Skip to content

fix(pool): ignore remote peer IDs in roster logs#95

Closed
DeployFaith wants to merge 1 commit into
mainfrom
codex/confirm-and-fix-peer-id-vulnerability
Closed

fix(pool): ignore remote peer IDs in roster logs#95
DeployFaith wants to merge 1 commit into
mainfrom
codex/confirm-and-fix-peer-id-vulnerability

Conversation

@DeployFaith

Copy link
Copy Markdown
Owner

Motivation

  • A recent change allowed any JSON "peer_id" in daemon logs to be considered the profile's own PeerID, which lets later remote task/discovery entries poison the local roster and cause misrouting of delegated work.
  • The intent of the change is to restore secure behavior by restricting log extraction to explicit own-node startup markers while preserving the "latest startup marker wins" semantics for local restarts/key rotations.

Description

  • Constrain _read_peer_id in hermes-agency/pool/roster.py to only match explicit own-node startup markers (PEER_ID= lines or agentanycastd started JSON lines) instead of any JSON "peer_id" occurrences.
  • Use re.findall with a pattern aligned to the existing OWN_PEER_ID_LINE_RE behavior and return the latest matching startup marker in the checked window.
  • Add a regression test test_read_peer_id_ignores_later_remote_json_peer_ids to hermes-agency/tests/test_agent_lifecycle.py that ensures later remote JSON entries do not override a local PEER_ID.
  • Changes are limited to hermes-agency/pool/roster.py and hermes-agency/tests/test_agent_lifecycle.py to keep the fix minimal and focused.

Testing

  • Ran the focused pytest invocation for the modified test file with the two target cases: python -m pytest -q hermes-agency/tests/test_agent_lifecycle.py::test_read_peer_id_uses_latest_log_position_for_mixed_formats hermes-agency/tests/test_agent_lifecycle.py::test_read_peer_id_ignores_later_remote_json_peer_ids, and both tests passed.
  • Ran the whole test file with python -m pytest -q hermes-agency/tests/test_agent_lifecycle.py, and all tests in that file passed (18 passed, 1 warning).
  • Ran static checks ruff check and formatting checks ruff format --check and applied ruff format where needed; afterwards the checks passed.
  • Attempted the broader make test-agency, which failed in this environment due to missing async pytest support (pytest.mark.asyncio unknown) and is unrelated to this focused change.
  • npm run lint / npm run typecheck / npm test were not run because the repository root has no package.json in this environment.

Codex Task

@DeployFaith

Copy link
Copy Markdown
Owner Author

Superseded by #94. The local peer-ID trust-boundary fix and adversarial regression coverage were integrated there, the stale registry fixture was corrected to assert the secure authorization contract, and the complete CI matrix passed before merge.

@DeployFaith
DeployFaith deleted the codex/confirm-and-fix-peer-id-vulnerability branch July 17, 2026 07:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant