Harden sandbox validation and scanners

Author: SecAI-Hub

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
           cache-dependency-path: services/${{ matrix.service }}/go.sum
 
       - name: Build
@@ -268,7 +268,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
 
       - name: Install cosign (signing & attestation)
         run: |
@@ -457,7 +457,7 @@ jobs:
 
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
 
       - name: Install Python dependencies
         run: pip install -r requirements-ci.txt
@@ -487,7 +487,7 @@ jobs:
 
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
@@ -509,7 +509,7 @@ jobs:
 
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
@@ -820,7 +820,7 @@ jobs:
 
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
 
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
@@ -861,9 +861,11 @@ jobs:
         run: python -m pytest tests/test_m5_acceptance.py -v --tb=short
 
       - name: Release gate summary
+        env:
+          REF_NAME: ${{ github.ref_name }}
         run: |
           {
             echo "## Release Gate: PASSED"
-            echo "Branch: ${{ github.ref_name }}"
+            echo "Branch: ${REF_NAME}"
             echo "All hardened checks passed for release branch."
           } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/release.yml

@@ -86,24 +86,30 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
-          go-version: "1.25"
+          go-version: "1.25.10"
           cache-dependency-path: services/${{ matrix.service }}/go.sum
 
       - name: Build (linux/amd64)
         working-directory: services/${{ matrix.service }}
+        env:
+          SERVICE: ${{ matrix.service }}
+          VERSION: ${{ github.ref_name }}
         run: |
           mkdir -p ../../dist
           CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
-            go build -ldflags="-s -w -X main.version=${{ github.ref_name }}" \
-            -o ../../dist/${{ matrix.service }}-linux-amd64 .
+            go build -ldflags="-s -w -X main.version=${VERSION}" \
+            -o "../../dist/${SERVICE}-linux-amd64" .
 
       - name: Build (linux/arm64)
         working-directory: services/${{ matrix.service }}
+        env:
+          SERVICE: ${{ matrix.service }}
+          VERSION: ${{ github.ref_name }}
         run: |
           mkdir -p ../../dist
           CGO_ENABLED=0 GOOS=linux GOARCH=arm64 \
-            go build -ldflags="-s -w -X main.version=${{ github.ref_name }}" \
-            -o ../../dist/${{ matrix.service }}-linux-arm64 .
+            go build -ldflags="-s -w -X main.version=${VERSION}" \
+            -o "../../dist/${SERVICE}-linux-arm64" .
 
       - name: Generate SBOM (Syft)
         uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0
@@ -208,6 +214,8 @@ jobs:
           done
 
       - name: Generate sandbox OpenVEX document
+        env:
+          DOCUMENT_ID: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/custom-python.vex.json
         run: |
           mkdir -p dist
           python3 scripts/security/generate_custom_python_vex.py \
@@ -216,7 +224,7 @@ jobs:
             --image secai-sandbox-search-mediator:latest \
             --image secai-sandbox-diffusion:latest \
             --include-unicode-locale-glibc \
-            --document-id "https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/custom-python.vex.json" \
+            --document-id "${DOCUMENT_ID}" \
             --output dist/custom-python.vex.json
 
       - name: Upload OpenVEX artifact
@@ -302,12 +310,14 @@ jobs:
           sudo apt-get install -y podman xz-utils
 
       - name: Build portable USB image
+        env:
+          VERSION: ${{ github.ref_name }}
         run: |
           mkdir -p dist
           sudo bash scripts/build-usb-image.sh \
             --image-ref "ghcr.io/secai-hub/secai_os:latest" \
             --output-dir ./dist \
-            --version "${{ github.ref_name }}"
+            --version "${VERSION}"
 
       - name: Install cosign
         run: |
@@ -361,18 +371,19 @@ jobs:
           chmod +x /usr/local/bin/cosign
 
       - name: Sign VM artifacts
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+          VERSION: ${{ github.ref_name }}
         run: |
           mkdir -p dist
-          cp output/secai-os.qcow2 "dist/secai-os-${{ github.ref_name }}.qcow2"
-          cp output/secai-os.ova "dist/secai-os-${{ github.ref_name }}.ova"
-          for f in dist/secai-os-${{ github.ref_name }}.qcow2 dist/secai-os-${{ github.ref_name }}.ova; do
+          cp output/secai-os.qcow2 "dist/secai-os-${VERSION}.qcow2"
+          cp output/secai-os.ova "dist/secai-os-${VERSION}.ova"
+          for f in "dist/secai-os-${VERSION}.qcow2" "dist/secai-os-${VERSION}.ova"; do
             cosign sign-blob --yes \
               --key env://COSIGN_PRIVATE_KEY \
               --output-signature "${f}.sig" \
               "$f"
           done
-        env:
-          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
       - name: Upload VM artifacts
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
@@ -409,9 +420,10 @@ jobs:
           install -m 0644 scripts/release/secai-os-run-docker.ps1 dist/secai-os-run-docker.ps1
 
