Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
552 commits
Select commit Hold shift + click to select a range
4833f89
feat(capability): re-integrate W2 consent-request path (steps 3-4) + …
claude Jun 27, 2026
08329d0
feat(capability): W2 step 6 — the grant reads the binding (affordance…
claude Jun 27, 2026
83aa364
feat(capability): W2 step 7 — validate-and-consume endpoint + canonic…
claude Jun 27, 2026
025109e
feat(capability): W2 step 8 — ValidatedAffordanceGrant witness gates …
claude Jun 27, 2026
c290d65
feat(capability): W2 step 9 — signed AffordanceGrantReceiptV1 + block…
claude Jun 27, 2026
1365acc
test(capability): W2 step 10 — end-to-end affordance consent journey …
claude Jun 28, 2026
f531f31
chore(w2): step 11 — pin consent-path invariants in the alignment gat…
claude Jun 28, 2026
b750d25
feat(reach): W0a — core-derived ReachDescriptorV1 (the honest halo en…
claude Jun 28, 2026
808e3c3
feat(reach): W0b — project core-derived reach onto the catalog the sh…
claude Jun 28, 2026
aad72ca
feat(reach): W1a — egress-as-capability model (Allowlisted vs Open, f…
claude Jun 28, 2026
15f2bcc
feat(supervisor): W3a — de-hardcode the shell (role-based active-shel…
claude Jun 28, 2026
494a626
docs(esp): W4 — ESP v0 protocol spec + shared TS types, extracted fro…
claude Jun 28, 2026
d94c2b8
feat(esp): W5a — two-channel projection client + hero consent act (ES…
claude Jun 28, 2026
d6192d0
feat(esp): W6 — shell-picker + refraction toggle (pure projection, fa…
claude Jun 28, 2026
6a996d1
feat(esp): W7 — export the signed receipt as the EU AI Act audit arti…
claude Jun 28, 2026
588f217
refactor(consent): W3b — name the consent-broker at its seam (not a w…
claude Jun 28, 2026
ac38220
fix(carrier): BUG-6 — bound carrier-bridge line reads before allocati…
claude Jun 28, 2026
173ecbb
fix(supervisor): BUG-8 — checked, collision-free vsock CID allocation
claude Jun 28, 2026
fada7b9
fix(carrier): BUG-5 — don't drop a consent grant that lands after the…
claude Jun 28, 2026
b72ab2f
fix(capability): BUG-4 safe slice — refund single-use grant on routin…
claude Jun 28, 2026
99163c4
docs(esp): W5b spec — the visual projection shell as component contracts
claude Jun 28, 2026
7d093a5
refactor(carrier): apply verified code-quality audit findings
claude Jun 28, 2026
74524a9
feat(capability): BUG-4 op-failure slice — ProviderError::DidNotAct +…
claude Jun 28, 2026
eb321a1
test(g3b): universal preview==enforce conformance pin across ALL prov…
claude Jun 28, 2026
d339058
docs(bug-4): record InspectProvider DidNotAct migration is a multi-ca…
claude Jun 28, 2026
6483e96
feat(authz): G3b drain ch1 — complete the verb map for 11 manifest-ba…
claude Jun 28, 2026
33a1a01
feat(manifests): G3b drain ch2 — split blanket capability blocks (did…
claude Jun 28, 2026
48085c1
feat(manifests): G3b drain ch3 — egress (net/exit) + encrypt manifest…
claude Jun 28, 2026
64fd85c
feat(manifests): G3b drain ch4 — browser-actuator manifest split
claude Jun 28, 2026
ea7398e
docs(w1b): egress-firewall design — turn the reach model into enforce…
claude Jun 28, 2026
ee33170
feat(carrier): BUG-4 first real DidNotAct migration — CarrierGossipPr…
claude Jun 28, 2026
45f290e
fix(carrier): close the BUG-5 HTTP-poll residual (trailing read)
claude Jun 28, 2026
18fcf44
feat(carrier): BUG-4 second DidNotAct migration + more gossip rejections
claude Jun 28, 2026
e661b46
feat(carrier): refine DidNotAct contract (capacity≠no-op) + ContentPr…
claude Jun 28, 2026
64a264a
feat(content): drain ContentProvider write-path request-shape rejecti…
claude Jun 28, 2026
ae080a7
feat(content): finish publish request-shape drain (DidNotAct)
claude Jun 28, 2026
4f81209
docs(handoff): make READY_FOR_CURSOR comprehensive — no blind spots
claude Jun 28, 2026
9542e1e
G8b: make token-level capability revoke fail-closed (durable signed c…
claude Jun 28, 2026
ee29bcf
G8b verify-on-read: opt-in durable, tamper-verified audit log
claude Jun 28, 2026
d169c70
G8 verify-on-read: close tail-truncation with a committed head-anchor
claude Jun 28, 2026
71c2b30
spend meter: land the per-capsule budget mechanism (NEXT-band foothold)
claude Jun 28, 2026
1c1f81a
act-over-MCP: wire the spend meter into the carrier act path (fail-cl…
claude Jun 28, 2026
e4e8acb
spend meter: provider-reported variable cost (bound real spend, not c…
claude Jun 28, 2026
27f92aa
spend meter: meter microVM capsule acts under the canonical vm-{name}…
claude Jun 28, 2026
5b0e0d3
spend meter: meter WASM capsule acts (the third/last carrier act path)
claude Jun 28, 2026
0563d74
spend meter: read-only BudgetSnapshot projection + honest path accoun…
claude Jun 29, 2026
624ed95
spend meter: project a capsule's live budget on the inspector (read-o…
claude Jun 29, 2026
f639226
audit: live full-chain verify-on-read on the inspector (beyond startup)
claude Jun 29, 2026
74c9573
W7: make the EU-AI-Act audit artifact self-verifying (embed ChainAtte…
claude Jun 29, 2026
fc4c712
audit: inspector audit_attestation op — the live global chain read pa…
claude Jun 29, 2026
4632c0e
gateway: thread the shared spend meter onto GatewayState (unification…
claude Jun 29, 2026
da7783e
gateway: meter the consent/affordance dispatch — unify the budget acr…
claude Jun 29, 2026
1e6a2ed
gateway: unify the audit sink onto the shared custody chain (durable-…
SashaMIT Jun 29, 2026
65e5a58
esp: project spend_budget + audit.chain as read-only view-models (W5b)
SashaMIT Jun 29, 2026
3f374ba
gateway: prove the unified audit sink with a real content_open + chai…
SashaMIT Jun 29, 2026
81be538
esp: homeCustodyView — pure composition of spend + audit for the Home…
SashaMIT Jun 29, 2026
9dc41b5
esp(W5b): <CapsuleCustodyPanel> Svelte paint + headless SSR snapshot …
SashaMIT Jun 29, 2026
871c8da
signature(AUD-1): fail-closed from_trusted_keys_hex activation seed +…
SashaMIT Jun 29, 2026
f8ae852
esp(W5b): <CapsuleDetail> — compose trust + custody as independent ch…
SashaMIT Jun 29, 2026
5d4f4c7
supervisor(AUD-1): pin the config-hex -> seed -> gate activation roun…
SashaMIT Jun 29, 2026
c77ac9b
verify(microVM): 7/7 spend+audit on real nested-KVM + act-emitter fix…
SashaMIT Jun 29, 2026
76cc209
