Skip to content

Commit 4a8a77d

Browse files
khaliqgantclaude
andcommitted
fix(security): add sender_kind guard in control.rs
Prevent agents from spoofing human identity by naming themselves "human:..." to bypass release ACL checks. When sender_kind is explicitly Agent, immediately return false regardless of name string. Cherry-picked from PR #412. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 3a58f7d commit 4a8a77d

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

relay-broker/src/control.rs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,11 @@ pub fn is_human_sender(sender: &str, sender_kind: SenderKind) -> bool {
44
if matches!(sender_kind, SenderKind::Human) {
55
return true;
66
}
7-
7+
// If the protocol explicitly marks the sender as an agent, trust that.
8+
if matches!(sender_kind, SenderKind::Agent) {
9+
return false;
10+
}
11+
// Fallback heuristic for Unknown sender_kind (e.g. command.invoked events).
812
let s = sender.trim().to_ascii_lowercase();
913
s == "human" || s.starts_with("human:")
1014
}
@@ -23,6 +27,8 @@ mod tests {
2327
assert!(is_human_sender("alice", SenderKind::Human));
2428
assert!(is_human_sender("human:alice", SenderKind::Unknown));
2529
assert!(!is_human_sender("Worker1", SenderKind::Agent));
30+
// Explicit Agent kind overrides string heuristic
31+
assert!(!is_human_sender("human:spoofed", SenderKind::Agent));
2632
}
2733

2834
#[test]

0 commit comments

Comments
 (0)