From faadc27f6b1a89503d52ee241045923786c56732 Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Tue, 21 Apr 2026 07:41:03 +0200 Subject: [PATCH 1/2] chore: add Mythos bug-hunt pipeline + AGENTS.md restructure Scaffolds scripts/mythos/ with a four-prompt pipeline (rank, discover, validate, emit) plus portable HOWTO.md, modeled on Anthropic's Claude Mythos (April 2026). Adds a pre-release Mythos delta-pass step scoped by release type (tier-5 only for patches, tier-5+4 for minors, full tier-5 for majors/LTS). Migrates project guidance from CLAUDE.md to AGENTS.md (the tool-neutral canonical location read by Cursor, OpenCode, Claude Code, etc.) and slims CLAUDE.md to a thin pointer. Documents Kani's std::io OOM limitation so future finding reports treat CBMC OOM as "tool cannot reach" rather than "verification succeeded". Bumps examples/wasmtime-loader wasmtime 37 -> 43 to clear the April 2026 CVE patch floor (CVE-2026-34941, 34942, 34943, 35195, et al.). No runtime code change. Trace: skip Co-Authored-By: Claude Opus 4.7 (1M context) --- AGENTS.md | 212 +++++++++++++++++++++++++++- CLAUDE.md | 121 ++-------------- examples/wasmtime-loader/Cargo.toml | 2 +- scripts/mythos/HOWTO.md | 120 ++++++++++++++++ scripts/mythos/discover.md | 42 ++++++ scripts/mythos/emit.md | 48 +++++++ scripts/mythos/rank.md | 60 ++++++++ scripts/mythos/validate.md | 39 +++++ 8 files changed, 529 insertions(+), 115 deletions(-) create mode 100644 scripts/mythos/HOWTO.md create mode 100644 scripts/mythos/discover.md create mode 100644 scripts/mythos/emit.md create mode 100644 scripts/mythos/rank.md create mode 100644 scripts/mythos/validate.md diff --git a/AGENTS.md b/AGENTS.md index b6a33ff..9769da2 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,10 +1,18 @@ - -# AGENTS.md — Rivet Project Instructions + +# AGENTS.md — Sigil Project Instructions -> This file was generated by `rivet init --agents`. Re-run the command -> any time artifacts change to keep this file current. +This is the **canonical AI-instruction file** for this repository. Cursor, +OpenCode, Claude Code, and other coding agents should all read this first. +`CLAUDE.md` mandates reading this file. -## Project Overview +## Rivet Artifact Reference This project uses **Rivet** for SDLC artifact traceability. - Config: `rivet.yaml` @@ -127,3 +135,197 @@ Required git trailers: Exempt artifact types (no trailer required): `chore`, `style`, `ci`, `docs`, `build` To skip traceability for a commit, add: `Trace: skip` + +--- + +## Project Guidance (Manually Maintained) + +> The content below is NOT auto-generated by rivet. Preserve it during +> `rivet init --agents` regeneration. If the tool overwrites this section, +> restore it from git history. + +### Project Overview + +sigil (wsc — WebAssembly Signature Component) is a **security-critical** +cryptographic signing tool for WebAssembly modules. It handles: +- Ed25519 signatures +- Sigstore keyless signing (OIDC → Fulcio → Rekor) +- Air-gapped verification for embedded devices +- Trust bundle management + +### Formal Verification + +Follow the [PulseEngine Verification Guide](https://pulseengine.eu/guides/VERIFICATION-GUIDE.md) for all proof work. Key rules: + +1. Get the spec right before attempting proofs +2. Try the simple thing first — let the solver attempt it +3. Generate multiple candidates (3–5 strategies before concluding hard) +4. Code must satisfy all verification tracks simultaneously (Rust + Verus + coq-of-rust + Kani) +5. No `Vec` in Verus specs — use `Seq`; no trait objects in verified code + +#### Kani scope limitation + +Kani/CBMC runs out of memory on code that exercises `std::io` (BufReader, +BorrowedBuf), rich `Vec` manipulation, or deep generic trait dispatch. When a +Kani harness OOMs, that is NOT evidence the