ALIGN: Rename Object Store to Memory and enrich literate text
This commit is contained in:
@@ -22,7 +22,7 @@ Securely manage all authentication tokens required for the PSF to operate.
|
||||
- *Unified Storage:* Single interface for API keys and Session Cookies.
|
||||
- *Masked Logging:* Ensure credentials never appear in plaintext in `harness-log`.
|
||||
- *Guided Onboarding:* Retain and improve the Google/Gemini cookie handshake.
|
||||
- *Persistence:* Securely save credentials to the Object Store via Merkle-Tree snapshots.
|
||||
- *Persistence:* Securely save credentials to the Memory via Merkle-Tree snapshots.
|
||||
|
||||
* Phase B: Blueprint (PROTOCOL)
|
||||
:PROPERTIES:
|
||||
@@ -30,7 +30,7 @@ Securely manage all authentication tokens required for the PSF to operate.
|
||||
:END:
|
||||
|
||||
** 1. Architectural Intent
|
||||
The vault provides a secure lookup table in RAM, backed by the persistent Object Store. Access is restricted to internal kernel requests and explicitly authorized deterministic gates.
|
||||
The vault provides a secure lookup table in RAM, backed by the persistent Memory. Access is restricted to internal kernel requests and explicitly authorized deterministic gates.
|
||||
|
||||
** 2. Semantic Interfaces
|
||||
#+begin_src lisp
|
||||
@@ -48,7 +48,7 @@ The vault provides a secure lookup table in RAM, backed by the persistent Object
|
||||
|
||||
** 1. Success Criteria
|
||||
- [ ] *No Plaintext Leaks:* Log output must use `[REDACTED]` for sensitive values.
|
||||
- [ ] *Merkle Integration:* Setting a secret must increment the Object Store version.
|
||||
- [ ] *Merkle Integration:* Setting a secret must increment the Memory version.
|
||||
- [ ] *Dual-Path Auth:* Support both `:api-key` and `:session-cookies`.
|
||||
- [ ] *Onboarding Verification:* The cookie handshake successfully hydrates the vault.
|
||||
|
||||
@@ -56,7 +56,7 @@ The vault provides a secure lookup table in RAM, backed by the persistent Object
|
||||
Tests in `tests/vault-tests.lisp` will verify:
|
||||
1. Retrieval of keys from both `.env` (fallback) and Vault (primary).
|
||||
2. Redaction of keys in log strings.
|
||||
3. Successful version increment in the Object Store after `vault-set-secret`.
|
||||
3. Successful version increment in the Memory after `vault-set-secret`.
|
||||
|
||||
* Phase D: Build (Implementation)
|
||||
|
||||
@@ -66,7 +66,7 @@ Tests in `tests/vault-tests.lisp` will verify:
|
||||
#+end_src
|
||||
|
||||
** Vault State
|
||||
We maintain an in-memory hash table for secrets, which is hydrated from and persisted to the Object Store.
|
||||
We maintain an in-memory hash table for secrets, which is hydrated from and persisted to the Memory.
|
||||
|
||||
#+begin_src lisp :tangle ../src/credentials-vault.lisp
|
||||
(defvar *vault-memory* (make-hash-table :test 'equal)
|
||||
@@ -85,7 +85,7 @@ The `vault-mask-string` function ensures that diagnostic output never contains t
|
||||
#+end_src
|
||||
|
||||
** Retrieval (vault-get-secret)
|
||||
This function is the secure getter for all system secrets. It prioritizes the Vault (Object Store) and falls back to environment variables for legacy compatibility.
|
||||
This function is the secure getter for all system secrets. It prioritizes the Vault (Memory) and falls back to environment variables for legacy compatibility.
|
||||
|
||||
#+begin_src lisp :tangle ../src/credentials-vault.lisp
|
||||
(defun vault-get-secret (provider &key (type :api-key))
|
||||
@@ -111,7 +111,7 @@ This function is the secure getter for all system secrets. It prioritizes the Va
|
||||
#+end_src
|
||||
|
||||
** Persistence (vault-set-secret)
|
||||
When a secret is updated, we immediately snapshot the Object Store to ensure the credential change is versioned and durable.
|
||||
When a secret is updated, we immediately snapshot the Memory to ensure the credential change is versioned and durable.
|
||||
|
||||
#+begin_src lisp :tangle ../src/credentials-vault.lisp
|
||||
(defun vault-set-secret (provider secret &key (type :api-key))
|
||||
@@ -119,7 +119,7 @@ When a secret is updated, we immediately snapshot the Object Store to ensure the
|
||||
(let ((key (format nil "~a-~a" provider type)))
|
||||
(setf (gethash key *vault-memory*) secret)
|
||||
(harness-log "VAULT - Updated ~a for ~a. Triggering Merkle snapshot..." type provider)
|
||||
(snapshot-object-store)
|
||||
(snapshot-memory)
|
||||
t))
|
||||
#+end_src
|
||||
|
||||
@@ -166,14 +166,14 @@ Retained from the legacy Google skill, this provides the instructions for the so
|
||||
|
||||
(test test-vault-persistence
|
||||
"Verify that setting a secret triggers a snapshot (mock check)."
|
||||
(let ((old-version (org-agent::org-object-version (gethash "root" *object-store*))))
|
||||
(let ((old-version (org-agent::org-object-version (gethash "root" *memory*))))
|
||||
(org-agent:vault-set-secret :test "secret-val")
|
||||
(is (> (org-agent::org-object-version (gethash "root" *object-store*)) old-version))))
|
||||
(is (> (org-agent::org-object-version (gethash "root" *memory*)) old-version))))
|
||||
#+end_src
|
||||
|
||||
** 2. Chaos Scenarios
|
||||
- *Scenario A (Vault Poisoning):* Inject a malformed session string and verify the `llm-gateway` detects the invalid format and returns a standardized error instead of crashing.
|
||||
- *Scenario B (Memory Wipe):* Clear `*vault-memory*` during runtime and verify the vault successfully re-hydrates from the Object Store (or environment fallback).
|
||||
- *Scenario B (Memory Wipe):* Clear `*vault-memory*` during runtime and verify the vault successfully re-hydrates from the Memory (or environment fallback).
|
||||
|
||||
* Phase F: Memory (RCA)
|
||||
- *[2026-04-09 Thu]:* Consolidated `auth-api-key` and `auth-google-oauth` into this vault. Introduced mandatory masking for all credential-related logging.
|
||||
|
||||
Reference in New Issue
Block a user