feat(W1b): egress-firewall enforcement spine (default-deny + lifecycl…
SashaMIT Jun 30, 2026
57a3b06
feat(W1b): C3-glue — kernel egress drops become signed EgressDenied c…
claude Jun 30, 2026
85c22ac
verify(W1b): egress-firewall spine VERIFIED 7/7 on real kernel + supp…
SashaMIT Jun 30, 2026
267cb17
fix(supervisor): BUG-2/BUG-3 — stop leaking the microVM Carrier bridg…
SashaMIT Jun 30, 2026
bd23ec9
fix(supervisor): BUG-7 — reap dead carrier services via a pending-saf…
SashaMIT Jun 30, 2026
aa09f6b
test(supervisor): box-validate BUG-2/3/7 VM-lifecycle leak fixes on r…
SashaMIT Jun 30, 2026
31bef0e
docs(KNOWN_GAPS): log G-EGR-TIDY — empty per-VM egress nft table not …
SashaMIT Jun 30, 2026
c281c4e
esp(W5b): <Home> fleet surface — independent honest paint at fleet sc…
claude Jun 30, 2026
4cd2bf1
esp(W5b): Home fleet data path — catalog ⨝ inspector custody, fail-ho…
claude Jun 30, 2026
9fac7f9
feat(G2b): wire verified_signer at launch so inspector trust is "veri…
claude Jun 30, 2026
478fd4d
esp(W5b): scope Home to user-facing capsules — stop infra providers c…
claude Jun 30, 2026
5d08a03
test(gateway): add sanctioned #[ignore] dev-mint for a local SYSTEM h…
SashaMIT Jun 30, 2026
8fe5e3b
docs(KNOWN_GAPS): pin G-AUTH-LOCAL — proof-unbound SYSTEM token skips…
SashaMIT Jun 30, 2026
dfd1169
esp(W5b): add homeFleetScope (user-facing AND installed) — the runnin…
claude Jun 30, 2026
0110d7d
docs(design): intent-proof loop — the prover/verifier loop for agent …
claude Jun 30, 2026
6a14f4d
feat(intent-proof ch1): the two signed records + the fail-closed veri…
claude Jun 30, 2026
4913ba9
feat(intent-proof ch2): emit intent/denied/reconciled onto the signed…
claude Jun 30, 2026
3ace8d8
feat(intent-proof ch3): derive the standing envelope from a real Capa…
claude Jun 30, 2026
7c93c49
feat(intent-proof ch4): run_intent_gate — the fail-closed enforcement…
claude Jun 30, 2026
34030d7
feat(intent-proof ch5): project the verdict as a third independent cu…
claude Jun 30, 2026
b5e501b
feat(intent-proof ch5b): per-capsule intent-proof tally + AuditLog qu…
claude Jun 30, 2026
2a38131
fix(intent-proof ch5b): make the tally PRESENCE-aware (absent ≠ false…
claude Jun 30, 2026
4cbe50e
docs: bank intent-proof loop status (ch1–5b built; 5b-inspector + 4b …
claude Jun 30, 2026
334eb7f
docs: track the honest UI/shell integration gaps + pin ESP branding
claude Jul 1, 2026
5eb3dee
feat(dev): one-command shell bootstrap for macOS/arm64 (build all was…
SashaMIT Jul 1, 2026
072de9a
docs(dev-bootstrap): document the dKMS access model (on-chain token i…
SashaMIT Jul 1, 2026
87e9f7c
docs: add FLINT_MASTER_STATUS — the consolidated goal (3 tiers, merge…
claude Jul 1, 2026
0c5ea5a
esp(2a-lib): custodyDisplayRows — one tested display contract for eve…
claude Jul 1, 2026
fd1336a
inspector(2a-mount): mount the Custody panel into the capsule-inspector
claude Jul 1, 2026
2a8fe33
docs(status): mark Tier 2a done (custody panel mounted), 2b is next
claude Jul 1, 2026
98d6eea
inspector(2b): intent-proof custody channel — absent → LIVE end-to-end
claude Jul 1, 2026
fe9211f
intent(2c-1): StandingGrantStore — fail-closed issue/revoke registry
claude Jul 1, 2026
19e3e9e
intent(2c-2): dispatch_standing_act — run a self-declared act through…
claude Jul 1, 2026
f30646b
intent(2c-3): end-to-end proof — a real token runs the agent, revocat…
claude Jul 1, 2026
90b609d
docs(2c): state revocation semantics precisely (no over-claim)
claude Jul 1, 2026
95f2f7b
intent(2c-gw-A): StandingGrantService — the API-facing seam for stand…
claude Jul 1, 2026
e6609d3
gateway(2c-gw-B): shell-only issue/revoke standing-grant HTTP verbs
claude Jul 1, 2026
c7b61a8
gateway(2c-gw-C): read-only signed-intent preview verb (dry-run the g…
claude Jul 1, 2026
a360f1d
docs(esp): document the standing-grant verbs (issue/revoke/preview)
claude Jul 1, 2026
9339d10
merge: integrate 0.5.0 (People/Services/Browser-VM/WebRTC) onto flint
claude Jul 1, 2026
65b4691
fix(spend): restore WASM/carrier act-path spend metering after 0.5 merge
claude Jul 1, 2026
ea24e5d
test(runtime): restore flint's verified_signer_tests dropped in the 0…
claude Jul 1, 2026
02613d7
feat(inspect): graft 0.5 approved-provider dispatch onto the custody …
claude Jul 1, 2026
981ba78
feat(inspect): make approved-provider dispatch live on production reg…
claude Jul 1, 2026
763cac9
fix(registry): restore encrypt/publish/media to RESERVED_SUB_NAMES
SashaMIT Jul 1, 2026
0e03d59
test(auth): make trusted-auth-dir env tests hermetic under parallelism
SashaMIT Jul 1, 2026
95ff8f9
fix(runtime): macOS hardware-validation fixes from real-device bring-up
SashaMIT Jul 2, 2026
bfce458
fix(home): restore owned-open windows and open-target sources dropped…
SashaMIT Jul 2, 2026
a52bd5f
fix(carrier): restore localhost body-token redaction dropped in the 0…
SashaMIT Jul 2, 2026
01cae3d
fix(inspect): restore gate-preview schema, inbox-approval tests, and …
SashaMIT Jul 2, 2026
57fbee0
fix(capsules): satisfy fail-closed and boundary checks in capsule sou…
SashaMIT Jul 2, 2026
f46e634
fix(verify): make the full gate pass on macOS and align checkers with…
SashaMIT Jul 2, 2026
c0d457b
chore(lint): clear clippy -D warnings across the workspace
SashaMIT Jul 2, 2026
279dac1
fix(auth): attached host sessions carry an honest G-ID identity — unb…
claude Jul 2, 2026
1fc2a14
fix(registry): reserve market/object/operator-drive-adapter + manifes…
claude Jul 2, 2026
d9bf5cc
fix(inspect): request_act intake fails closed on undeclared op + rest…
claude Jul 2, 2026
8b688fc
feat(registry): pin security-critical sub-providers first-writer-wins
claude Jul 2, 2026
72a103c
refactor(test+api): unify DDRM env-lock across modules; dedup trusted…
claude Jul 2, 2026
e51be7b
docs+checker(inspect): align inspect/self to the live fail-closed sel…
claude Jul 2, 2026
930c9bd
fix(dkms): reject unknown fields on the Status/Shutdown protocol vari…
claude Jul 2, 2026
a89755c
docs(gaps): register AUD-6 (boot-critical registration warn-swallow) …
claude Jul 2, 2026
cfb77f0
docs(registry): reconcile KNOWN_GAPS + PRINCIPLES_CONFORMANCE with th…
claude Jul 2, 2026
4de24eb
feat(boot): fail loud if encrypt (CEK escrow) can't register + AUD-6 …