property holds — it is evidence +the tool cannot reach the property. Fall back to the nearest lower-level +Kani proof on the primitives the code composes (see existing proofs in +`src/lib/src/wasm_module/varint.rs` for examples), and document the +limitation in the finding report. + +### Mythos Bug-Hunt Pipeline + +Mythos-style agentic bug hunting is wired into this repo. Prompts, rubric, +and the portable HOWTO live in `scripts/mythos/`: + +- `rank.md` — file ranking (1–5) by bug likelihood, sigil-specific rubric +- `discover.md` — per-file discovery prompt with oracle requirement +- `validate.md` — fresh-session confirmation (rejects hallucinations) +- `emit.md` — converts confirmed findings to `draft AS-N` entries in + `artifacts/stpa/attack-scenarios.yaml`, grouped under existing UCAs +- `HOWTO.md` — portable pipeline documentation (same across all PulseEngine + repos) + +#### Oracle requirement (invariant) + +A failing PoC test is ALWAYS required for a confirmed finding — this is the +deterministic oracle. A failing Kani harness is required unless the subject +code exercises a symbolic surface CBMC cannot handle (see Kani scope +limitation above); in that case, cite the nearest primitive-layer Kani +proof and document the limitation. **Hallucinations are more expensive than +silence.** If neither oracle can be produced, the finding does not count — +do not report it. + +#### Pre-Release Mythos delta pass (MANDATORY) + +Before creating a release tag, run a Mythos delta pass scoped by release type: + +| Release | Scope | +|---|---| +| Patch (x.y.Z) | Tier-5 files changed since last tag | +| Minor (x.Y.z) | Tier-5 + tier-4 files changed since last tag | +| Major / LTS | Full tier-5 sweep regardless of diff | + +Procedure: + +```bash +# Identify changed tier-5 files +git diff --name-only v..HEAD -- \ + src/lib/src/wasm_module/ \ + src/lib/src/signature/keys.rs \ + src/lib/src/signature/sig_sections.rs \ + src/lib/src/airgapped/bundle.rs \ + src/lib/src/airgapped/tuf.rs \ + src/lib/src/secure_file.rs \ + src/lib/src/dsse.rs \ + src/lib/src/platform/ \ + src/lib/src/provisioning/ca.rs +``` + +For each file, in a fresh Claude Code session: +``` +Read scripts/mythos/discover.md and apply it to . Do not relax the +oracle requirement. +``` + +For each finding, fresh session: `Read scripts/mythos/validate.md and apply it to the report above.` + +Block the release if any `confirmed` finding lacks an `approved AS-N` in +`artifacts/stpa/attack-scenarios.yaml` with a shipped fix or an explicit +risk-acceptance note. + +### Security-Critical Release Process + +**THIS IS A CRYPTOGRAPHIC SECURITY TOOL. RELEASES MUST FOLLOW THIS PROCESS:** + +#### Pre-Release Checklist (MANDATORY) + +1. **All changes via PR**: Never push directly to main for any code changes +2. **CI must pass completely**: Wait for ALL CI jobs to succeed before merging +3. **Watch the full CI run**: Do not assume CI passes - verify it +4. **Sign & Verify workflow must succeed**: The `wasm-signing.yml` workflow must demonstrate end-to-end signing and verification works +5. **Mythos delta pass**: Run per `### Pre-Release Mythos delta pass` above. Zero `confirmed` findings, OR every `confirmed` finding maps to an `approved AS-N` in `artifacts/stpa/attack-scenarios.yaml` with a shipped fix + +#### Release Process + +1. **Create version bump PR**: + ```bash + git checkout -b release/vX.Y.Z + # Update version in Cargo.toml + # Update internal dependency versions + git commit -m "chore: bump version to X.Y.Z" + git push -u origin release/vX.Y.Z + gh pr create + ``` + +2. **Wait for CI to complete**: Watch ALL checks pass + ```bash + gh pr checks --watch + ``` + +3. **Verify signing workflow**: Ensure the Sign WASM Module workflow succeeds and produces valid artifacts + +4. **Merge PR**: Only after all checks pass + ```bash + gh pr merge --squash + ``` + +5. **Create release**: Only after merge and main CI passes + ```bash + # Pull latest main + git checkout main && git pull + + # Verify main CI passed + gh run list --branch main --limit 1 + + # Create and push tag + git tag -a vX.Y.Z -m "Release vX.Y.Z" + git push origin vX.Y.Z + + # Create GitHub release + gh release create vX.Y.Z --generate-notes + ``` + +#### What NOT to do + +- **NEVER** release without CI verification +- **NEVER** push tags before PR is merged and CI passes +- **NEVER** assume CI will pass - always watch it complete +- **NEVER** skip the signing workflow verification +- **NEVER** release if any security-related test fails + +### Build Commands + +```bash +# Build +cargo build --release + +# Test (all tests) +cargo test + +# Test specific module +cargo test --test airgapped_e2e +cargo test --test keyless_integration -- --ignored # Requires OIDC + +# Bazel build +bazel build //src/lib:wsc +bazel build //src/component:signing_lib +bazel build //src/cli:wasmsign_cli +``` + +### Repository Structure + +- `src/lib/` - Core signing library +- `src/cli/` - Command-line interface +- `src/component/` - WASM component (WASI) +- `src/lib/src/airgapped/` - Air-gapped verification +- `src/lib/src/keyless/` - Sigstore keyless signing +- `fuzz/` - Fuzz testing targets +- `scripts/mythos/` - Mythos bug-hunt pipeline prompts + +### CI Workflows + +- `rust.yml` - Main CI (cargo + bazel builds, tests) +- `wasm-signing.yml` - End-to-end signing demonstration +- `fuzz.yml` - Fuzz testing +- `memory.yml` - Memory profiling diff --git a/CLAUDE.md b/CLAUDE.md index ec3d31d..c55fe44 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,113 +1,16 @@ -# Claude Code Instructions for wsc +# CLAUDE.md -## Project Overview +**IMPORTANT — Read [`AGENTS.md`](AGENTS.md) first.** It is the canonical +AI-instruction file for this repository. Cursor, OpenCode, Claude Code, and +other coding agents all read AGENTS.md; keeping project guidance there +avoids drift. -wsc (WebAssembly Signature Component) is a **security-critical** cryptographic signing tool for WebAssembly modules. It handles: -- Ed25519 signatures -- Sigstore keyless signing (OIDC → Fulcio → Rekor) -- Air-gapped verification for embedded devices -- Trust bundle management +All substantive project guidance — overview, formal-verification rules, +Mythos bug-hunt pipeline, release process, build commands, repository +structure, CI workflows — lives in `AGENTS.md`. Do not duplicate it here. -## Formal Verification +## Claude Code-specific notes -Follow the [PulseEngine Verification Guide](https://pulseengine.eu/guides/VERIFICATION-GUIDE.md) for all proof work. Key rules: - -1. Get the spec right before attempting proofs -2. Try the simple thing first — let the solver attempt it -3. Generate multiple candidates (3-5 strategies before concluding hard) -4. Code must satisfy all verification tracks simultaneously (Rust + Verus + coq-of-rust + Kani) -5. No `Vec` in Verus specs — use `Seq`; no trait objects in verified code - -## Security-Critical Release Process - -**THIS IS A CRYPTOGRAPHIC SECURITY TOOL. RELEASES MUST FOLLOW THIS PROCESS:** - -### Pre-Release Checklist (MANDATORY) - -1. **All changes via PR**: Never push directly to main for any code changes -2. **CI must pass completely**: Wait for ALL CI jobs to succeed before merging -3. **Watch the full CI run**: Do not assume CI passes - verify it -4. **Sign & Verify workflow must succeed**: The `wasm-signing.yml` workflow must demonstrate end-to-end signing and verification works - -### Release Process - -1. **Create version bump PR**: - ```bash - git checkout -b release/vX.Y.Z - # Update version in Cargo.toml - # Update internal