feat(security): MATRA threat model spec + NetworkScope/AssetSensitivity in orchestration#5342
Merged
Conversation
github-actions
Bot
added
documentation
bug-ops
force-pushed
the
3913-matra-threat-model
branch
from
0086486 to
d050625
Compare
…sitivity to orchestration Apply MATRA framework (arXiv:2605.10763) to Zeph's attack surface and add foundational security types to zeph-orchestration for per-task network and asset scoping. - Add specs/068-threat-model/spec.md: 12-asset inventory, 5 attack trees, control mapping, blast-radius analysis, orchestration-specific invariants; advisory-only caveat on NetworkScope enforcement - Add NetworkScope enum (Inherit/Allow/Deny) to zeph-orchestration with #[non_exhaustive], serde snake_case, JsonSchema; advisory only — not yet read at runtime, TODO(enforcement) on Deny variant - Add AssetSensitivity enum (Public/Internal/Confidential) and OrchestrationConfig::default_asset_sensitivity to zeph-config - Add TaskNode::network_scope and TaskNode::asset_sensitivity optional fields with serde(default, skip_serializing_if = "Option::is_none") - Add config migration step 69 (migrate_orchestration_asset_sensitivity) with full 4-test idempotency suite - Register spec 068 in specs/README.md Closes #3913, closes #3934
bug-ops
force-pushed
the
3913-matra-threat-model
branch
from
d050625 to
a1d3148
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
specs/068-threat-model/spec.mdwith 12-asset inventory, 5 attack trees, control mapping, blast-radius analysis, and orchestration-specific security invariantsNetworkScopeenum (Inherit/Allow/Deny) andAssetSensitivityenum (Public/Internal/Confidential) as foundational security types in zeph-orchestration and zeph-configTaskNodeare advisory only — not yet read at runtime; enforcement for spawned sub-agents is tracked as a follow-up (OQ-1/OQ-2 in spec §7)default_asset_sensitivitywith full idempotency test suiteChanges
specs/068-threat-model/spec.md— MATRA threat model for Zeph (new)specs/README.md— registers spec 068crates/zeph-orchestration/src/graph.rs—NetworkScopeenum +TaskNode::network_scopecrates/zeph-config/src/experiment.rs—AssetSensitivityenum +OrchestrationConfig::default_asset_sensitivity+TaskNode::asset_sensitivitycrates/zeph-config/src/migrate/— step 69 with 4-test idempotency suiteCHANGELOG.md— [Unreleased] entriesTest plan
cargo +nightly fmt --check— PASScargo clippy --profile ci --workspace --all-targets --features "desktop,ide,server,chat,pdf,scheduler,testing" -- -D warnings— PASScargo nextest run --config-file .github/nextest.toml --workspace --features "desktop,ide,server,chat,pdf,scheduler" --lib --bins— 11493 PASS (0 FAIL)RUSTFLAGS="-D warnings" RUSTDOCFLAGS="--deny rustdoc::broken_intra_doc_links" cargo doc --no-deps --workspace --features "desktop,ide,server,chat,pdf,scheduler"— PASSCloses #3913
Closes #3934