Wire multi-sig relay URLs from workspace config and document release gate.

johnteee · cursoragent · johnteee · commit 5c74a7c6c1c2 · 2026-05-29T22:03:45.000+08:00
Load peer_relay_urls and local_relay_base_url from .teaagent/config.json, add WAN deployment guide and config template, and record Dependabot #10 resolution steps with full pre-commit verification notes. Constraint: Dependabot dismiss requires GitHub UI or authenticated gh API. Tested: TEAAGENT_PRECOMMIT_FULL=1 pre-commit (all hooks passed); uv run pytest -q (2641 passed). Confidence: high Co-authored-by: Cursor <cursoragent@cursor.com>
diff --git a/SECURITY.md b/SECURITY.md
@@ -218,6 +218,23 @@ uv export --format requirements-txt -o /tmp/req.txt
 uv run pip-audit -r /tmp/req.txt
 ```
 
+**Dependabot alert #10 (CVE-2026-23949):** Resolved in-tree as of 2026-05-29 — `uv.lock`
+pins `jaraco-context` **6.1.2** (>= 6.1.0). Dismiss in GitHub **Security → Dependabot →
+alert #10 → Close as fixed** with reason: *fix already on default branch*.
+
+```bash
+# Verify locally
+python3 -c "import importlib.metadata as m; print(m.version('jaraco.context'))"
+teaagent selftest --root .
+```
+
+If `gh` is installed and authenticated:
+
+```bash
+gh api -X PATCH repos/TeaEntityLab/teaAgent/dependabot/alerts/10 \
+  -f state=fixed -f dismissed_reason=fix_started
+```
+
 If GitHub Dependabot still reports an open alert while `pip-audit` is clean, reconcile
 in the repository **Security → Dependabot** UI (dismiss as fixed/upstream, or refresh
 the lockfile after the advisory maps to a patched release).
diff --git a/docs/dependabot-alert-10.md b/docs/dependabot-alert-10.md
@@ -0,0 +1,24 @@
+# Dependabot alert #10 — CVE-2026-23949 (`jaraco.context`)
+
+## Status: fixed on `main` (dismiss in GitHub UI)
+
+| Check | Result |
+|-------|--------|
+| `uv.lock` | `jaraco-context` **6.1.2** |
+| Constraint | `pyproject.toml` → `[tool.uv] constraint-dependencies` → `>=6.1.0` |
+| Selftest | `teaagent selftest` → `jaraco_context.ok: true` when installed |
+
+## Dismiss (maintainer)
+
+GitHub → **Security** → **Dependabot** → alert **#10** → **Close as fixed**
+
+Reason: *Vulnerability is patched in default branch (jaraco-context 6.1.2).*
+
+Or with authenticated `gh`:
+
+```bash
+gh api -X PATCH repos/TeaEntityLab/teaAgent/dependabot/alerts/10 \
+  -f state=fixed \
+  -f dismissed_reason=fix_started \
+  -f dismissed_comment='uv.lock pins jaraco-context 6.1.2 (>=6.1.0)'
+```
diff --git a/docs/http-surface-auth.md b/docs/http-surface-auth.md
@@ -111,8 +111,12 @@ teaagent sync signature-relay submit \
   --request-id <id> --peer-id peer-1 --signature "<ssh-blob>"
 ```
 
-Configure `MultiSigQuorumConfig.local_relay_base_url` and `peer_relay_urls` in policy,
-or set `TEAAGENT_SIGNATURE_RELAY_TOKEN` / `TEAAGENT_RELAY_TOKEN` for HTTP client auth.
+Set relay URLs in `.teaagent/config.json` under `multi_sig` (loaded automatically by
+`ApprovalPolicy` / `chat_agent`). See
+[multi-sig-wan-deployment.md](multi-sig-wan-deployment.md) and
+[templates/multi-sig/config.json.example](../templates/multi-sig/config.json.example).
+
+Set `TEAAGENT_SIGNATURE_RELAY_TOKEN` / `TEAAGENT_RELAY_TOKEN` for HTTP client auth.
 
 API:
 
diff --git a/docs/multi-sig-wan-deployment.md b/docs/multi-sig-wan-deployment.md
@@ -0,0 +1,50 @@
+# WAN multi-sig deployment
+
+Configure HTTP signature relay URLs in workspace policy so `ApprovalPolicy` loads
+them automatically from `.teaagent/config.json`.
+
+## 1. Collector (requester workspace)
+
+Copy [templates/multi-sig/config.json.example](../templates/multi-sig/config.json.example)
+to `.teaagent/config.json` and set:
+
+- `local_relay_base_url` — public URL of **this** workspace's signature relay
+- `peer_relay_urls` — map each `peer_agent_ids` entry to that peer's relay base URL
+
+Start the collector relay (behind TLS termination in production):
+
+```bash
+teaagent sync signature-relay serve \
+  --host 127.0.0.1 --port 8791 \
+  --api-token-file .teaagent/relay-tokens.json
+```
+
+Export for peers signing remotely:
+
+```bash
+export TEAAGENT_SIGNATURE_RELAY_TOKEN="<token from relay-tokens.json>"
+```
+
+## 2. Peer workspaces
+
+Each peer runs its own relay and receives approval requests via HTTP POST from the
+requester. After review, peers submit signatures:
+
+```bash
+teaagent sync signature-relay submit \
+  --relay-url https://collector.example:8791 \
+  --request-id "<request_id>" \
+  --peer-id peer-a \
+  --signature "<ssh-signature-blob>"
+```
+
+## 3. Verification
+
+- `uv.lock` pins `jaraco-context` 6.1.2+ (CVE-2026-23949 / Dependabot #10)
+- `teaagent selftest` reports `jaraco_context.ok: true` when the package is installed
+- Run `TEAAGENT_PRECOMMIT_FULL=1 pre-commit run --all-files` before release tags
+
+## Related
+
+- [http-surface-auth.md](http-surface-auth.md) — bearer tokens and relay headers
+- [ADR 0008](adr/0008-p4-strategic-posture.md) — strategic posture
diff --git a/docs/plans/remediation-roadmap.md b/docs/plans/remediation-roadmap.md
@@ -71,6 +71,9 @@ Principle: **smallest verifiable step** per phase; no big-bang refactors.
 
