Skip to content

feat: credential_routes — credential mediation for Anthropic OAuth + gateway routes #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
christine-at-datadog wants to merge 48 commits into
base: develop
Choose a base branch
from
Draft

feat: credential_routes — credential mediation for Anthropic OAuth + gateway routes #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
a5df57e
feat: add command mediation with admin approval and audit trail
kipz Apr 9, 2026
c7ce611
feat: add Swift menu bar app for nono privilege control
kipz Apr 9, 2026
ecd9ad2
docs: document command mediation
kipz Apr 9, 2026
863bef4
feat(mediation): add keychain_access option to per-command sandbox
christine-at-datadog Apr 17, 2026
53c9c37
ignore missing commands when resolving mediation policy
gharryg Apr 15, 2026
21edb35
feat(profile): expand generic $VAR tokens in sandbox paths
kipz Apr 20, 2026
f636329
feat(profile): expand env vars in mediation args_prefix and TLS paths
kipz Apr 20, 2026
f758e67
feat(mediation): add session/pid context to audit log entries
christine-at-datadog Apr 8, 2026
379b611
feat(mediation): stream stdio via SCM_RIGHTS for passthrough commands
kipz Apr 27, 2026
f13a3da
feat(mediation): add caller_policy to gate which callers may invoke a…
kipz Apr 27, 2026
29e21e2
fix(mediation): batch stdio fds into single SCM_RIGHTS message
kipz Apr 29, 2026
b2d380a
fix(mediation): spawn mediated commands in caller's cwd, not server's
kipz Apr 30, 2026
dcf66b3
style: cargo fmt across mediation crates
kipz May 6, 2026
43a4f1c
fix(mediation): record audit-shim source paths to survive PATH munging
kipz May 6, 2026
c6ad26c
fix(sandbox/macos): mediation socket reachable under network.allow_do…
kipz May 8, 2026
73dc077
feat(profile): merge mediation across extends chains
kipz May 7, 2026
c54fc11
feat(mediation): promote nonce substrings inside argv and env values
kipz May 12, 2026
57eb671
refactor(mediation): remove universal command audit shims
kipz May 15, 2026
fca5bd1
feat(profile): expand dynamic provider tokens at finalize
kipz May 15, 2026
d61ff1e
fix(profile): restrict @git:config-paths to global+system scopes
kipz May 18, 2026
0214edc
feat(profile): split @git:config-paths into config-files + hooks-path
kipz May 18, 2026
a448744
fix(macos): emit platform rules after user write allows
kipz May 19, 2026
01345b0
fix(mediation): resolve type inference regressions from typed_path dep
kipz May 29, 2026
9e6272c
feat(sandbox): deny process-exec by default in per-command sandboxes
kipz May 21, 2026
69abc40
fix(sandbox): apply child sandbox when invoked via allow_commands
kipz May 28, 2026
edac761
docs: document allow_process_exec and per-command sandbox fields
kipz May 29, 2026
8b0f78a
test(mediation): regression test for allow_process_exec fs sandbox bo…
kipz May 29, 2026
9e1363f
fix(mediation): deny real-binary exec paths to close absolute-path by…
kipz May 29, 2026
bf1c1f9
fix(pty): forward SIGTSTP/SIGCONT across PTY boundary for job control
kipz May 21, 2026
10640b4
fix(pty): intercept Ctrl-Z in PTY input to implement job control
kipz May 21, 2026
9e7de87
fix(pty): implement resume_terminal_after_prompt for job control
kipz Jun 1, 2026
4f89e43
fix(mediation): deny canonicalized binary path to close symlink bypass
kipz May 29, 2026
4970ec3
feat(nono-proxy): OAuth-capture primitive (Layer 1/1.2/2 + TokenResol…
christine-at-datadog Jun 10, 2026
6956ba4
feat(cli): oauth_capture profile flag + JSON-format mediation capture
christine-at-datadog Jun 10, 2026
9e7b92e
feat(broker): keychain-backed cross-session persistence for OAuth pai…
christine-at-datadog Jun 9, 2026
be8db79
feat(broker): orphan GC on hydrate + refresh-rotation pruning (macOS)
christine-at-datadog Jun 9, 2026
8186538
feat(broker): distinguish locked-keychain failures (macOS)
christine-at-datadog Jun 9, 2026
cf5b2f7
test(broker): ACL invariant assertions + manual round-trip stub
christine-at-datadog Jun 9, 2026
2d58a56
feat(broker): auto-inject mediation refusal rule for broker entry rea…
christine-at-datadog Jun 10, 2026
cf1ccde
feat(profile): apikey_gateway proxy mode for Claude Code apiKeyHelper
christine-at-datadog Jun 11, 2026
656c108
fix(apikey_gateway): share TokenBroker between mediation server and p…
christine-at-datadog Jun 11, 2026
ed94a1d
refactor: unify oauth_capture + apikey_gateway as credential_routes
christine-at-datadog Jun 11, 2026
e6d4ea7
feat(proxy): proxy_provisioned_credential capture type
christine-at-datadog Jun 12, 2026
ee51e56
refactor(profile): unify credential_routes as the sole config surface
christine-at-datadog Jun 12, 2026
5b5b714
chore: scrub vendor-internal references for public-PR readiness
christine-at-datadog Jun 12, 2026
741d14f
chore: drop test profile and design/plan documents
christine-at-datadog Jun 12, 2026
eb30643
docs: cover credential_routes, broker mediation, and proxy capture su…
christine-at-datadog Jun 12, 2026
7c3fbe0
Allow manual capture rules to coexist gateway intercept rules
christine-at-datadog Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,11 @@ GHSA-27vp-2mmc-vmh3
### Bug Fixes

- *(pty)* Forward bare ESC immediately instead of buffering for CSI-u detach match, fixing ESC key in TUI apps inside tmux with `extended-keys-format csi-u` (#941)
- *(sandbox/macos)* Mediation sockets now reachable when `network.allow_domain` is set. Seatbelt classifies AF_UNIX `connect(2)` as `network-outbound`; under `NetworkMode::ProxyOnly` the base `(deny network*)` blocked the audit/mediation shim's connect to `<session_dir>/{mediation,control,audit}.sock`. Adds a directory-scoped `UnixSocketCapability` for the session dir alongside the existing `FsCapability`. Fixes #33.

### Features

- *(profile)* Mediation now merges across `extends` chains (per-field, with restrictive-wins on `caller_policy.agent_allowed`, `caller_policy.allowed_parents`, and `command_sandbox.network.block`/`keychain_access`). Previously a child profile that declared any `mediation` block fully replaced the base — silently dropping every mediated command the base set up.

### Notes

Expand Down
Loading
Loading