User/jhendler/0.3.6 #31
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… permissions
CRITICAL SECURITY FIXES:
1. [CRITICAL] Key derivation now uses PBKDF2-HMAC-SHA256 with 100,000 iterations
instead of single SHA-256 hash. Previous approach was vulnerable to brute-force.
- jacs/src/crypt/aes_encrypt.rs: Added derive_key_pbkdf2() with configurable
iterations, salt generation, and proper key derivation
- Added MAGIC_HEADER to distinguish new format from legacy encrypted keys
- Backward compatible: auto-detects and reads legacy format
2. [CRITICAL] Crypto panic handling: Replaced .expect() with .map_err() in
AES-GCM encrypt/decrypt. Crypto failures now return errors instead of panicking.
- Prevents potential denial of service from malformed ciphertext
3. [HIGH] Foreign signature verification: verify_wrapped_artifact() now properly
returns Unverified status for foreign agent signatures when public key is
unavailable. Previously incorrectly indicated verified.
- jacs/src/a2a/provenance.rs: Added VerificationStatus enum with Verified,
SelfSigned, Unverified, Invalid states
- Added is_verified(), is_invalid(), is_unverified() helper methods
4. [HIGH] Parent signature verification: verify_parent_signatures() now actually
recursively verifies parent signatures instead of always returning true.
MEDIUM SECURITY FIXES:
5. [MEDIUM] jacsnpm global singleton: Refactored from lazy_static! mutex to
JacsAgent NAPI class pattern. Multiple agents can now be used concurrently
in same Node.js process without shared mutable state.
- jacsnpm/src/lib.rs: Added JacsAgent struct with instance methods
- Legacy functions preserved with LEGACY_AGENT static for backward compat
6. [MEDIUM] Secure file permissions: Private keys now get 0600 permissions
(owner read/write only) and key directories get 0700 (owner rwx only) on
Unix systems. Prevents other users from reading private keys.
- jacs/src/keystore/mod.rs: Added set_secure_permissions() with Unix/non-Unix
conditional compilation
OTHER CHANGES:
- Added serial_test crate for test isolation (prevents env var conflicts)
- Regenerated test encrypted key fixtures with correct passwords per config
- Updated CHANGELOG.md with all security fixes under 0.3.6
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…`lazy_static!` mutex to `JacsAgent` PyO3 class pattern. Multiple agents can now be used concurrently in the same Python process. The `Arc<Mutex<Agent>>` pattern ensures thread-safety and works with Python's GIL as well as future free-threading (Python 3.13+). Legacy functions preserved for backwards compatibility. +
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.