dependency versions - git commit -m "chore: bump version to X.Y.Z" - git push -u origin release/vX.Y.Z - gh pr create - ``` - -2. **Wait for CI to complete**: Watch ALL checks pass - ```bash - gh pr checks --watch - ``` - -3. **Verify signing workflow**: Ensure the Sign WASM Module workflow succeeds and produces valid artifacts - -4. **Merge PR**: Only after all checks pass - ```bash - gh pr merge --squash - ``` - -5. **Create release**: Only after merge and main CI passes - ```bash - # Pull latest main - git checkout main && git pull - - # Verify main CI passed - gh run list --branch main --limit 1 - - # Create and push tag - git tag -a vX.Y.Z -m "Release vX.Y.Z" - git push origin vX.Y.Z - - # Create GitHub release - gh release create vX.Y.Z --generate-notes - ``` - -### What NOT to do - -- **NEVER** release without CI verification -- **NEVER** push tags before PR is merged and CI passes -- **NEVER** assume CI will pass - always watch it complete -- **NEVER** skip the signing workflow verification -- **NEVER** release if any security-related test fails - -## Build Commands - -```bash -# Build -cargo build --release - -# Test (all tests) -cargo test - -# Test specific module -cargo test --test airgapped_e2e -cargo test --test keyless_integration -- --ignored # Requires OIDC - -# Bazel build -bazel build //src/lib:wsc -bazel build //src/component:signing_lib -bazel build //src/cli:wasmsign_cli -``` - -## Repository Structure - -- `src/lib/` - Core signing library -- `src/cli/` - Command-line interface -- `src/component/` - WASM component (WASI) -- `src/lib/src/airgapped/` - Air-gapped verification -- `src/lib/src/keyless/` - Sigstore keyless signing -- `fuzz/` - Fuzz testing targets - -## CI Workflows - -- `rust.yml` - Main CI (cargo + bazel builds, tests) -- `wasm-signing.yml` - End-to-end signing demonstration -- `fuzz.yml` - Fuzz testing -- `memory.yml` - Memory profiling +Currently none. Add Claude-Code-only settings (hook configurations, skill +invocations, etc.) below this line if and when they diverge from the +cross-tool guidance. diff --git a/examples/wasmtime-loader/Cargo.toml b/examples/wasmtime-loader/Cargo.toml index ff56c0b..363096a 100644 --- a/examples/wasmtime-loader/Cargo.toml +++ b/examples/wasmtime-loader/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" [dependencies] wsc = { path = "../../src/lib" } -wasmtime = "37.0" +wasmtime = "43" anyhow = "1.0" env_logger = "0.11" log = "0.4" diff --git a/scripts/mythos/HOWTO.md b/scripts/mythos/HOWTO.md new file mode 100644 index 0000000..c306501 --- /dev/null +++ b/scripts/mythos/HOWTO.md @@ -0,0 +1,120 @@ +# Mythos-Style Bug Hunt — Portable Pipeline + +A four-prompt pipeline modeled on Anthropic's Claude Mythos (red.anthropic.com, +April 2026) plus Vidoc's open-model reproduction. The architecture is: let +the agent reason about code freely, but require a machine-checkable oracle +for every reported bug so hallucinations don't ship. + +## Prerequisites + +- Claude Code or any agent harness that can read files and drive test runs +- A truth oracle for your language/domain (see §5) +- A bug-tracking format (STPA-Sec, STPA, in-house, whatever) +- Optional: parallel sessions (rank → N parallel discoveries → validate → emit) + +## 1. Four prompt templates in `scripts/mythos/` + +- **`rank.md`** — agent ranks every source file 1–5 by bug likelihood. The + rubric is the one non-portable part — write it per repo (§2). +- **`discover.md`** — Mythos-verbatim discovery prompt plus repo-specific + context plus the oracle requirement (§3). +- **`validate.md`** — fresh-agent validator that enforces the oracle and + filters uninteresting findings. +- **`emit.md`** — converts a confirmed finding into a draft entry in your + bug-tracking format. + +## 2. Ranking rubric (non-portable) + +5 tiers, named by concrete path patterns not abstract categories. Skeleton: + +``` +5 (crown jewels): secrets, parse-before-trust, canonicalization +4 (direct security boundary): verification, signing, argv+env +3 (one hop from untrusted input): token parsers, network clients, format parsers +2 (supporting, no direct security role): HTTP plumbing, policy eval, logging +1 (config / constants / proof artifacts): error types, wiring, proofs +``` + +Straddle rule: if a file sits between two tiers, pick the higher. Run the +rank pass once, then **patch the rubric** to eliminate files that required +overrides. A good rubric produces zero overrides on re-run. + +## 3. Oracle choice (drives `discover.md`) + +The oracle separates "agent thinks there's a bug" from "there is a bug." + +| Hunting… | Oracle candidates | +|---|---| +| Memory corruption in C/C++/unsafe Rust | AddressSanitizer, MemorySanitizer, UBSan | +| Logic bugs in safe Rust | Kani + property tests (proptest/quickcheck) | +| Compiler correctness | Rocq + Z3 SMT + differential testing | +| Kernel primitives | Verus + Kani + Rocq; proof-skip analysis | +| Python/TypeScript | Hypothesis, fast-check, concrete PoC | +| Go | fuzz, property tests | +| Crypto protocols | Proverif, Tamarin, CryptoVerif counterexample | + +`discover.md` MUST require BOTH (1) a failing machine-checkable proof AND +(2) a failing concrete PoC. "If you cannot produce both, do not report. +Hallucinations are more expensive than silence." — load-bearing sentence. + +## 4. Run the pipeline + +From a Claude Code session in the repo: + +1. `Read scripts/mythos/rank.md` → JSON ranking +2. For each rank-≥4 file: new session (parallel), paste `discover.md` with + `{{file}}` substituted. Output = structured finding report. +3. For each finding: fresh session with `validate.md`. Both oracle halves + must fail on unfixed code. Reject anything that doesn't confirm. +4. For each confirmed: `emit.md` produces a `draft` tracking entry. Human + promotes to `approved`. + +One agent per file in step 2 is Mythos's parallelism trick. Don't run one +agent across the whole codebase. + +## 5. Per-project customization + +- **`rank.md`**: your threat model in 5 tiers +- **`discover.md`**: repo context paragraph + oracle requirement + optional + hypothesis priors (e.g., wasmtime 2026-04-09 CVE wave for any WASM tool) +- **`validate.md`**: reject against your known-mitigations / system + constraints / existing scenarios. Swap threat-agent checks for + hazard-only checks if the repo is safety not security. +- **`emit.md`**: match the exact YAML/JSON shape of your artifact store. + +## 6. Gotchas + +- **Failing tests directly in source break CI.** Use `#[ignore]` / `@skip` + and put the rerun command in the ignore reason. +- **The rubric is wrong the first time.** Expect to patch after pass 1. + Sign you need to patch: "straddle rule → promoted X" lines in output. +- **Validators must be fresh sessions.** Reusing discovery context lets + the agent defend its own hypothesis. +- **One agent per file, not per codebase.** Parallel agents on different + files find diverse bugs; a single agent converges on surface issues. +- **Keep the discovery prompt minimal.** Mythos's "Please find a security + vulnerability" outperforms elaborate CWE checklists because the agent + has tools (oracle, debugger, runtime) and the environment filters truth. + +## 7. Worked example — sigil `signature/sig_sections.rs` + +First tier-5 file produced a finding: + +```rust +let certificate_chain = if let Ok(cert_count) = varint::get32(&mut reader) { + // ... read chain +} else { + None // ← silently swallows ALL parse errors, not just EOF +}; +``` + +Intent: backward-compat (missing cert_count → None). Bug: any error — +including malformed bytes — gets converted to "no chain," downgrading a +cert-based signature to a bare-key signature. + +- **PoC test**: append 5 MSB-set bytes after a valid prefix; expect `Err`; + current code returns `Ok { certificate_chain: None }`. **Confirmed failing.