feat: access protection — AllowedCallers, ChainProtected, mode verify#1
Merged
Conversation
- Config.AllowedCallers []string: when non-empty, writ.New rejects any CallerID not in the list (backwards-compat: nil/empty allows all) - Client.ChainProtected() bool: attempts to set FS_APPEND_FL (chattr +a) via ioctl on Linux; always false on other platforms - newJSONLStore: verifies chain file is 0600 on open; auto-chmod if drifted - protect_linux.go / protect_other.go: OS-gated ioctl implementation - policies/default/caller_allowlist.rego: example policy for Rego-level caller filtering (commented-out; operators activate as needed) - Tests: AllowedCallers permit/deny/nil cases, ChainProtected smoke Closes partial EU AI Act Article 12 requirement: tamper-evident (access protection). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
OpsKern
force-pushed
the
pr/access-protection
branch
from
79a2fd9 to
1526183
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the tamper-evident partial EU AI Act Article 12 requirement by adding filesystem and application-level access controls to the Merkle chain.
Config.AllowedCallers []string— when non-empty,writ.Newrejects anyCallerIDnot in the list. Nil/empty = allow all (backwards-compatible).Client.ChainProtected() bool— attempts to setFS_APPEND_FL(equivalent tochattr +a) on the chain file via ioctl on Linux. Returns false on unsupported filesystems or non-Linux platforms. Operators who lack the privilege to set the kernel flag can still enforce it viachattr +amanually;ChainProtected()checks the current state.newJSONLStoremode verify — after creating or opening the chain file, stats the permissions and auto-chmods to0o600if they drifted (umask, manual changes).policies/default/caller_allowlist.rego— example Rego policy for operators who want to enforce the allowlist at the OPA layer instead of (or in addition to) the Go-level check.Compliance impact
chattr +aviaChainProtected()+AllowedCallerscloses the "write access controls not yet specified" gap from the v0.1.0 compliance table.Test plan
TestAllowedCallersPermitsKnownCallerTestAllowedCallersDeniesUnknownCallerTestAllowedCallersNilPermitsAnyCallerTestChainProtectedReturnsBoolgo test -race ./...green on Linux (bazzite) and macOSgosec ./...— 0 issues, 5 nosec suppressions (G103/G304 for ioctl)🤖 Generated with Claude Code