fix(storyboard): enforce PRM validations when agent serves PRM (#677)#684
Merged
Conversation
Close a spoofing path where an agent serving a broken RFC 9728 protected-resource metadata document could pass security_baseline by also declaring an API key. oauth_discovery's optional: true previously swallowed PRM validation failures so long as api_key_path also contributed auth_mechanism_verified. Now the runner tightens this: PRM 404 cleanly cascade-skips oauth_discovery (agent honestly not advertising OAuth); PRM 2xx flips the phase into hard-fail mode so a wrong resource URL, missing authorization_servers, or unreachable auth-server metadata fails the storyboard regardless of whether the API-key path passed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Upstream compliance cache added vector 027-webhook-registration-authentication-unsigned, which tests the webhook-security downgrade rule: a webhook registration whose body carries push_notification_config.authentication MUST require RFC 9421 signing even when the operation is not in the verifier's required_for list. The fixture ships the adversarial shape verbatim (unsigned bearer request with authentication in the body), so the builder just needs a passthrough mutation. The verifier does not yet inspect request bodies for this rule, so vector 027 joins 021-026 on the unimplemented-verifier skip lists; the conformance suite skips it, the grader e2e/mcp tests skip it, and count assertions move from 26 to 27 negatives. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…us export Upstream schema bundle regenerated ListCreativesRequest, CheckGovernanceResponse, and related types as open-indexed intersection types; CatalogAction and CatalogItemStatus moved from tools.generated to core.generated. Regen is mechanical; index.ts re-exports move to match. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
# Conflicts: # src/lib/types/schemas.generated.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
security_baseline: an agent serving a broken RFC 9728 protected-resource metadata (PRM) document could pass by also declaring an API key, becauseoauth_discovery'soptional: trueswallowed PRM validation failures.oauth_discoverycleanly (agent honestly not advertising OAuth).oauth_not_advertisedsurfaces the 404 semantics in reports; canonical mapping isnot_applicable.test/lib/storyboard-security.test.jscover every branch: 404+api_key→pass, 404 alone→fail, 200+correct→pass, 200+wrong resource+api_key→fails (spoofing catch), and 200+auth-server 404→fails.Closes #677.
Review notes
priorStepResultsfor symmetry with the normal step path.OAUTH_NOT_ADVERTISED_DETAILto a module-level constant; removed the non-null assertion at the cascade-skip site.protected_resource_metadata) is deliberate — this is the only presence probe today. If a second emerges, extract to aPRESENCE_PROBE_TASKSset.CI note
The
Test & Build → Validate generated files are in synccheck fails due to upstream spec drift that also introduces RFC 9421 test vector 027 — a class-wide issue affecting every open PR. #682 (fix(signing): register vector 027 + skip in verifier conformance) is the dedicated fix. Once #682 merges, rebasing this PR will green the check.Test plan
npm run build:libcleannpm test→ 4497 pass, 0 fail, 12 pre-existing skips (on the pre-drift schema)security_baselinePRM presence suite passes in isolation (5/5)storyboard-security.test.jsregressions (79 tests) clean🤖 Generated with Claude Code