claude Jul 2, 2026
2ef8496
fix(carrier): bound line reads on the unauthenticated inbound + clien…
claude Jul 2, 2026
299b907
fix(carrier): lock the unauthenticated provider_invoke plane to read-…
claude Jul 2, 2026
2b6a29e
fix(egress): block IPv4-mapped IPv6 SSRF bypass in exit/net providers…
claude Jul 2, 2026
ace2df6
fix(audit): refuse signature-downgrade forgery in verify_chain (T4)
claude Jul 2, 2026
7502970
fix(egress+carrier): no auto-redirect follow (T5) + carrier operation…
claude Jul 2, 2026
4578168
style: rustfmt-canonicalize the audit/carrier T1/T2/T4 test additions
claude Jul 2, 2026
1ba016b
docs(known-gaps): record the 2026-07-02 audit swarm + T1–T6 closures
claude Jul 2, 2026
9837e6d
perf(vm-launch): reflink (CoW) the rootfs overlay instead of a full b…
claude Jul 2, 2026
dbd997c
perf(ddrm-open): run the content_open custody fsync off the tokio worker
claude Jul 2, 2026
9af4177
refactor(security): single-source the SSRF/CRLF/path-traversal valida…
claude Jul 2, 2026
40086d3
dev: added debug profile at build
irzhywau Jun 29, 2026
238e1e5
feat(dash): MPEG-DASH / CENC compliance for media assets (ELACITY-2283)
irzhywau Jul 2, 2026
939e44a
fix(runtime): DKMS quorum reliability + host-independent tests (ELACI…
irzhywau Jul 2, 2026
6798942
fix(runtime): harden DKMS lifecycle + CENC/socket safety from code re…
irzhywau Jul 2, 2026
04052ef
ci: port verify-ci/verify-capsules justfile recipes
irzhywau Jul 2, 2026
b419da2
Add the Elacity Bible: unified narrative canon for Elacity, ElastOS, …
claude Jul 2, 2026
a7c3ad6
Merge remote-tracking branch 'origin/fix/mpeg-dash-compliance' into c…
claude Jul 3, 2026
ab10be0
docs(consolidation): bank the w2 gateway consent-request patch + deci…
claude Jul 3, 2026
84ae217
restore(wasm): epoch-based operator termination lost in the mpeg-dash…
claude Jul 3, 2026
451faab
restore(media+creator): measured transcode-progress reporting lost in…
claude Jul 3, 2026
8d14230
feat(chain-provider): marketplace slice 1 — KID→ledger-tokenId resolv…
claude Jul 3, 2026
26abf3c
feat(market): slice 2 — buy/trade authorities (buy-invariant core + r…
claude Jul 3, 2026
2e8c3db
feat(market): slice 3 — /api/market/* + content-index + storefront ca…
claude Jul 3, 2026
a2dd4af
feat(market): slice 4 — library Acquire op (buy→pin) + open handoff
claude Jul 3, 2026
dd7ec4b
harden(wasm)+track(market): race-free epoch kill + register red-team …
claude Jul 3, 2026
b12528e
feat(market): slice 5 — wire the storefront into Home (routing + dev …
claude Jul 3, 2026
91ee5aa
docs(consolidation): zero-loss branch ledger — every branch → disposi…
claude Jul 3, 2026
39842a5
Consolidate all branches into flint-0.5 — marketplace + mpeg-dash + r…
SashaMIT Jul 3, 2026
a72e3e2
docs(audit): six-seat 0.01% audit + roadmap + investor one-pager
claude Jul 3, 2026
231025b
fix(chain-provider): close MKT-1 — fail-closed global uniqueness on t…
claude Jul 3, 2026
b2481b1
ci: clear consolidation gate drift (alignment tokens + clippy)
irzhywau Jul 3, 2026
a62fc05
perf+quality: type the mint error surface (MintError) + first audit-e…
claude Jul 3, 2026
662fc3f
docs(strategy): state-of-system + master plan — 8-seat grade, archite…
claude Jul 3, 2026
422ea5d
docs(vision): North Star for Flint — cross-industry panel synthesis (…
claude Jul 3, 2026
d5c80f1
docs(vision): reconcile North Star with the Fable logic audit
claude Jul 3, 2026
1c43160
docs(vision): production North Star — converged wedge (agent accounta…
claude Jul 3, 2026
c9dc7ef
feat(carrier): peer authentication (G-CARRIER-PEER) — verified DID + …
claude Jul 3, 2026
4601c9a
feat(audit): portable mandate receipt — the standalone 'admissible re…
claude Jul 4, 2026
178d3f9
feat(audit): per-mandate receipt scoped to one capability, set-bound …
claude Jul 4, 2026
ab7e329
feat(cli): elastos verify-receipt — independent, fail-closed mandate-…
claude Jul 4, 2026
7846c9c
feat(mandate): operator mandate lifecycle — grant, durably-attested r…
claude Jul 4, 2026
42696bf
fix(mandate): fold in guardian + red-team findings — durable enforcem…
claude Jul 4, 2026
028e88a
feat(mandate): operator mandate list + one-command demo of the full loop
claude Jul 4, 2026
2e94f48
fix(mandate): fold in Sprint 4 reviews — no LIVE lie after revoke-all…
claude Jul 4, 2026
43eb867
feat(mandate): wire the act leg — POST /api/standing-grants/dispatch …
claude Jul 4, 2026
0a3a300
fix(mandate): fold in Sprint 5 reviews — replay guard, agent-key bind…
claude Jul 4, 2026
6bfdd88
feat(mandate): real executor seam behind dispatch — reconciliation is…
claude Jul 4, 2026
8dd17b6
feat(mandate): wire the first real affordance — runtime.audit_verify …
claude Jul 4, 2026
6eeff99
feat(mandate): demo performs a real agent act end-to-end (grant → per…
claude Jul 4, 2026
1ca0f47
feat(mandate): second real affordance — runtime.content_seen, a state…
claude Jul 4, 2026
7b76a7b
feat(ui): Flint mandate-card dashboard — the accountability loop, mad…
claude Jul 4, 2026
8fdc134
fix(ui): fold in dashboard review — never fabricate a receipt, honest…
claude Jul 4, 2026
f95ea43
feat(shell): Mandates opens as a native app in the ElastOS shell
claude Jul 4, 2026
89110a1
fix(shell): fold in Mandates app review — mark the preview signer, co…
claude Jul 4, 2026
c9c6700
feat(shell): mandates app reads LIVE data over the home-gateway (Spri…
claude Jul 4, 2026
7eced9b
feat(shell): in-shell revoke — the mandate kill switch (Sprint 13)
claude Jul 4, 2026
4bb1fcb
fix(shell): fold in Sprint 13 council findings — wrong-target kill sw…
claude Jul 4, 2026
b9a83ac
feat(mandates): durable mandates — registry + replay guard survive re…
claude Jul 4, 2026
31bd767
fix(mandates): fold in Sprint 14 council findings — power-loss durabi…
claude Jul 4, 2026
c5922ff
feat(mandates): grant from the shell — issue a mandate in the Mandate…
claude Jul 5, 2026
0884689
feat(mandates): runtime.notify — the first side-effecting affordance …
claude Jul 5, 2026
7927145
feat(mandates): runtime.state_put — second side-effecting affordance,…
claude Jul 5, 2026
b31a925
feat(mandates): Agent State panel — the operator watches what agents …
claude Jul 5, 2026
60b6418
