Bump actions/cache from 4.2.3 to 5.0.5#1
Merged
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/cache-5.0.4
branch
from
a301a00 to
e3ec71e
Compare
Owner
|
@dependabot rebase |
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...27d5ce7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/cache-5.0.4
branch
from
e3ec71e to
d996eda
Compare
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
# Feedback addressed The latest external feedback file rewrites the open-items list. Two items are brig-side: Issue #2 — cpus: <int> in yaml raises 'argument of type int is not iterable': Regression from the v2 generic yaml-merge. Yaml's 'cpus: 4' parses as int, slips through validation (validator accepts int/float/str), reaches the subprocess args, and _redact_cmd's 'arg in flag-set' membership check explodes when arg is an int. Fix: CellSpec.__post_init__ coerces cpus/memory to str if given as int/float. The boundary that declares cpus: str now actually enforces it. New tests pin the regression. Issue #1 — Workspace symlink escape (LIVE exploit): External team demonstrated the attack works end-to-end: cell drops ln -sf /etc/passwd /work/foo.txt, asks a host-side worker to read /Users/<user>/.brig/state/<name>/workspace/foo.txt, host follows the symlink and leaks /etc/passwd. Bypasses gVisor by asking the host to read on the cell's behalf. Verified empirically: podman 4.9 in our VM doesn't support nosymfollow on bind mounts (both -v syntax and --mount syntax rejected with 'invalid option'). Mount-side fix really isn't available right now. Strengthened docs/reference/cell-metadata.md to spell out the threat at the top with a generic reproducer and the empirically-confirmed reason mount-side defense is roadmapped. Issues #3, #4, #5 are cell-side / already-doc'd / already-fixed. # Generic-ification brig is a general tool; source and brig-owned docs should not name a specific external project. Scrubbed every project-specific name from src/, tests/, and brig-owned docs. The actual external project directories under cells/ (which are gitignored anyway) are untouched. 659 unit tests pass. Per-module coverage gates green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
Three aitelier-feedback items in one coherent change: 1. Warden CA auto-mount (#1, top adoption ask). Cells need to trust Warden's MITM cert to make HTTPS work; today every consumer rediscovers the workaround (extract CA, concat onto system roots, export SSL_CERT_FILE / REQUESTS_CA_BUNDLE / etc.). Brig now stages a combined bundle inside the VM at /state/<cell>/ca-bundle.crt and bind-mounts it read-only at /run/brig/ca-bundle.crt, plus sets the four common env vars unless the cell already declared them. Opt out per cell with trust_warden_ca: false (e.g. cells with strict pinning). Defense in depth: bundle re-extracted from the Warden container on every cell start (source of truth is the container, not the untrusted state dir); staged inside the VM (trust boundary); read-only mount; cell-set env wins; airgapped cells skip the mount entirely. 2. DNS-rebinding check defer (#5). server_connected's rebinding block depended on a latent mitmproxy-API bug: data.server.close() no longer exists on >= 10 (AttributeError masked the would-be kill) and data.flow was None so host_service / ingress exemptions were a no-op. Anyone fixing close() would silently break those flows. Removed the dead block; responseheaders is now the single enforcement point and has the metadata populated by then. Coverage absorbed into TestResponseHeadersDnsRebinding (now 9 cases incl. all IP families). 3. Ingress-token naming docs (#6). `brig run --help` epilog now mentions <cell-name>-ingress-token and policy.tls_passthrough; docs/design/cell-definition.md expands the token-secret naming convention (preferred per-cell, fallback shared, hard error when missing). 868 pass + 10 skip clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
…-gun docs Aitelier 0.3.1 feedback identified one BLOCKER and two follow-ups from the trust_warden_ca rollout. BLOCKER (aitelier wishlist #1): ingress buffered SSE responses. SA's ACP bridge emits `Content-Type: text/event-stream` with per-event `data:` envelopes — mitmproxy's default buffering held every byte until session close, so aitelier saw 0/4 notifications. Add a responseheaders hook to ingress.py that sets `flow.response.stream = True` when the upstream returns text/event-stream (with or without a charset suffix). Scoped to ingress flows only (gated on flow.metadata["ingress_route"]) so egress keeps buffering for enforce.py's body-side checks. 5 new tests cover detection, charset suffix, egress isolation, and the None-response defensive path. Follow-up A: brig system doctor verifies each cell's staged ca-bundle.crt contains the current Warden CA. Aitelier burned ~30m on the foot-gun where a cell entrypoint sets SSL_CERT_FILE differently from brig's auto-mount; warden's CA rotates on the next system up/down, brig re-stages, but the cell's cached pointer goes stale → silent TLS hangs (mitmproxy returns a valid cert client-side, upstream handshake fails, warden drops with no signal). The new check compares per-cell bundles against the current warden CA and flags mismatches with a `brig cell restart` suggestion. 6 new tests cover the no-CA, empty-CA, matching, stale, system-dir-skip, and opt-out cases. Follow-up B: cell-definition.md adds an explicit "do NOT set SSL_CERT_FILE in your image entrypoint or ENV" note under `trust_warden_ca`, pointing operators at `brig system doctor` for the stale-cache diagnosis. Tangential cleanup: explicit sys.modules mock for `mitmproxy` at test_ingress.py module level. The existing test classes relied on alphabetical test-file ordering (an earlier file mocked first); running test_ingress.py in isolation crashed. setdefault() so we don't trample a real install if there ever is one. 886 pass + 10 skip; ruff/mypy/ast all green. Live-verified against the running brig VM — the new addon code reaches warden after _copy-addons, and doctor's CA check reports the sandbox-agent's bundle is consistent with the current Warden CA. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
