control-plane: re-home MeshSkill and validation lifecycle package#15
control-plane: re-home MeshSkill and validation lifecycle package#15
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 85f50742ea
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| } | ||
|
|
||
| deny[msg] { | ||
| input.request.coordinates.frontier_hops > input.skill.spec.coordinates.frontier_hops |
There was a problem hiding this comment.
This policy only denies requests when frontier_hops exceeds the descriptor, but allow is granted whenever no deny rule fires, so mismatches in other declared coordinates (env, topology_scope, trust_class, tenant_scope, data_sensitivity) can still be admitted. In practice, a skill declared for preview/internal scope can be requested under different coordinates and pass policy if other deny rules are satisfied, which breaks the contract that execution must stay within descriptor-declared bounds.
Useful? React with 👍 / 👎.
| "required": ["id", "merkle_root", "signer"], | ||
| "properties": { | ||
| "id": { "type": "string", "minLength": 1 }, | ||
| "merkle_root": { "type": "string", "pattern": "^sha256:[A-Za-z0-9]+$" }, |
There was a problem hiding this comment.
The schema currently accepts any alphanumeric suffix after sha256:, including non-hex characters and arbitrary lengths, so invalid commitments can pass validation. Because metadata.merkle_root is the descriptor’s content commitment, allowing malformed digests can cause downstream verification/replay failures and weakens integrity guarantees. Restrict this to exactly 64 hexadecimal characters.
Useful? React with 👍 / 👎.
1 participant
Summary
Creates the first canonical re-home of the MeshSkill / validation lifecycle package from the umbrella public-surface repo into the typed-contract/spec lane.
This PR adds:
Why
These artifacts were previously published from the umbrella public-surface repo. That made them visible, but not well-placed canonically.
sourceos-specis the correct lane for typed contracts, schemas, and shared semantic surfaces. This PR begins the actual transplant so that future public-surface docs and Linux-side integration can reference a stable canonical source.Current caveat
This first re-home intentionally preserves the currently published schema IDs and content shape to avoid silently changing identifiers during the move. A follow-on revision should decide whether those
$idvalues stay stable or are normalized into a SourceOS namespace.