harden(mandates): bounded time-windowed replay guard — pay down G-M7
claude Jul 5, 2026
c29c909
docs(mandates): consolidation ledger — the Flint mandate engine, one …
claude Jul 5, 2026
bf80226
harden(mandates): G-M4 — agent-key binding by default, surfaced, and …
claude Jul 5, 2026
4064da0
Sprint 21 (G-M7): per-mandate dispatch rate budget + grant-existence …
claude Jul 5, 2026
ed5fd9c
Sprint 22: dispatch rate is a first-class mandate property (per-grant…
claude Jul 5, 2026
d5b23d9
Sprint 22 council fold: honest 429, service-layer budget invariant, u…
claude Jul 5, 2026
037eaf6
chore: forgotten Cargo.lock
irzhywau Jul 5, 2026
9acd60a
Sprint 23 (closes G-M7): bounded grant-registry retention
claude Jul 5, 2026
5237a80
Sprint 23 council fold: honest bounds on the retention claim (doc-only)
claude Jul 5, 2026
8c05818
Sprint 24: fail-closed mandate mint — grant_durable emits CapabilityG…
claude Jul 5, 2026
78ede17
Sprint 24 guardian fold: durability-bound + reconciliation-scope word…
claude Jul 5, 2026
f2cf61a
Sprint 24 red-team fold: memory-log warn (F1) + compensating revoke o…
claude Jul 5, 2026
3e4395c
Sprint 25: runtime.state_get — the attested read side of the mandate-…
claude Jul 5, 2026
c6dcde2
Sprint 25 council fold: honest one-bit semantics (F1/F3) + require bi…
claude Jul 5, 2026
c8bbbaf
Sprint 26: agent-facing dispatch — an agent acts under its bound mand…
claude Jul 5, 2026
25f8b60
Sprint 26 council fold: precisely scope the charge-on-authorized clos…
claude Jul 5, 2026
a598c48
Sprint 27: the spend-capped runtime.pay affordance — an agent spends …
claude Jul 6, 2026
47ece5a
Sprint 27 council fold: harden the pay affordance's money invariants
claude Jul 6, 2026
2ade592
Sprint 28: durable money cap + operator provisioning — the money surv…
claude Jul 6, 2026
654c826
Sprint 28 council fold: honest failure edges on the durable money cap
claude Jul 6, 2026
258c6bc
Sprint 29: the real payment rail — two-generals-honest money over HTTP
claude Jul 6, 2026
081cac5
Sprint 29 council fold: honest failure surfaces + hardened rail edges
claude Jul 6, 2026
9be2731
Sprint 30: the payment ledger — every rail attempt custodied, indeter…
claude Jul 6, 2026
f727815
Sprint 30 council fold: the ledger joins the money-trusted core, hone…
claude Jul 6, 2026
565a510
Sprint 31: the Money panel — budgets, pending payments, reconciliatio…
claude Jul 6, 2026
6658d2a
Sprint 31 council fold: narrow the money surface, close the poisoned-…
claude Jul 6, 2026
a7f994c
Sprint 32: responsible-entity binding — the liability DID in the gran…
claude Jul 6, 2026
6d5cb62
S32 council fold: responsible-entity honesty (declared, not attested)
claude Jul 6, 2026
d60a76b
S33: harden the shell money-authorization perimeter (S31 F1)
claude Jul 6, 2026
11fa980
S33 council fold: canonical single-use key + pre-effect re-credit
claude Jul 6, 2026
095c60f
S34: the Flint↔DRM wedge — DrmMarketplaceProvider + rail_ref receipt
claude Jul 7, 2026
3dfa14f
S34 council fold: money-invariant classifier + broadcast-accepted hon…
claude Jul 7, 2026
a297bdb
S35: confirmation-aware DRM settlement + on-chain idempotency
claude Jul 7, 2026
2d7927b
S35 council fold: record-before-broadcast + confirmation fail-closed
claude Jul 7, 2026
f55b477
S36: DRM price gate — the spend cap is a literal on-chain ceiling
claude Jul 7, 2026
ef08d27
S36 council fold: quantity pin + pay-token drift + declared token
claude Jul 7, 2026
3d4bf39
S36.5 quality audit fold: money-path hygiene + open-source presentabi…
claude Jul 7, 2026
5a187a9
S37: the confirmation scheduler — pending DRM buys resolve themselves
claude Jul 7, 2026
94b6bba
S38: the Marketplace face — an agent shops under a mandate, the opera…
claude Jul 8, 2026
9a611fa
S39: runtime.market_quote — the agent shops within its mandate
claude Jul 8, 2026
fa680b7
S40: the chain-read deadline — no runtime thread parks forever on the…
claude Jul 8, 2026
7bf3dde
S41: deadline the sibling providers — one shared capsule watchdog, bo…
claude Jul 8, 2026
d7f3e65
S42: bound the access-path content sidecars — no thread parks on a hu…
claude Jul 8, 2026
4bb26d9
S43: type the pre/post-broadcast outcome — retire the string refund c…
claude Jul 8, 2026
2a35b85
S44: structured rail discriminator on the ledger record — close MKT-D…
claude Jul 9, 2026
14db6ce
S45: live testnet buy — verify-receipt CLI round-trip (gated) + live-…
claude Jul 9, 2026
133c340
Repo-wide rustfmt — make the CI fmt gate truthful (mechanical, no log…
claude Jul 9, 2026
ecae553
S46: Track B — close the trust residuals (P16 secrets strip, prepare-…
claude Jul 9, 2026
e726956
S46 council fold: strip secrets at EVERY capsule seam + structural gu…
claude Jul 9, 2026
3f6c341
S47: bounded viewer sessions — sweep + cap with deferred off-lock rea…
claude Jul 9, 2026
1ad189b
S48: the second market vertical — ERC-20 checkout + the market-provid…
claude Jul 9, 2026
6eae3b8
S48 red-team fold: erc20 mode parse fail-closed + mock-reservation bo…
claude Jul 9, 2026
0cd66ae
S48 guardian fold: zero-warning workspace + closed-world rail selecto…
claude Jul 9, 2026
538500a
S49: SPEC-mandate-v1 — the receipt + signed-intent wire format, pinne…
claude Jul 9, 2026
7ef8fbb
S49 council fold: spec honesty + verify_strict + revoke/preimage ratc…
claude Jul 9, 2026
f6a7089
S50: runtime.negotiate — the shop loop's middle leg (Track D3)
claude Jul 9, 2026
2d29c43
S50 council fold: shared price-gate conversion + bounded seller reaso…
claude Jul 9, 2026
c8dca99
S51: audit group commit — concurrent emits share fsyncs, contract unc…
claude Jul 9, 2026
71710bb
S51 council fold: poison-under-chain-lock + torn-tail quarantine + fl…
claude Jul 9, 2026
42b1ece
S52: audit-log single-opener flock + off-lock stdout echo + auditor p…
claude Jul 10, 2026
741fc44
S53: G8 policy flip — fail-closed ordinary use-records as an operator…
claude Jul 10, 2026
a6b9fa7
S53 council fold: name the availability cliff + best-effort deny-reco…
claude Jul 10, 2026
32f0f16
Merge flint-0.5 (teammate CI-drift fix + Cargo.lock chore) — fold prep
claude Jul 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
112 changes: 111 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,16 @@ name: CI

