Skip to content

fix(security): lock down token minting, authorize signatures, and policy apply#18

Merged
SafetyMP merged 2 commits into
mainfrom
fix/security-review-issues
Jul 12, 2026
Merged

fix(security): lock down token minting, authorize signatures, and policy apply#18
SafetyMP merged 2 commits into
mainfrom
fix/security-review-issues

Conversation

@SafetyMP

Copy link
Copy Markdown
Owner

Summary

  • Require bootstrap key for all JWT minting on /api/auth/token
  • Verify Ed25519 principal signatures on /api/authorize
  • Run policy safety checks before /api/policy/apply
  • Remove hardcoded god-mode principal exceptions from Cedar policy

Test plan

  • Verify token minting fails without FIDUSGATE_BOOTSTRAP_KEY
  • Verify privileged /api/authorize calls require valid signature
  • Verify unsafe policy drafts are rejected by /api/policy/apply

Closes #17

…icy apply

Require bootstrap key for JWT minting, verify Ed25519 principal signatures
on /api/authorize, run policy safety checks before apply, and remove
hardcoded god-mode principal exceptions from Cedar policy.
Copilot AI review requested due to automatic review settings July 12, 2026 01:36

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Replace invalid run-gemini-cli@v1 with pinned SHA, valid JSON settings,
and skip agent review when GEMINI_API_KEY is unavailable.
@SafetyMP SafetyMP merged commit 911f9de into main Jul 12, 2026
2 checks passed
@SafetyMP SafetyMP deleted the fix/security-review-issues branch July 12, 2026 03:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

security: lock down JWT minting, /api/authorize, and /api/policy/apply

2 participants