gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ee8587b1ea149ee227390884d194fb596abb529
clawsec/skills/clawsec-suite/CHANGELOG.md
T
davida-ps 5ee8587b1e Integration/signing work (#20) 
* ci: sign advisory feed and checksums in workflows

* feat(clawsec-suite): add verifier-side signature and checksum enforcement

Implements cryptographic verification for advisory feed loading:

- Ed25519 detached signature verification for feed.json
- Supports raw base64 and JSON-wrapped signature formats
- Pinned public key at advisories/feed-signing-public.pem

- SHA-256 checksum manifest (checksums.json) verification
- Signed checksums.json.sig prevents partial artifact substitution
- Verifies feed.json, feed.json.sig, and public key against manifest

- Remote feed: returns null on verification failure (triggers fallback)
- Local feed: throws on verification failure (hard fail)
- No silent bypass of verification

- CLAWSEC_ALLOW_UNSIGNED_FEED=1 temporarily bypasses verification
- Warning logged when bypass mode is enabled
- Intended for transition period only

- guarded_skill_install without --version matches any advisory for skill
- Encourages explicit version specification

- scripts/sign_detached_ed25519.mjs - signing utility
- scripts/verify_detached_ed25519.mjs - verification utility
- scripts/generate_checksums_json.mjs - checksum manifest generator
- test/feed_verification.test.mjs - 14 verification tests
- test/guarded_install.test.mjs - 6 install flow tests

- hooks/.../lib/feed.mjs - full rewrite with verification
- hooks/.../handler.ts - verification options integration
- scripts/guarded_skill_install.mjs - verification integration
- skill.json - v0.0.9, new SBOM entries, openssl requirement
- SKILL.md - signed install flow, env vars documentation
- HOOK.md - new environment variables
- ci.yml - added verification test job

Refs: fail-closed verification, Ed25519 signatures, checksum manifests

* fix: update action versions in CI workflows for improved stability

* chore(clawsec-suite): bump version to 0.0.10

* feat: enhance security measures in asset deployment and add changelog for version history

* feat: add dry-run signing for advisory artifacts and generate checksums

* fix: enhance error handling in loadRemoteFeed for security policy violations

* feat: implement Ed25519 signing and verification for advisory artifacts and checksums

* feat: implement signing and verification for advisory artifacts and checksums in workflows

* feat: update dry-run signing key generation to use Ed25519 algorithm

* feat: update Ed25519 signing and verification to use -rawin flag for compatibility

* feat: add public key copying to advisory directory and implement safe basename extraction for URLs

* feat: remove Product Hunt promotion section from README and Home page
2026-02-12 18:49:34 +02:00

3.9 KiB
Raw Blame History

Changelog

All notable changes to the ClawSec Suite will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.10] - 2026-02-11

Security

Transport Security Hardening

  • TLS Version Enforcement: Eliminated support for TLS 1.0 and TLS 1.1, enforcing minimum TLS 1.2 for all HTTPS connections
  • Certificate Validation: Enabled strict certificate validation (rejectUnauthorized: true) to prevent MITM attacks
  • Domain Allowlist: Restricted advisory feed connections to approved domains only:
    • clawsec.prompt.security (official ClawSec feed host)
    • prompt.security (parent domain)
    • raw.githubusercontent.com (GitHub raw content)
    • github.com (GitHub releases)
  • Strong Cipher Suites: Configured modern cipher suites (AES-GCM, ChaCha20-Poly1305) for secure connections

Signature Verification & Checksum Validation

  • Fixed unverified file publication: Refactored deploy-pages.yml workflow to download release assets to temporary directory before signature verification, ensuring unverified files never reach public directory
  • Fixed schema mismatch: Updated deploy-pages.yml to generate checksums.json with proper schema_version and algorithm fields that match parser expectations
  • Fixed missing checksums abort: Updated loadRemoteFeed to gracefully skip checksum verification when checksums.json is missing (e.g., GitHub raw content), while still enforcing fail-closed signature verification
  • Fixed parser strictness: Enhanced parseChecksumsManifest to accept legacy manifest formats through a fallback chain:
    1. schema_version (new standard)
    2. version (skill-release.yml format)
    3. generated_at (old deploy-pages.yml format)
    4. "1" (ultimate fallback)

Changed

  • Advisory feed loader now uses secureFetch wrapper with TLS 1.2+ enforcement and domain validation
  • Checksum verification is now graceful: feeds load successfully from sources without checksums (e.g., GitHub raw) while maintaining fail-closed signature verification
  • Workflow release mirroring flow changed from download → verify → skip to download to temp → verify → mirror (fail = delete temp)

Fixed

  • Unverified skill releases no longer published to public directory on signature verification failure
  • Schema mismatch between generated and expected checksums manifest fields
  • Feed loading failures when checksums.json missing from upstream sources
  • Parser rejection of valid legacy manifest formats

Security Impact

  • Fail-closed security maintained: All feed signatures still verified; invalid signatures reject feed loading
  • No backward compatibility break: Legacy manifests continue working through fallback chain
  • Enhanced transport security: Connections protected against downgrade attacks and MITM
  • Defense in depth: Multiple layers of verification (domain, TLS, certificate, signature, checksum)

Release Notes Template

When creating a new release, copy this template to the GitHub release notes:

## Security Improvements

### Transport Security
✅ TLS 1.2+ enforcement (eliminated TLS 1.0, 1.1)
✅ Strict certificate validation
✅ Domain allowlist (prompt.security, github.com only)
✅ Modern cipher suites (AES-GCM, ChaCha20-Poly1305)

### Signature & Checksum Verification
✅ Unverified files never published (temp directory workflow)
✅ Proper schema fields in generated checksums.json
✅ Graceful fallback when checksums missing (GitHub raw)
✅ Legacy manifest format support (backward compatible)

### Testing
All verification tests passed:
- ✅ Unit tests: 14/14 passed
- ✅ Parser lenience: 3/3 legacy formats accepted
- ✅ Remote loading: Gracefully handles missing checksums
- ✅ Workflow security: Temp directory prevents unverified publication
Reference in New Issue View Git Blame Copy Permalink