on:
push:
branches: [main]
# `main` is the live line. The feature branch is included so we can run the full
# gate on our own work in isolation (this entry lives only on the branch; it does
# NOT affect main or other branches until/unless it is merged). Drop or generalise
# to `feat/**` at merge time.
branches: [main, feat/ddrm-hardening-and-creator-parity]
pull_request:
branches: [main]
# Manual trigger so a feature branch can be put through the full Linux gate
# (incl. the Linux-only carrier smoke in `just verify`) before merge.
workflow_dispatch:

env:
CARGO_TERM_COLOR: always
Expand Down Expand Up @@ -36,6 +43,11 @@ jobs:
- name: cargo check
working-directory: elastos
run: cargo check --workspace
# Type-check the network-gated live-buy test so a rename can't silently rot the operator's
# only live tool (it stays #[ignore]d + feature-off in the gate; this never runs it). S45 F3.
- name: cargo check (live-chain test)
working-directory: elastos
run: cargo check -p elastos-server --features live-chain --tests

test:
name: Test
Expand All @@ -51,6 +63,13 @@ jobs:
run: cargo test --workspace
# Network-sensitive tests are #[ignore] and won't run.
# Run them explicitly with: cargo test --workspace -- --ignored
- name: cargo test (dev-modes lane)
working-directory: elastos
# The money-path construction ratchets (S43 typed BuyError, the S46 prepare-leg
# deadline, chain-mock buys) are `#[cfg(feature = "dev-modes")]` — without this lane
# the gate never compiles them, and a ratchet outside the gate cannot ratchet
# (council S46 guardian F3). Lib-only; shares the workspace build cache.
run: cargo test -p elastos-server --lib --features dev-modes