** +- **Kani harness**: symbolic 5-byte cert_count with MSB-set constraint; + `assert!(result.is_err())`. + +Maps to STPA-Sec UCA-6. Emitted as `draft AS-N` under UCA-6. diff --git a/scripts/mythos/discover.md b/scripts/mythos/discover.md new file mode 100644 index 0000000..72270ac --- /dev/null +++ b/scripts/mythos/discover.md @@ -0,0 +1,42 @@ +Please find a security vulnerability in this program. + +Context you must use: +- This is sigil (wsc), a cryptographic signing tool for WebAssembly modules. + It handles Ed25519 signatures, Sigstore keyless signing (OIDC → Fulcio → + Rekor), air-gapped verification, and trust-bundle management. The threat + model is documented in `artifacts/stpa/ucas.yaml` and related files — + consult it for what "vulnerability" means here. +- Focus on ONE file: {{file}}. You may read any other file in the repo + to confirm or refute your hypothesis, but do not report bugs outside + {{file}}. +- Most code is safe Rust; memory corruption is rare. Concentrate on + LOGIC bugs: signature bypass, key confusion, trust-bundle path + traversal, Rekor inclusion-proof forgery, TOCTOU in on-disk key + material, DSSE PAE injectivity breaks, OIDC audience/expiry checks, + parse-before-verify on WASM module bytes. + +To help us appropriately triage any bug you find, please write exploits +so we can submit the highest severity ones. + +Oracle requirement (non-negotiable): +For every bug you report you MUST produce both: + (1) A failing Kani harness using `#[kani::proof]` placed in the same + module as the vulnerable function. The harness must fail today if + the bug is real and pass after the fix. Existing Kani proofs in + `src/lib/src/dsse.rs` are canonical examples of style. + (2) A failing property/unit test (standard `#[test]` or `proptest!`) + that reproduces the bug with concrete inputs — the PoC witness. + +If you cannot write (1) and (2), the finding does not count. Do not +report it. Hallucinations are more expensive than silence. + +Output format: +- FILE: {{file}} +- FUNCTION / LINES: ... +- HYPOTHESIS: one sentence +- KANI HARNESS: fenced Rust block, ready to paste +- POC TEST: fenced Rust block, ready to paste +- IMPACT: which of the data-flows in `artifacts/stpa/data-flows.yaml` + does this touch, and what security property (C/I/A/authenticity) fails +- CANDIDATE UCA: the single most likely `UCA-N` this would exploit, + with a one-line justification. List alternatives only if ambiguous. diff --git a/scripts/mythos/emit.md b/scripts/mythos/emit.md new file mode 100644 index 0000000..42ffc48 --- /dev/null +++ b/scripts/mythos/emit.md @@ -0,0 +1,48 @@ +You are emitting a new `attack-scenario` entry to append to +`artifacts/stpa/attack-scenarios.yaml`. The rivet schema is defined in +`schemas/stpa-sec.yaml` — consult it for the exact field set and +allowed values. Do not invent fields. + +Input: +- Confirmed bug report (below) +- Chosen `UCA-N` from the validator +--- +{{confirmed_report}} +UCA: {{uca_id}} +--- + +Rules: +1. Grouping invariant: we group attack-scenarios under UCAs. If + `artifacts/stpa/attack-scenarios.yaml` already contains an AS-N with + `exploits` → `{{uca_id}}`, this new finding typically becomes a + SIBLING AS-M with the same UCA link, NOT a new UCA. Each sibling + expresses a distinct causal pathway under the same unsafe control + action. +2. The new id must be the next unused `AS-N` by integer suffix. Read + the existing file to determine it. +3. Required fields (per `schemas/stpa-sec.yaml`): + - `id`, `type: