core-be
121eb64f24
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 11s
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
CI / Python Lint & Test (pull_request) Successful in 4s
CI / Detect changes (pull_request) Successful in 8s
E2E API Smoke Test / detect-changes (pull_request) Successful in 8s
E2E Chat / detect-changes (pull_request) Successful in 7s
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Has been skipped
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 23s
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 37s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 4s
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 51s
Harness Replays / detect-changes (pull_request) Successful in 5s
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 4s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s
gate-check-v3 / gate-check (pull_request) Successful in 9s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m0s
qa-review / approved (pull_request) Successful in 5s
security-review / approved (pull_request) Failing after 4s
sop-checklist / na-declarations (pull_request) N/A: (none)
sop-checklist / all-items-acked (pull_request) Successful in 8s
sop-checklist / review-refire (pull_request) Has been skipped
sop-tier-check / tier-check (pull_request) Successful in 5s
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Successful in 6m52s
CI / Canvas (Next.js) (pull_request) Successful in 10s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
E2E Chat / E2E Chat (pull_request) Successful in 7s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 10s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m43s
Harness Replays / Harness Replays (pull_request) Successful in 6s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2m14s
CI / Platform (Go) (pull_request) Successful in 6m13s
CI / all-required (pull_request) Successful in 18m26s
audit-force-merge / audit (pull_request) Successful in 7s
#1673: validateCallerToken checked HasAnyLiveToken BEFORE the canvas classification. Once an RFC#637 canvas-user identity workspace acquired live tokens, canvas requests fell into the hasLive=true branch, which demands a bearer the canvas frontend never sends → silent 401 → the message was dropped before logA2AReceiveQueued wrote the activity_logs row, breaking canvas chat (and chat-history) for poll-mode workspaces. Safe mechanism (supersedes #1944): classify canvas users by the HUMAN's NON-FORGEABLE credential, evaluated BEFORE the peer-token contract: - middleware.IsVerifiedCanvasSession — the WorkOS session cookie confirmed upstream as a member of THIS tenant's org (/cp/auth/tenant-member). The production SaaS canvas path. - ADMIN_TOKEN bearer / live org_api_tokens row. A bare same-origin Host/Referer (middleware.IsSameOriginCanvas, documented in-repo as forgeable / cosmetic-only) is honored ONLY as a self-hosted/dev fallback when CP session verification is NOT configured — never in a SaaS combined-tenant image, where a forged Referer + arbitrary X-Workspace-ID would otherwise bypass registry.CanCommunicate and reach cross-workspace A2A. That is the privilege escalation #1944 introduced. Classification keys on the human's credential, not the caller's X-Workspace-ID, so it never trusts an attacker-supplied caller ID and is independent of whether the identity workspace holds peer tokens. Genuine token-holding peer workspaces are unaffected: with no cookie/admin/org credential they fall through to the existing bearer/ValidateToken gate. Tests: - TestProxyA2A_PollMode_CanvasUserWithVerifiedSession — the #1673 regression: poll-mode canvas-user identity WITH live tokens + a CP-verified session → 200 queued + activity_logs row written, with NO SELECT COUNT(*) (proving the canvas check precedes HasAnyLiveToken). Subprocess test with CANVAS_PROXY_URL set at init. - TestProxyA2A_ForgedSameOrigin_CannotBypassCanCommunicate — the security crux: combined-tenant image, forged same-origin Host/Referer + arbitrary X-Workspace-ID, no verified session → must fall through to CanCommunicate, which DENIES (403). Proves the escalation is closed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>