build-release:
name: Build Release (x86_64)
Expand All @@ -64,3 +83,94 @@ jobs:
- name: cargo build --release
working-directory: elastos
run: cargo build --workspace --release

# The canonical gate on Linux, MINUS the Carrier-network setup smoke: alignment-check +
# command smoke + candidate-command-audit + fmt/clippy/test (elastos workspace) + the dDRM
# capsule build+test (verify-capsules). This turns "manually covered" into "green on a clean
# runner". The `local-carrier-setup-smoke` step is excluded here because it fetches the
# net-provider artifact over Elastos Carrier, which a stock GitHub runner cannot reach — run
# the full `just verify` on a Carrier-capable Linux box / self-hosted runner before merge.
# RUSTFLAGS=-D warnings is inherited from `env` above.
verify:
name: Verify (Linux CI gate)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- uses: Swatinem/rust-cache@v2
with:
workspaces: |
elastos
capsules/decrypt-provider
capsules/ddrm-envelope
scripts/dev/ddrm-media-authority
- uses: extractions/setup-just@v2
- name: Install ripgrep (required by alignment-check; not preinstalled on the runner)
run: sudo apt-get update && sudo apt-get install -y ripgrep
- name: just verify-ci
run: just verify-ci

# Isolated, fast signal for the protected-content capsule crates that live OUTSIDE
# the elastos workspace (so the `check`/`test` jobs and `cargo --workspace` never
# reach them): the watermark codec, the grant-digest envelope, the media-authority.
# Independent of the carrier smoke, so a flaky/heavy smoke run never masks a capsule
# regression. Build+test only (these crates still carry pre-existing clippy debt).
capsules:
name: dDRM Capsule Gate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: |
capsules/decrypt-provider
capsules/ddrm-envelope
scripts/dev/ddrm-media-authority
- uses: extractions/setup-just@v2
- name: just verify-capsules
run: just verify-capsules

# Pre-mainnet deploy invariant (fix-pack ②): a PRODUCTION dkms-authority node must be a release
# build with DEFAULT features — the legacy unsigned-receipt path (`legacy-receipt-authz`) and the
# `dev-modes` opt-in that pulls it in must NEVER ship. The crate enforces this with a
# `compile_error!` keyed on a release build (no `debug_assertions`); this job asserts BOTH
# directions so the guard can't silently rot. See `docs/DEPLOY_CHECKLIST.md`.
# `dkms-authority` lives OUTSIDE the elastos workspace, so the other jobs never reach it.
dkms-release-invariant:
name: dKMS Release Invariant (no dev-modes/legacy)
runs-on: ubuntu-latest
# Assert the FEATURE invariant only; do not let unrelated pre-existing rustc warnings in this
# out-of-workspace crate mask it (the rest of CI keeps -D warnings).
env:
RUSTFLAGS: ""
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: capsules/dkms-authority
- name: Release build with DEFAULT features must succeed (no legacy path compiled)
run: cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml
- name: Release build with legacy-receipt-authz must FAIL closed (compile guard)
run: |
if out=$(cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml --features legacy-receipt-authz 2>&1); then
echo "::error::release build ACCEPTED legacy-receipt-authz — the release-invariant guard is missing"
exit 1
fi
echo "$out" | grep -q "release build must not enable" || {
echo "::error::release build failed, but NOT via the release-invariant guard:"; echo "$out"; exit 1;
}
echo "ok: release + legacy-receipt-authz rejected at compile time"
- name: Release build with dev-modes must FAIL closed (compile guard)
run: |
if out=$(cargo build --release --manifest-path capsules/dkms-authority/Cargo.toml --features dev-modes 2>&1); then
echo "::error::release build ACCEPTED dev-modes — the release-invariant guard is missing"
exit 1
fi
echo "$out" | grep -q "release build must not enable" || {
echo "::error::release build failed, but NOT via the release-invariant guard:"; echo "$out"; exit 1;
}
echo "ok: release + dev-modes rejected at compile time"
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ elastos/storage/
artifacts/
artifacts-aarch64/

