Skip to content

Scoped host mounts, warden_addons packaging, 0.4.0 + audit hardening#20

Merged
d0cd merged 2 commits into
mainfrom
feat/host-mounts
Jun 12, 2026
Merged

Scoped host mounts, warden_addons packaging, 0.4.0 + audit hardening#20
d0cd merged 2 commits into
mainfrom
feat/host-mounts

Conversation

@d0cd

@d0cd d0cd commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

Brings the feat/host-mounts line of work onto main: scoped host mounts, the warden-addons packaging refactor, the 0.4.0 release bump, and remediation from a two-pass security + code-quality audit.

Note on history (single squashed commit): the branch's history was rewritten with git filter-repo to strip an 80 MB benchmark-baseline artifact (and clean up history). That detached it from main's lineage (125 phantom conflicts), so the content was rebuilt on top of current main for a clean, conflict-free, reviewable PR. The tree is byte-identical to the developed work except for re-applying main's dependabot dependency-floor bumps.

Headline changes

Feature — scoped host mounts (mounts:)
Bind-mount an operator-allowlisted host directory into a cell (ro default / rw opt-in), bounded by the VM-level mount_roots allowlist, with realpath re-containment, symlink-escape hardening, and brig cell mount-scan. Adds security invariant 13.

Refactor — warden addons packaged
Moved into the brig package as shipped data (src/brig/warden_addons/), resolvable in editable + wheel installs, synced into the warden container by brig system up (kills the deploy-drift gotcha).

Security & quality hardening (two audits)

  • Egress fail-closed: reconciler refuses to reuse a brig-<cell> network that isn't --internal (invariants 1 + 4).
  • Secret redaction now covers every sink, including the ctx.log blocked-request path; unified redaction primitive + entropy-based detection.
  • Shared brig.ops.locking.locked_file; _atomic_write core; dead-code removal.
  • Doc-accuracy fixes (concepts.md gVisor/sanitize corrections, security.md, INVARIANTS, sdk/cli docs).
  • Test-assertion strengthening (assertRaises(msg=)assertRaisesRegex).

Versioning — bump to 0.4.0 (new invariants 11–13, removed brig cell trace).

Dependencies

Preserves main's merged dependabot dep-floor bumps; keeps the corrected mitmproxy>=10.1.1,<11 pin (matches the warden image — >=10.0 is a known-bad loosening). GitHub Actions version bumps will be re-proposed by dependabot against the new main.

Verification

  • make test1208 passed; ruff + mypy clean; pre-commit hooks pass.
  • Local e2e: make smoke 28/0, make redteam (containment) 7/0.
  • Merges cleanly into main — 0 conflicts, fast-forwardable.

🤖 Generated with Claude Code

d0cd and others added 2 commits June 11, 2026 13:56
@d0cd @claude
Scoped host mounts, warden_addons packaging, 0.4.0 + audit hardening
aa310a0 
Rebuilds the feat/host-mounts work onto current origin/main as a single
coherent change (the branch's own history was rewritten by an earlier
git-filter-repo run — Telegram-token scrub + 80MB benchmark-baseline strip —
which detached it from main's lineage; this re-parents the content on main so it
merges cleanly). main's merged dependabot dep-floor bumps are preserved; the
mitmproxy pin stays at >=10.1.1,<11 (matching the warden image; main's >=10.0 is
a known-bad loosening). GitHub Actions version bumps will be re-proposed by
dependabot against the new main.

Headline changes vs main:
- feat: scoped host mounts (`mounts:`), VM-level `mount_roots` allowlist, realpath
  re-containment, symlink-escape hardening, `brig cell mount-scan` (invariant 13)
- refactor: warden addons moved into the brig package as shipped data
  (`src/brig/warden_addons/`), synced into the container by `brig system up`
- security + code-quality audit remediation (egress fail-closed network-internal
  check, secret-redaction in every sink incl. ctx.log, doc accuracy, dead code,
  shared `brig.ops.locking.locked_file`, test-assertion strength)
- version 0.4.0

Tests 1208 passed; ruff + mypy clean; e2e smoke 28/0 + red-team 7/0.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@d0cd @claude
chore: generalize secret-redaction comment wording
bf6f7f7 
Replace a service-specific example in the redaction test/comment wording with a
generic colon-joined-token description; no behavior change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@d0cd d0cd merged commit 7d61f98 into main Jun 12, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@d0cd