src/Messages/Artifacts/ArtifactPut.php:17 models an optional sha256 field and the round-trip catalog test includes it, but src/Internal/Runtime/ArtifactDispatcher.php:31 ignores the supplied digest after decoding the base64 payload. A caller can provide a digest that does not match the uploaded bytes and still receive an ArtifactRef whose digest is calculated from the stored content. The mismatch is never surfaced to the uploader.
The presence of sha256 in the upload DTO suggests it is an integrity check, and the handoff sample documentation says artifact handoff includes a sha256. Accepting a mismatched digest silently removes the value of that field and can hide corrupted or incorrectly encoded payloads.
Fix prompt: Validate ArtifactPut::$sha256 when it is present. Normalize the accepted format, compute hash('sha256', $bytes), reject malformed or mismatched digests with INVALID_ARGUMENT, and add tests for matching digest, mismatched digest, malformed digest, and the existing no-digest path.
src/Messages/Artifacts/ArtifactPut.php:17models an optionalsha256field and the round-trip catalog test includes it, butsrc/Internal/Runtime/ArtifactDispatcher.php:31ignores the supplied digest after decoding the base64 payload. A caller can provide a digest that does not match the uploaded bytes and still receive anArtifactRefwhose digest is calculated from the stored content. The mismatch is never surfaced to the uploader.The presence of
sha256in the upload DTO suggests it is an integrity check, and the handoff sample documentation says artifact handoff includes a sha256. Accepting a mismatched digest silently removes the value of that field and can hide corrupted or incorrectly encoded payloads.Fix prompt: Validate
ArtifactPut::$sha256when it is present. Normalize the accepted format, computehash('sha256', $bytes), reject malformed or mismatched digests withINVALID_ARGUMENT, and add tests for matching digest, mismatched digest, malformed digest, and the existing no-digest path.