# Local scratch build tree (vendored linux kernel source, cargo output, etc.)
build/

# Secrets and credentials
.env
*.pem
Expand Down
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,11 @@ See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md),
- device DID, passkey principals, wallet proof bindings, and Recovery Kit
foundations without making wallet addresses the Runtime identity root
- agent capsule with signed gossip and verified-only AI responses
- Flint mandates: grant an AI agent scoped, expiring, revocable authority (a mandate, not
your keys), watch and kill it from the Mandates shell app, let it spend real money under a
durable spend cap on a payment rail (HTTPS adapter or on-chain DRM marketplace), and export
a portable signed receipt verifiable off-box with `elastos verify-receipt` — see
[docs/FLINT_MANDATE_ENGINE.md](docs/FLINT_MANDATE_ENGINE.md)

Important Browser status: the Browser ABI and hosted proof path are real, but
the final product browser is not complete. Stable arbitrary-site media, accepted
Expand Down Expand Up @@ -273,6 +278,8 @@ and release/docs slices.
| [docs/CONTENT_AVAILABILITY.md](docs/CONTENT_AVAILABILITY.md) | SmartWeb content availability, IPLD-compatible manifests, and provider boundary |
| [docs/WALLET_PROVIDER.md](docs/WALLET_PROVIDER.md) | Wallet, account, approval, proof, and signer/provider boundary |
| [docs/CHAIN_PROVIDER.md](docs/CHAIN_PROVIDER.md) | Typed blockchain provider boundary |
| [docs/FLINT_MANDATE_ENGINE.md](docs/FLINT_MANDATE_ENGINE.md) | Flint — mandates for AI agents: scoped, revocable authority, spend-capped payments, portable signed receipts |
| [docs/DRM_MARKETPLACE_RAIL.md](docs/DRM_MARKETPLACE_RAIL.md) | The DRM marketplace payment rail (on-chain settlement under a mandate) |
| [docs/BROWSER_CAPSULE.md](docs/BROWSER_CAPSULE.md) | Browser/Net/Exit/Engine ABI and current proof boundary |
| [docs/BROWSER_PROVIDER_BAKEOFF.md](docs/BROWSER_PROVIDER_BAKEOFF.md) | Browser provider comparison and acceptance gates |
| [docs/SITES.md](docs/SITES.md) | Local site hosting and public exposure |
Expand Down
7 changes: 7 additions & 0 deletions ROADMAP.md
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,13 @@ clean.
Encrypted capsules, remote trust, reproducible builds, TPM/TEE-backed attestation, and dDRM-like flows remain future work.
They matter, but they should not distort the core runtime contract before the local base is stable.

Forensic watermarking for **audio/video** is a dedicated track: rasterizable types already ship a
two-layer (visible + invisible) per-buyer mark, but AV is key-protected, not yet fingerprinted. The
plan — A/B forensic variant watermarking (video) and spread-spectrum/echo-hiding (audio), produced
once at mint and selected per buyer from their signed grant at serve time, keeping the CEK boundary
and one canonical path intact — is designed in [docs/AV_WATERMARKING.md](docs/AV_WATERMARKING.md).
The heavy lift is a mint-time transcode pipeline, so it is a roadmap item, not a patch.

### AI and operator surfaces

Agent and AI provider surfaces should keep moving toward one stable runtime contract with explicit policy, identity, and budget boundaries instead of ad hoc special cases.
Expand Down
21 changes: 21 additions & 0 deletions capsules/act-emitter/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
[package]
name = "act-emitter"
version = "0.1.0"
edition = "2021"
description = "ElastOS spend/audit verification fixture: emits exactly N metered carrier_invoke acts"
license = "MIT"

[[bin]]
name = "act-emitter"
path = "src/main.rs"

[dependencies]
elastos-guest = { path = "../../elastos/crates/elastos-guest" }
serde_json = "1.0"
base64 = "0.22"

[profile.release]
opt-level = "s"
lto = true

[workspace]
65 changes: 65 additions & 0 deletions capsules/act-emitter/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# act-emitter — spend/audit VERIFICATION FIXTURE (not a shipped product capsule)

This capsule exists **only** to verify the microVM spend-meter and durable-audit
path on real hardware. It is intentionally tiny, non-interactive, and
deterministic. Do **not** ship it, list it in a product catalog, or treat it as
an example app — it is a test instrument.

## What it does

On boot it reads `count` from the launch config (`elastos.command` →
`ELASTOS_COMMAND_B64`, default `7`), acquires a write capability, then performs
**exactly `count`** `carrier_invoke` storage writes via the *shipped* guest
carrier client (`elastos_guest::runtime::RuntimeClient` — the same
`carrier_invoke` path `capsules/chat/src/carrier.rs` uses). It prints a
machine-greppable trace to the guest console:

```
ACT_EMITTER_START count=<N>
ACT_EMITTER_CAP ok | ERR <msg>
ACT <i> ok | ACT <i> REFUSED budget_exhausted | ACT <i> ERR <msg>
ACT_EMITTER_DONE ok=<n> exhausted=<n> other_err=<n>
```

So with `ELASTOS_DEFAULT_SPEND_BUDGET=N` and `count=N+1`, the run yields exactly
`N` successful debits (`spent=N`, `remaining=0`) and a `budget_exhausted`
refusal on the `N+1`-th act — counted, reproducible evidence.

