyReason, ModifyRequired (for MODIFY effect) - StepUpLevel, StepUpAuthority, StepUpReason (for STEP_UP effect) - All changes compile; policy package builds successfully
Phase 3: Pipeline Integration - Add MODIFY case in effect switch (extracts ModifyArgs, ModifyReason, RequiredModifications) - Add STEP_UP case in effect switch (internally converts to elevated DEFER with routing) - MODIFY allows action with constraints extracted from policy rule - STEP_UP creates elevated DEFER workflow with elevation level and authority routing - Extract structured effect data from matched policy rule - All builds pass; policy tests pass (policy package)
…tore Introduces the delegation grant primitive as a self-contained core package with no daemon wiring. Addresses RFC #29 part 1: persistent, auditable storage as a prerequisite for any transport surface. internal/core/delegate provides: - Grant + Store interface (Insert / GetByToken / ListByAgent / ListInbound / Revoke), with both an in-process MemoryStore (for tests and ephemeral flows) and an on-disk SQLiteStore (for evidence-trail persistence). - HMAC-signed opaque tokens ("del_<b64payload>.<b64hmac>") whose signing key is derived from the existing DPR HMAC key with a fixed domain separator, so no second persisted secret is required. - A Service orchestrator that derives chain depth from inbound grants, enforces a configurable maximum depth, validates that chained scopes are subsets of their parent, and reconstructs delegation chains with cycle detection. The SQLiteStore follows the project's existing pattern (modernc.org/sqlite, WAL journaling, busy_timeout, single-writer connection pool, idempotent CREATE TABLE IF NOT EXISTS migration). Default on-disk path is ${data_dir}/delegations.db, matching the convention used by the daily-cost and DPR stores. Tests cover token roundtrip and tamper rejection, scope-subset and depth enforcement, lifecycle states (active / revoked / expired), chain reconstruction including cycle termination, and SQLite-specific concerns: duplicate-token rejection, listing, and persistence across reopen. docs/guides/DELEGATION_GRANTS.md documents the model, token format, on-disk schema, and operational notes (backup, key rotation, multi-instance considerations). No daemon route changes in this PR — transport is deliberately deferred to the follow-on PR per the RFC's split.
Builds on the core/store work to expose the delegation control surface
through the existing authenticated SDK socket dispatch ("type":"delegate"
with an op field for grant/list/revoke/inspect/verify/chain). All
operations require the daemon's admin token via authorizeControlAdmin —
including reads, since exposing who has authority over whom is itself
sensitive.
Daemon wiring:
- Open a SQLiteStore at ${data_dir}/delegations.db on start; close on
shutdown alongside the other persistent stores.
- Build the delegate.Service with a key derived from the existing DPR
HMAC key, and inject it into the SDK server via SetDelegateService.
- New Config.DelegateMaxDepth knob, falling back to delegate.DefaultMaxDepth
when zero.
The handler is gated on s.delegate being set, so a daemon misconfiguration
fails closed rather than panicking. Routes intentionally do not appear on
the metrics mux (per RFC #29).
Tests cover unauthenticated rejection, bad-token rejection, service-
unavailable behaviour, error category propagation for invalid requests,
and a full grant → list → verify → revoke → verify lifecycle plus chain
reconstruction over the socket protocol.
CLI integration is intentionally deferred to the follow-on PR per the
RFC's split.
Updates `faramesh delegate` to talk to the daemon over the SDK socket
(`{"type":"delegate","op":...,"admin_token":...}`) introduced in the
prior PR, with optional HTTP fallback (matching the existing `compensate`
and `credential` patterns).
- Adds a `--admin-token` flag, plus env-var fallback to
FARAMESH_STANDING_ADMIN_TOKEN and FARAMESH_POLICY_ADMIN_TOKEN.
- All six commands (grant / list / revoke / inspect / verify / chain)
use a single `delegateSocketRequestWithHTTPFallback` helper, so
authentication and transport selection live in one place.
- Revoke output now surfaces the count when more than one grant matched.
docs/guides/DELEGATION_GRANTS.md gains a CLI Usage section showing the
full grant lifecycle and the admin-token resolution order.
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Contributor
Author
|
Dependabot attempted to update this pull request, but because the branch |
amjad-fatmi
force-pushed
the
main
branch
2 times, most recently
from
2abfac9 to
5ecbb71
Compare
Contributor
Author
|
Dependabot can't parse your ci.yml. Because of this, Dependabot cannot update this pull request. |
3 similar comments
Contributor
Author
|
Dependabot can't parse your ci.yml. Because of this, Dependabot cannot update this pull request. |
Contributor
Author
|
Dependabot can't parse your ci.yml. Because of this, Dependabot cannot update this pull request. |
Contributor
Author
|
Dependabot can't parse your ci.yml. Because of this, Dependabot cannot update this pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)