audit cleanups Closes the outstanding aitelier-feedback items in one cohesive pass. #1 Raw TCP host_services — runtime phase (was schema-only). Warden start now collects the union of TCP ports declared in any cell's per-cell policy and binds `--mode reverse:tcp://host.lima.internal: <port>@<port>` for each. Cells reach `<svc>.host.brig:<port>` with a normal TCP client (psql, redis-cli, mongo) and warden forwards raw bytes to host.lima.internal on the same port — single trust boundary (warden stays in the path), connection-level audit via tcp_start. Per-cell access control lives in enforce.py:tcp_start: - Resolves cell from peer IP (existing subnet-map lookup) - Loads cell's per-cell policy - Allows only if the listening port appears in cell.tcp_host_services_map - Tags flow metadata so otel_export's tcp_* hooks emit per-service counters and the audit log distinguishes TCP host_services from TLS passthrough flows - Fail-closed on any unexpected mitmproxy API shape - Skips flows already flagged as tls_mode=passthrough (invariant 11) Schema rejects TCP on warden's reserved ports (8080 HTTP proxy / 8443 ingress); warden's port-collection also re-checks defense in depth against tampered policy files (invariant 4). Note (documented): mitmproxy can't hot-add listener ports, so adding a new TCP host_service to a cell yaml requires `brig system restart` to bind. Listener teardown on cell removal: a subsequent restart no longer binds the orphan port. Entrypoint SSL_CERT_FILE override warning (aitelier foot-gun #3). `brig system doctor` now inspects each running cell's effective Config.Env and warns when SSL_CERT_FILE is set differently from brig's auto-mount target. Catches the foot-gun BEFORE the next CA rotation produces silent TLS hangs — the existing CA-consistency check only sees the stale state after-the-fact. Tampered-policy debug log (audit finding M2). addons/_policy.py: an unexpected `protocol` value on a host_services entry (could only come from a tampered on-disk policy — schema validator rejects unknown protocols at parse time) now drops the entry entirely (fail-safe) AND logs a warning. Previously, unknown protocols silently degraded to HTTP. Lifecycle event test coverage (audit gap). tests/test_warden_lifecycle_events.py pins `warden_start` / `warden_stop` event emission AND the swallow-errors-on-best-effort contract. Patches via `brig.ops.history.log_lifecycle` (function-local import inside warden's stop()/start()). Realistic PEM data in doctor tests (audit M2 / cosmetic). test_doctor_ca_consistency.py: replaced bare placeholder strings ("WARDEN_CA_PEM") with PEM-headered blocks. Substring matching still works; the test now provably exercises the production cert shape. Layer 1 perf benchmarks (audit Layer 1). 8 new pytest-benchmark micros in tests/benchmarks/test_bench_recent_hooks.py covering every addon hook we added since the aitelier feedback landed: - Ingress SSE detection (match + negative paths) - tls_clienthello invariant-11 decision (passthrough + MITM paths) - tcp_start access control (allow + deny paths) - Policy.is_passthrough defense-in-depth (match + no-match) If any regress to milliseconds, warden's per-request overhead becomes user-visible — catches before aitelier hits "warden got slow again" complaints. 921 pass + 10 skip; ruff + mypy + ast green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
Five items from ~/tools/hermes-agent/plans/brig-feedback.md, prioritized by what brig (not the consumer cell) can change. #1 Read-only /workspace mount (MEDIUM-HIGH). Root cause was the SA cell yaml's missing `workspace_mount: /workspace` — default is `/work`, so writes to /workspace/* hit the read-only rootfs. Doc fix in troubleshooting.md spells out the three options (align cell yaml, align app, last-resort writable_rootfs) so the next consumer doesn't waste a debugging session. #3 Long-life cell pattern undocumented (MEDIUM). The `command: ["sleep", "infinity"]` workaround was buried in host-an-agent.md but not in troubleshooting. Added an explicit "Cell flips to stopped immediately" entry that calls it out, alongside the other common immediate-exit causes. #4 Cell logs empty for file-based loggers (LOW-MEDIUM). cmd_logs now detects the empty-output case (snapshot mode only — follow mode keeps TTY passthrough) and prints an inline hint pointing at `brig cell exec` / `brig cell read` for file-based logs. Plus a troubleshooting entry that explains the contract. #5 Telemetry domains blocked but non-fatal (LOW). Documented the three common ones aitelier hit (Datadog log shipping, mcp-proxy, platform.claude.com) with the agent's typical behavior and the allow/silence options. Not addressed: #2 Hermes cell entrypoint writes malformed config.yaml — this is a bug in ~/tools/hermes-agent/cells/hermes/entrypoint.sh, not brig itself. Flagged to the hermes team. Longer-term wishlist (per-cell credential rotation, inter-cell routing, cross-source audit query, nosymfollow) intentionally deferred — each needs its own design discussion. 940 pass + 10 skip. Ruff + mypy + ast green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/cache from 4.2.3 to 5.0.5.
Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
27d5ce7Merge pull request #1747 from actions/yacaovsnc/update-dependencyf280785licensed changes619aeb1npm run build generated dist filesbcf16c2Update ts-http-runtime to 0.3.56682284Merge pull request #1738 from actions/prepare-v5.0.4e340396Update RELEASES8a67110Add licenses1865903Update dependencies & patch security vulnerabilities5656298Merge pull request #1722 from RyPeck/patch-14e380d1Fix cache key in examples.md for bun.lock