       - name: Record release image digest
+        env:
+          IMAGE_REF: ghcr.io/${{ github.repository }}
+          TAG: ${{ github.ref_name }}
         run: |
-          IMAGE_REF="ghcr.io/${{ github.repository }}"
-          TAG="${{ github.ref_name }}"
           DIGEST=$(skopeo inspect "docker://${IMAGE_REF}:${TAG}" 2>/dev/null | jq -r '.Digest' || echo "")
           if [ -n "$DIGEST" ] && [ "$DIGEST" != "null" ]; then
             echo "${DIGEST}" > dist/IMAGE_DIGEST
@@ -428,6 +440,12 @@ jobs:
           fi
 
       - name: Generate release manifest
+        env:
+          COMMIT_SHA: ${{ github.sha }}
+          IMAGE_REF: ghcr.io/${{ github.repository }}
+          TAG: ${{ github.ref_name }}
+          WORKFLOW_REF: ${{ github.workflow_ref }}
+          WORKFLOW_RUN: ${{ github.run_id }}
         run: |
           cd dist
 
@@ -482,8 +500,8 @@ jobs:
           # Build manifest JSON
           jq -n \
             --arg schema_version "1" \
-            --arg tag "${{ github.ref_name }}" \
-            --arg image_ref "ghcr.io/${{ github.repository }}" \
+            --arg tag "${TAG}" \
+            --arg image_ref "${IMAGE_REF}" \
             --arg image_digest "$IMAGE_DIGEST" \
             --arg image_ref_pinned "$IMAGE_REF_PINNED" \
             --argjson binaries "$BINARIES_JSON" \
@@ -493,9 +511,9 @@ jobs:
             --arg provenance_type "https://slsa.dev/provenance/v1" \
             --arg checksum_file "SHA256SUMS" \
             --arg signature_file "SHA256SUMS.sig" \
-            --arg commit_sha "${{ github.sha }}" \
-            --arg workflow_run "${{ github.run_id }}" \
-            --arg workflow_ref "${{ github.workflow_ref }}" \
+            --arg commit_sha "${COMMIT_SHA}" \
+            --arg workflow_run "${WORKFLOW_RUN}" \
+            --arg workflow_ref "${WORKFLOW_REF}" \
             --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
             '{
               schema_version: $schema_version,
@@ -571,18 +589,20 @@ jobs:
           subject-path: "dist/*-linux-*"
 
       - name: Attest SBOMs
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+          IMAGE_REF: ghcr.io/${{ github.repository }}
+          TAG: ${{ github.ref_name }}
         run: |
           for sbom in dist/*-sbom.cdx.json; do
             service=$(basename "$sbom" -sbom.cdx.json)
-            image_ref="ghcr.io/${{ github.repository }}:${{ github.ref_name }}-${service}"
+            image_ref="${IMAGE_REF}:${TAG}-${service}"
             cosign attest --yes --type cyclonedx \
               --predicate "$sbom" \
               --key env://COSIGN_PRIVATE_KEY \
               "$image_ref" || \
               echo "WARN: cosign attest skipped for ${service} (no matching image)"
           done
-        env:
-          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
       - name: Create GitHub Release (binaries + SBOMs + checksums)
         if: ${{ !inputs.dry_run }}

.github/workflows/vm-boot-smoke.yml

@@ -41,15 +41,18 @@ jobs:
         id: image
         env:
           GH_TOKEN: ${{ github.token }}
+          IMAGE_DIGEST_INPUT: ${{ inputs.image_digest }}
+          REF_NAME: ${{ github.ref_name }}
+          REPOSITORY: ${{ github.repository }}
         run: |
-          if [ -n "${{ inputs.image_digest }}" ]; then
-            DIGEST="${{ inputs.image_digest }}"
+          if [ -n "${IMAGE_DIGEST_INPUT}" ]; then
+            DIGEST="${IMAGE_DIGEST_INPUT}"
           else
             echo "Fetching IMAGE_DIGEST artifact from latest build workflow run..."
-            RUN_ID=$(gh api "repos/${{ github.repository }}/actions/workflows/build.yml/runs?branch=${{ github.ref_name }}&status=success&per_page=1" \
+            RUN_ID=$(gh api "repos/${REPOSITORY}/actions/workflows/build.yml/runs?branch=${REF_NAME}&status=success&per_page=1" \
               --jq '.workflow_runs[0].id' 2>/dev/null || echo "")
             if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then
-              echo "ERROR: No successful build.yml run found for ref ${{ github.ref_name }}"
+              echo "ERROR: No successful build.yml run found for ref ${REF_NAME}"
               exit 1
             fi
             echo "Using build run: ${RUN_ID}"

