amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor: final surgical removal of hardcoded provider defaults and insecure HMAC fallback

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-12 19:42:20 -04:00
parent bfe46003d1
commit 10a500c480
4 changed files with 37 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
literate/neurosymbolic.org
View File

@@ -45,10 +45,10 @@ The harness maintains a neutral registry of backends. Skills (like the LLM Gatew
#+end_src #+end_src
** Provider Cascade ** Provider Cascade
Intelligence is often a matter of availability. The cascade defines the order in which backends are attempted. Skills can dynamically override this list to optimize for cost, speed, or privacy. The ordered list of backends to attempt for neural reasoning. This list is ~nil~ by default and must be populated by skills (e.g., the LLM Gateway or Token Accountant) during the harness boot sequence.
#+begin_src lisp :tangle ../src/neuro.lisp #+begin_src lisp :tangle ../src/neuro.lisp
(defvar *provider-cascade* '(:openrouter :gemini-api)) (defvar *provider-cascade* nil)
#+end_src #+end_src
** Register Associative Backend ** Register Associative Backend

32
literate/protocol.org
View File

@@ -66,13 +66,14 @@ The ~frame-message~ function prepares an outgoing Lisp string for transmission.
(let ((len (length msg-string)) (let ((len (length msg-string))
(enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC"))) (enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC")))
(if (and enforce-hmac (string-equal enforce-hmac "true")) (if (and enforce-hmac (string-equal enforce-hmac "true"))
(let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key")) (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
(key (ironclad:ascii-string-to-byte-array secret)) (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
(hmac (ironclad:make-mac :hmac key :sha256)) (let* ((key (ironclad:ascii-string-to-byte-array secret))
(payload-bytes (ironclad:ascii-string-to-byte-array msg-string))) (hmac (ironclad:make-mac :hmac key :sha256))
(ironclad:update-mac hmac payload-bytes) (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
(let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac)))) (ironclad:update-mac hmac payload-bytes)
(format nil "~(~6,'0x~)~a~a" len signature msg-string))) (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
(format nil "~(~6,'0x~)~a~a" len signature msg-string))))
(format nil "~(~6,'0x~)~a" len msg-string)))) (format nil "~(~6,'0x~)~a" len msg-string))))
#+end_src #+end_src
@@ -100,14 +101,15 @@ Parsing is the high-security inverse of framing. This function acts as the final
(error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg))) (error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg)))
(when use-hmac (when use-hmac
(let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key")) (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
(key (ironclad:ascii-string-to-byte-array secret)) (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
(hmac (ironclad:make-mac :hmac key :sha256)) (let* ((key (ironclad:ascii-string-to-byte-array secret))
(payload-bytes (ironclad:ascii-string-to-byte-array actual-msg))) (hmac (ironclad:make-mac :hmac key :sha256))
(ironclad:update-mac hmac payload-bytes) (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
(let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac)))) (ironclad:update-mac hmac payload-bytes)
(unless (string-equal signature expected-signature) (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
(error "Harness Protocol Integrity Failure: HMAC mismatch"))))) (unless (string-equal signature expected-signature)
(error "Harness Protocol Integrity Failure: HMAC mismatch"))))))
;; SECURITY: Disable the reader's ability to execute code during parsing ;; SECURITY: Disable the reader's ability to execute code during parsing
(let ((*read-eval* nil)) (let ((*read-eval* nil))

2
src/neuro.lisp
View File

@@ -2,7 +2,7 @@
(defvar *neuro-backends* (make-hash-table :test 'equal)) (defvar *neuro-backends* (make-hash-table :test 'equal))
(defvar *provider-cascade* '(:openrouter :gemini-api)) (defvar *provider-cascade* nil)
(defun register-neuro-backend (name fn) (setf (gethash name *neuro-backends*) fn)) (defun register-neuro-backend (name fn) (setf (gethash name *neuro-backends*) fn))

32
src/protocol.lisp
View File

@@ -13,13 +13,14 @@
(let ((len (length msg-string)) (let ((len (length msg-string))
(enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC"))) (enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC")))
(if (and enforce-hmac (string-equal enforce-hmac "true")) (if (and enforce-hmac (string-equal enforce-hmac "true"))
(let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key")) (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
(key (ironclad:ascii-string-to-byte-array secret)) (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
(hmac (ironclad:make-mac :hmac key :sha256)) (let* ((key (ironclad:ascii-string-to-byte-array secret))
(payload-bytes (ironclad:ascii-string-to-byte-array msg-string))) (hmac (ironclad:make-mac :hmac key :sha256))
(ironclad:update-mac hmac payload-bytes) (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
(let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac)))) (ironclad:update-mac hmac payload-bytes)
(format nil "~(~6,'0x~)~a~a" len signature msg-string))) (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
(format nil "~(~6,'0x~)~a~a" len signature msg-string))))
(format nil "~(~6,'0x~)~a" len msg-string)))) (format nil "~(~6,'0x~)~a" len msg-string))))
(defun parse-message (framed-string) (defun parse-message (framed-string)
@@ -42,14 +43,15 @@
(error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg))) (error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg)))
(when use-hmac (when use-hmac
(let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key")) (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
(key (ironclad:ascii-string-to-byte-array secret)) (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
(hmac (ironclad:make-mac :hmac key :sha256)) (let* ((key (ironclad:ascii-string-to-byte-array secret))
(payload-bytes (ironclad:ascii-string-to-byte-array actual-msg))) (hmac (ironclad:make-mac :hmac key :sha256))
(ironclad:update-mac hmac payload-bytes) (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
(let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac)))) (ironclad:update-mac hmac payload-bytes)
(unless (string-equal signature expected-signature) (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
(error "Harness Protocol Integrity Failure: HMAC mismatch"))))) (unless (string-equal signature expected-signature)
(error "Harness Protocol Integrity Failure: HMAC mismatch"))))))
;; SECURITY: Disable the reader's ability to execute code during parsing ;; SECURITY: Disable the reader's ability to execute code during parsing
(let ((*read-eval* nil)) (let ((*read-eval* nil))