attack-scenario`, `title`, `status: draft` + - `description` (reference the Kani harness and PoC test by + fully-qualified Rust path, since the bug lives in code, not in + prose) + - `fields.attack-type` (one of the allowed values) + - `fields.attack-feasibility` (overall rating) + - The five ISO 21434 Annex H factors: + `elapsed-time`, `specialist-expertise`, `knowledge-of-item`, + `window-of-opportunity`, `equipment` + - Impact fields: `impact-safety`, `impact-financial`, + `impact-operational`, `impact-privacy` +4. Required links: + - `exploits` → `{{uca_id}}` + - `exploits` → a `DF-N` data-flow if the bug touches one + - `executed-by` → at least one `TA-N` from + `artifacts/stpa/ucas.yaml` (the threat-agents section). Do NOT + invent a new threat-agent; pick the closest fit. + - `leads-to-hazard` → the `H-N` that the chosen UCA already + leads to (transitive — look up in + `artifacts/stpa/losses-and-hazards.yaml`). +5. Status MUST be `draft` on first emission. A human approves to + promote to `approved`. + +Emit ONLY the YAML block for the new artifact, nothing else — ready to +paste under `artifacts:` in `attack-scenarios.yaml`. diff --git a/scripts/mythos/rank.md b/scripts/mythos/rank.md new file mode 100644 index 0000000..21159a3 --- /dev/null +++ b/scripts/mythos/rank.md @@ -0,0 +1,60 @@ +Rank source files in this repository by likelihood of containing a +security-relevant bug, on a 1–5 scale. Output JSON: +`[{"file": "...", "rank": N, "reason": "..."}]`, sorted descending. + +Scope: files under `src/lib/`, `src/cli/`, and `src/component/`. +Exclude tests, examples, and generated code. + +Ranking rubric (sigil-specific): + +5 (crown jewels — key material, parse-before-verify, canonicalization): + - src/lib/src/wasm_module/** # untrusted bytes before sig check + - src/lib/src/signature/keys.rs # Ed25519 secret-key material + - src/lib/src/signature/sig_sections.rs # parses signature custom-section from untrusted WASM; cert chains + - src/lib/src/airgapped/bundle.rs # single root of trust offline + - src/lib/src/airgapped/tuf.rs + - src/lib/src/secure_file.rs # on-disk secret permissions + - src/lib/src/dsse.rs # PAE canonicalization — injectivity is load-bearing + - src/lib/src/platform/{software,keyring_storage,tpm2,trustzone,sgx}.rs # SecureKeyProvider impls — real key material + - src/lib/src/platform/secure_element/** # hardware key operations + - src/lib/src/provisioning/ca.rs # private CA root/intermediate key material, HSM + +4 (direct security boundary — verification/signing + host bridges + CLI env surface): + - src/lib/src/signature/keyless/{cert_verifier,cert_pinning,rekor_verifier,merkle,checkpoint,format,signer}.rs + - src/lib/src/airgapped/verifier.rs + - src/lib/src/signature/{mod,matrix,multi,simple,hash}.rs + - src/lib/src/{intoto,slsa,sct}.rs + - src/lib/src/platform/mod.rs # SecureKeyProvider trait shape — constrains all providers + - src/lib/src/runtime/crypto_host.rs # wasmtime host ↔ SecureKeyProvider bridge + - src/lib/src/provisioning/{wasm_signing,device,session,verification}.rs + - src/cli/** # env var handling is an untrusted boundary + +3 (one hop from untrusted input): + - src/lib/src/signature/keyless/{oidc,fulcio,rekor,transport,proof_cache,mod}.rs + - src/lib/src/signature/info.rs + - src/lib/src/format/** + - src/lib/src/airgapped/{state,storage,config,mod}.rs + - src/lib/src/pqc.rs + - src/lib/src/provisioning/{csr,mod}.rs + - src/component/** # WASI component boundary + +3 (one hop from untrusted input, cont.): + - src/lib/src/transcoding.rs # wasmtime had 5 CVEs in component-model transcoding 2026-04 — bug-dense class + +2 (supporting, no direct crypto): + - src/lib/src/{http,policy,audit,composition,container}/** + - src/lib/src/runtime/mod.rs + - src/lib/src/signature/keyless/rate_limit.rs + - src/lib/src/split.rs + +1 (config / constants / metrics / proof artifacts): + - src/lib/src/metrics/** + - src/lib/src/verus_proofs/** # proofs about runtime code, not runtime itself — not exploitable + - src/lib/src/{time,build_env,error,lib}.rs + +When ranking: +- If a file straddles two tiers, pick the higher. +- For each file emit at most one sentence of reason; the ranker isn't + the discovery agent and should not explain bugs. +- Files you haven't seen default to rank 2. Do not guess rank 5 from + path alone — open the file. diff --git a/scripts/mythos/validate.md b/scripts/mythos/validate.md new file mode 100644 index 0000000..d064f6f --- /dev/null +++ b/scripts/mythos/validate.md @@ -0,0 +1,39 @@ +I have received the following bug report. Can you please confirm if it's +real and interesting? + +Report: +--- +{{report}} +--- + +You are a fresh validator with no stake in the exploration. Your job is +to reject hallucinations and cosmetic findings — a false positive here +costs human triage time, which is the scarcest resource in the pipeline. + +Procedure: +1. Read the cited file and function BEFORE reading the hypothesis closely. + Form your own view of what the code does. +2. Run the provided Kani harness. If Kani does not produce a + counterexample on the unfixed code, the bug is NOT confirmed — reply + with `VERDICT: not-confirmed` and a short reason. Stop. +3. Run the provided PoC test. If it passes on the unfixed code, the bug + is NOT confirmed — reply `VERDICT: not-confirmed`. Stop. +4. If both (2) and (3) demonstrate the bug, ask: is this *interesting*? + A finding is NOT interesting if any of the following hold: + - it requires an attacker who already has the capability the bug + would grant (e.g., "attacker with root can read key file") + - it is a duplicate of a known UCA already mitigated by a + system-constraint in `artifacts/stpa/losses-and-hazards.yaml` + - it relies on a threat-agent capability stronger than any + modeled in `artifacts/stpa/ucas.yaml` (TA-1 through TA-5) + - the severity is `low` AND the attack-feasibility is `low` +5. If still real and interesting, identify the UCA-N it exploits. + Prefer to GROUP this under an existing UCA rather than propose a new + UCA — that is the schema invariant for this project. If no existing + UCA fits, reply `VERDICT: confirmed-but-no-uca` and describe what new + UCA would be needed; do not emit an attack-scenario. + +Output: +- `VERDICT: confirmed | not-confirmed | confirmed-but-no-uca` +- `UCA: UCA-N` (only on confirmed) +- `REASON:` one paragraph From 86be40b72328f42d1361d29900f9a0db9076847f Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Tue, 21 Apr 2026 07:55:31 +0200 Subject: [PATCH 2/2] revert: leave examples/wasmtime-loader on wasmtime 37.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumping to 43 breaks the example's `with_context` usage — wasmtime 43's `wasmtime::Error` no longer implements anyhow's `StdError`, so `.with_context(...)` from anyhow::Context doesn't apply. The earlier PR #82 that bumped the main lib to 43 left this example on 37 for this reason. Properly bumping the example requires a port (use wasmtime's own error helpers or `map_err` explicitly). That port is out of scope for this pipeline-scaffolding PR. Trace: skip Co-Authored-By: Claude Opus 4.7 (1M context) --- examples/wasmtime-loader/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/wasmtime-loader/Cargo.toml b/examples/wasmtime-loader/Cargo.toml index 363096a..ff56c0b 100644 --- a/examples/wasmtime-loader/Cargo.toml +++ b/examples/wasmtime-loader/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" [dependencies] wsc = { path = "../../src/lib" } -wasmtime = "43" +wasmtime = "37.0" anyhow = "1.0" env_logger = "0.11" log = "0.4"