README.md

@@ -315,8 +315,8 @@ All CI jobs are defined in [`.github/workflows/ci.yml`](.github/workflows/ci.yml
 
 | Job | Workflow Link | What It Proves |
 |-----|--------------|---------------|
-| `go-build-and-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 428 Go tests across 9 services with `-race` (build, test, vet) |
-| `python-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 1,136 Python tests (unit/integration + adversarial/acceptance), ruff lint, bandit security scan (enforced on HIGH/HIGH), mypy type checking |
+| `go-build-and-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 429 Go tests across 9 services with `-race` (build, test, vet) |
+| `python-test` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | 1,154 Python tests (unit/integration + adversarial/acceptance), ruff lint, bandit security scan (enforced on HIGH/HIGH), mypy type checking |
 | `appsec-lint` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Hadolint for container build files and Semgrep project security rules |
 | `security-regression` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | Adversarial test suite: prompt injection, policy bypass, containment, recovery |
 | `supply-chain-verify` | [View job](https://github.com/SecAI-Hub/SecAI_OS/actions/workflows/ci.yml) | SBOM generation via Syft, cosign availability, provenance keywords in release/build workflows |
@@ -338,7 +338,7 @@ All CI jobs are defined in [`.github/workflows/ci.yml`](.github/workflows/ci.yml
 | [API Reference](docs/api.md) | HTTP API for all services |
 | [Policy Schema](docs/policy-schema.md) | Full policy.yaml schema reference |
 | [Security Status](docs/security-status.md) | Implementation status of all 54 milestones |
-| [Test Matrix](docs/test-matrix.md) | Test coverage: 1,564 tests across Go and Python (see [test-counts.json](docs/test-counts.json)) |
+| [Test Matrix](docs/test-matrix.md) | Test coverage: 1,583 tests across Go and Python (see [test-counts.json](docs/test-counts.json)) |
 | [Compatibility Matrix](docs/compatibility-matrix.md) | GPU, VM, and hardware support |
 | [Security Test Matrix](docs/security-test-matrix.md) | Security feature test coverage |
 | [FAQ](docs/faq.md) | Common questions |
@@ -456,13 +456,13 @@ Privacy: Tor-routed, PII stripped, injection detection, privacy-preserving query
 ## Running Tests
 
 ```bash
-# Go tests (428 total across 9 services)
+# Go tests (429 total across 9 services)
 for svc in airlock registry tool-firewall gpu-integrity-watch mcp-firewall \
            policy-engine runtime-attestor integrity-monitor incident-recorder; do
   (cd services/$svc && go test -v -race ./...)
 done
 
-# Python tests (1,136 total)
+# Python tests (1,154 total)
 python -m pip install -r requirements-ci.txt
 PYTHONPATH=services python -m pytest tests/ -v
 
@@ -564,7 +564,7 @@ services/
   search-mediator/          Python -- Tor-routed web search (:8485)
   ui/                       Python/Flask -- Web UI (:8480)
   common/                   Python -- Shared utilities (audit, auth, mlock)
-tests/                      1,136 Python tests, 428 Go tests (1,564 total)
+tests/                      1,154 Python tests, 429 Go tests (1,583 total)
 docs/                       Architecture, API, threat model, install guides
 schemas/                    OpenAPI spec, JSON Schema for config files
 examples/                   Task-oriented walkthroughs

deploy/sandbox/compose.yaml

@@ -195,7 +195,7 @@ services:
       - "9050"
     tmpfs:
       - /tmp:rw,noexec,nosuid,nodev,size=64m
-      - /var/lib/tor:rw,nosuid,nodev,size=32m,uid=100,gid=101
+      - /var/lib/tor:rw,nosuid,nodev,size=128m,uid=100,gid=101
     healthcheck:
       test: ["CMD-SHELL", "nc -z 127.0.0.1 9050 || exit 1"]
       interval: 15s

deploy/sandbox/searxng/Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/searxng/searxng@sha256:37c616a774b90fb5df9239eb143f1b11866ddf7b830cd1ebcca6ba11b38cc2bf
+FROM docker.io/searxng/searxng@sha256:e37c25170d9f5947b16713af33e0ab41f0e6e6e73685e19c30fc6bb63562f801
 
 USER root
 

deploy/sandbox/tor/Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/alpine:3.22@sha256:310c62b5e7ca5b08167e4384c68db0fd2905dd9c7493756d356e893909057601
+FROM docker.io/library/alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11
 
 RUN apk add --no-cache tor
 

docs/install/dev.md

@@ -6,7 +6,7 @@ This guide covers running SecAI OS services locally for development and testing,
 
 ## Prerequisites
 
-- **Go 1.25+** for building Go services
+- **Go 1.25.10+** for building Go services
 - **Python 3.12 recommended** for running Python services. CI and lockfiles use Python 3.12; package metadata still allows Python 3.11 where scanner compatibility requires it.
 - **pip** for Python dependency management
 - **git** for version control