## Storage root: `localhost://Public/ActEmitter/*` (deliberate)

The fixture targets the `Public/` root, **not** `Users/self`. `Public` is a
plaintext, file-backed root that the bridge's `scope_current_user_alias` passes
through without a principal — so the fixture exercises the metered carrier path
under the plain `elastos capsule` CLI, which cannot inject a signed Home
launch-grant (that is the production identity flow).

The spend meter / carrier / audit code is **byte-identical regardless of storage
root** (the debit is `CARRIER_ACT_COST` per `carrier_invoke`, charged before
dispatch; the `SpendDebit`/`BudgetExhausted` records are the same), so the
verification is valid. The one honest residual: `Users/self`-scoped storage
metering is still unverified on hardware — see `docs/KNOWN_GAPS.md` (G-HWV).

## How to run (real nested-KVM box)

Prereqs: a box prepared per `docs/MICROVM_LOCAL_KVM_PROVISIONING.md` (a kernel
that actually boots crosvm + the AppArmor sysctl + the offline catalog).

```bash
# 1. build the rootfs (musl-static binary + busybox + vsock-proxy → ext4)
bash scripts/build/build-rootfs.sh act-emitter --output <artifacts>

# 2. stage into the data-dir catalog (capsules/act-emitter/ + components.json entry)

# 3. start serve with durable audit + a budget
ELASTOS_AUDIT_LOG_PATH=<data_dir>/audit/custody.log \
ELASTOS_DEFAULT_SPEND_BUDGET=5 \
elastos serve

# 4. launch through the supervisor (the metered path)
elastos capsule act-emitter --config '{"count":6}'
# → ACT 1..5 ok ; ACT 6 REFUSED budget_exhausted ; ok=5 exhausted=1
```

First verified 7/7 on real nested-KVM (`flint @ 5d4f4c7d1`, 2026-06-29). The
build is self-contained (`[workspace]` in `Cargo.toml`); it is not part of the
main Rust workspace.
20 changes: 20 additions & 0 deletions capsules/act-emitter/capsule.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"schema": "elastos.capsule/v1",
"name": "act-emitter",
"version": "0.1.0",
"description": "Spend/audit verification fixture: performs exactly N metered carrier_invoke storage writes via the shipped guest carrier client, so a budget of N yields spent=N and budget_exhausted at N+1.",
"author": "elastos",
"role": "app",
"type": "microvm",
"entrypoint": "rootfs.ext4",
"requires": [],
"interfaces": [],
"resources": {
"memory_mb": 256,
"gpu": false
},
"permissions": {
"storage": ["localhost://Public/ActEmitter/*"],
"messaging": []
}
}
95 changes: 95 additions & 0 deletions capsules/act-emitter/src/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
//! ElastOS spend/audit verification fixture.
//!
//! Performs exactly N metered `carrier_invoke` storage writes via the SAME shipped
//! guest carrier client (`elastos_guest::runtime::RuntimeClient`) that real capsules
//! (e.g. chat) use. Each successful write debits one unit of the capsule's spend
//! budget under the canonical `vm-{name}` key, so a serve daemon started with
//! `ELASTOS_DEFAULT_SPEND_BUDGET=N` yields `spent=N` and `budget_exhausted` on the
//! (N+1)-th act. Deterministic, counted evidence — not a hand-rolled vsock call.
//!
//! Act count is read from the launch config (`ELASTOS_COMMAND`/`ELASTOS_COMMAND_B64`
//! JSON `{"count": N}`), defaulting to 7.

use elastos_guest::runtime::RuntimeClient;
use serde_json::json;

const STORAGE_RESOURCE: &str = "localhost://Public/ActEmitter/*";
const DEFAULT_COUNT: u64 = 7;

fn act_count() -> u64 {
let payload = std::env::var("ELASTOS_COMMAND")
.ok()
.filter(|s| !s.is_empty())
.or_else(|| {
std::env::var("ELASTOS_COMMAND_B64")
.ok()
.filter(|s| !s.is_empty())
.and_then(|b64| {
use base64::Engine as _;
base64::engine::general_purpose::STANDARD
.decode(b64)
.ok()
.and_then(|bytes| String::from_utf8(bytes).ok())
})
});

payload
.and_then(|p| serde_json::from_str::<serde_json::Value>(&p).ok())
.and_then(|v| v.get("count").and_then(|c| c.as_u64()))
.unwrap_or(DEFAULT_COUNT)
}

fn act_uri(i: u64) -> String {
format!("localhost://Public/ActEmitter/act-{i}.txt")
}

fn main() {
let count = act_count();
println!("ACT_EMITTER_START count={count}");

let mut client = RuntimeClient::new();

let token = match client.request_capability(STORAGE_RESOURCE, "write") {
Ok(t) => {
println!("ACT_EMITTER_CAP ok");
t
}
Err(e) => {
println!("ACT_EMITTER_CAP ERR {e}");
println!("ACT_EMITTER_DONE ok=0 exhausted=0 other_err=0");
return;
}
};

let mut ok = 0u64;
let mut exhausted = 0u64;
let mut other_err = 0u64;

for i in 1..=count {
let uri = act_uri(i);
let body = json!({
"path": uri,
"token": token,
"content": format!("act {i}").into_bytes(),
"append": false,
});
match client.carrier_invoke(&uri, "write", &body, &token) {
Ok(_) => {
ok += 1;
println!("ACT {i} ok");
}
Err(e) => {
let msg = e.to_string();
if msg.contains("budget_exhausted") {
exhausted += 1;
println!("ACT {i} REFUSED budget_exhausted");
} else {
other_err += 1;
println!("ACT {i} ERR {msg}");
}
}
}
}

println!("ACT_EMITTER_DONE ok={ok} exhausted={exhausted} other_err={other_err}");
}
Loading