Skip to content

Enhance Fides v2 features and documentation updates#105

Merged
EfeDurmaz16 merged 282 commits into
mainfrom
fides-v2-agent-trust-fabric
May 30, 2026
Merged

Enhance Fides v2 features and documentation updates#105
EfeDurmaz16 merged 282 commits into
mainfrom
fides-v2-agent-trust-fabric

Conversation

@EfeDurmaz16

@EfeDurmaz16 EfeDurmaz16 commented May 30, 2026

Copy link
Copy Markdown
Owner

No description provided.

@efebarandurmaz
feat(api): add local runtime attestations
dfb36a9
@efebarandurmaz
feat(discovery): clarify url-less local resolution
2ef1955
@efebarandurmaz
feat(api): add local registry relay discovery aliases
4dd28f8
@efebarandurmaz
feat(api): add local delegation endpoint
8aeb162
@efebarandurmaz
feat(sdk): expose local discovery authority surfaces
956bbb4
@efebarandurmaz
feat(cli): add local registry relay commands
93304c0
@efebarandurmaz
feat(evidence): wire root local evidence ledger
cf23db7
@efebarandurmaz
fix(api): require auth for root evidence writes
e499434
@efebarandurmaz
feat(sdk): expose root evidence append inspect
96d6b72
@efebarandurmaz
fix(api): require auth for root discovery writes
b746376
@efebarandurmaz
feat(discovery): add provider-specific root aliases
fc6a5c9
@efebarandurmaz
feat(cli): add provider discovery options
d5ded4a
@efebarandurmaz
feat(demo): execute local trust fabric scenario
5e5e2df
@efebarandurmaz
feat(sim): execute local adversarial harness
957ea3f
@efebarandurmaz
feat(agentd): persist local state in sqlite
0b40335
@efebarandurmaz
feat(sdk): expose agentd local state health
c52a2e6
@efebarandurmaz
feat(discovery): filter incompatible protocol versions
81acb3b
@efebarandurmaz
feat(discovery): negotiate provider record versions
4a0ca45
@efebarandurmaz
feat(dht): sign and verify local pointer records
c1b9e7d
@efebarandurmaz
feat(relay): expose signed agent card references
2191041
@efebarandurmaz
feat(registry): sign local index records
4db5ece
@efebarandurmaz
feat(cli): expose discovery version controls
f7ec091
@efebarandurmaz
feat(sdk): type discovery provider surfaces
a3098dc
@efebarandurmaz
feat(demo): verify signed provider records
dd12c4e
@efebarandurmaz
feat(core): propagate typed error envelopes
e45f4a0
@efebarandurmaz
chore(cli): add workspace binary scripts
dd0d003
@efebarandurmaz
fix(cli): infer agentd binary name
6d96f4e
@efebarandurmaz
feat(invocation): sign local invocation results
4e3b62e
@efebarandurmaz
feat(invocation): verify signed invocation requests
173712a
@efebarandurmaz
feat(invocation): enforce capability schemas
5f65a1b
@efebarandurmaz
test(examples): enforce v2 capability names
99d40b2
@efebarandurmaz
docs: record v2 example cleanup
e42eece
@efebarandurmaz
feat(packages): add daemon and runtime effect boundaries
33a6de8
@efebarandurmaz
docs: record daemon package boundary
221fb7a
@efebarandurmaz
feat(packages): publish guard and adapters surfaces
86c719e
@efebarandurmaz
docs: record public package surface gate
ebce8df
@efebarandurmaz
test(examples): enforce target agent layout
cb14b16
@efebarandurmaz
docs: record target example layout gate
34971a6
@efebarandurmaz
test(adapters): audit rust adapter readiness
061d14e
@efebarandurmaz
docs: record rust adapter readiness gate
d2d9e48
@efebarandurmaz
feat(delegation): add canonical delegation tokens
ad606ec
@efebarandurmaz
docs: record canonical delegation tokens
c6a7c1e
@efebarandurmaz
feat(agentd): accept canonical delegation tokens
7299649
@efebarandurmaz
test(cli): stabilize entrypoint failure formatting test
e7263e7
@efebarandurmaz
feat(cli): sign invocation requests
c066f90
@efebarandurmaz
feat(cli): accept signed delegation tokens
11b4cad
@efebarandurmaz
docs: document signed authority cli flows
3ab5ec2
@efebarandurmaz
test(cli): smoke signed authority flows
ee009f3
@efebarandurmaz
docs: add contribution guide
9c89cfc
@efebarandurmaz
docs: add release notes snapshot
6e7e4af
@efebarandurmaz
ci: run agentd dx smoke
88196d4
@efebarandurmaz
docs: improve public package readmes
101bf68
@efebarandurmaz
test(cli): audit phase 22 command matrix
6aa837a
@efebarandurmaz
test(cli): audit delegation command surface
9233602
@efebarandurmaz
test(docs): audit fides v2 documentation contract
9421fdf
@efebarandurmaz
feat(attestations): add generic attestation object
4522ae3
@efebarandurmaz
feat(attestations): expose generic attestation facade
7e34fed
@efebarandurmaz
feat(agentd): add generic attestation api
1199fa3
@EfeDurmaz16 EfeDurmaz16 merged commit 1cc4434 into main May 30, 2026
6 of 8 checks passed
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 30, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1199fa313c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread services/agentd/src/index.ts
Comment on lines +1615 to +1617
const runtimeAttestationValid = typeof body.runtimeAttestationValid === 'boolean'
? body.runtimeAttestationValid
: await verifyLocalRuntimeAttestation(typeof body.attestationId === 'string' ? body.attestationId : undefined, targetAgentId)

@chatgpt-codex-connector chatgpt-codex-connector Bot May 30, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Require server-side attestation verification

For POST /sessions, a caller requesting a high-risk capability can include runtimeAttestationValid: true, and this value is passed directly into evaluateFidesPolicy instead of verifying a stored attestation. That bypasses the intended runtime-attestation/approval gate and lets unauthenticated request payload state turn a session from APPROVAL_REQUIRED into an authorized grant; the same pattern on approvalGranted should also be tied to an actual approved request rather than a client boolean.

Useful? React with 👍 / 👎.

Comment thread packages/core/src/agent-card.ts
Comment on lines +158 to +160
id: `${card.identity.did}#ed25519`,
type: 'Ed25519' as const,
publicKey: bs58.encode(card.identity.publicKey),

@chatgpt-codex-connector chatgpt-codex-connector Bot May 30, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Revive persisted public keys before encoding

When agentd runs with the new default SQLite local-state store, identities are saved via JSON and reloaded in hydrateLocalState without converting identity.publicKey back to a Uint8Array; creating another AgentCard for that persisted identity after a restart then reaches this bs58.encode(card.identity.publicKey) call with a plain JSON object and fails instead of creating the card. Normalizing/reviving the key from publicKeyHex or accepting serialized byte arrays here would keep persisted local identities usable across restarts.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EfeDurmaz16 @efebarandurmaz