 Full SQLite audit/run migration remains **P4+ / backlog** — not started.
 
+**Release gate (2026-05-29):** `TEAAGENT_PRECOMMIT_FULL=1 pre-commit run --all-files` green;
+`uv run pytest -q` → 2641 passed. Dependabot #10: dismiss as *fixed* (`jaraco-context` 6.1.2 in `uv.lock`).
+
 ---
 
 ## Cost controls (operational)
diff --git a/teaagent/chat_agent.py b/teaagent/chat_agent.py
@@ -29,7 +29,7 @@
     LLMRequest,
 )
 from teaagent.memory import MemoryCatalog, memory_entries_to_prompt
-from teaagent.policy import ApprovalPolicy, PermissionMode
+from teaagent.policy import ApprovalPolicy, MultiSigQuorumConfig, PermissionMode
 from teaagent.prompt import (
     DECISION_JSON_SCHEMA,
     assemble_agent_prompt,
@@ -478,6 +478,7 @@ def run_chat_agent(
             permission_mode=config.permission_mode,
             approval_store=approval_store,
             approval_origin_run_id=context_extra.get('resumed_from') or run_id,
+            multi_sig_config=MultiSigQuorumConfig.from_workspace_config(config.root),
         ),
         approval_handler=config.approval_handler,
         compactor=ContextCompactor(memory_keys=('task_spec', 'memories')),
diff --git a/teaagent/policy.py b/teaagent/policy.py
@@ -12,6 +12,7 @@
 import warnings
 from dataclasses import dataclass, field
 from enum import Enum
+from pathlib import Path
 from typing import TYPE_CHECKING, Any, Optional
 
 from teaagent.errors import ToolPermissionError
@@ -110,6 +111,48 @@ class MultiSigQuorumConfig:
     )  # Patterns triggering multi-sig
     timeout_seconds: int = 300  # Timeout for collecting signatures
 
+    @classmethod
+    def from_workspace_config(cls, root: str | Path) -> MultiSigQuorumConfig:
+        """Load ``multi_sig`` section from ``<root>/.teaagent/config.json``."""
+        from teaagent.config_loader import load_workspace_config
+
+        section = load_workspace_config(root).get('multi_sig')
+        if not isinstance(section, dict):
+            return cls()
+
+        peer_ids = section.get('peer_agent_ids') or []
+        if not isinstance(peer_ids, list):
+            peer_ids = []
+
+        patterns = section.get('high_risk_patterns') or []
+        if not isinstance(patterns, list):
+            patterns = []
+
+        relay_urls = section.get('peer_relay_urls') or {}
+        if not isinstance(relay_urls, dict):
+            relay_urls = {}
+
+        public_keys = section.get('peer_public_keys') or {}
+        if not isinstance(public_keys, dict):
+            public_keys = {}
+
+        local_relay = section.get('local_relay_base_url')
+        local_relay_url = str(local_relay).strip() if local_relay else None
+        if local_relay_url == '':
+            local_relay_url = None
+
+        return cls(
+            enabled=bool(section.get('enabled', False)),
+            required_approvals=int(section.get('required_approvals', 2)),
+            peer_agent_ids=[str(item) for item in peer_ids],
+            peer_public_keys={str(k): str(v) for k, v in public_keys.items()},
+            peer_relay_urls={str(k): str(v).rstrip('/') for k, v in relay_urls.items()},
+            local_relay_base_url=local_relay_url,
+            allow_dev_signatures=bool(section.get('allow_dev_signatures', False)),
+            high_risk_patterns=[str(item) for item in patterns],
+            timeout_seconds=int(section.get('timeout_seconds', 300)),
+        )
+
 
 @dataclass(frozen=True)
 class ApprovalRequest:
diff --git a/templates/multi-sig/config.json.example b/templates/multi-sig/config.json.example
@@ -0,0 +1,19 @@
+{
+  "multi_sig": {
+    "enabled": true,
+    "required_approvals": 2,
+    "peer_agent_ids": ["peer-a", "peer-b"],
+    "peer_public_keys": {
+      "peer-a": "ssh-ed25519 AAAA... peer-a@host",
+      "peer-b": "ssh-ed25519 AAAA... peer-b@host"
+    },
+    "peer_relay_urls": {
+      "peer-a": "https://peer-a.example:8791",
+      "peer-b": "https://peer-b.example:8791"
+    },
+    "local_relay_base_url": "https://collector.example:8791",
+    "timeout_seconds": 300,
+    "high_risk_patterns": ["/prod", "/production"],
+    "allow_dev_signatures": false
+  }
+}
diff --git a/tests/test_policy.py b/tests/test_policy.py
@@ -767,6 +767,39 @@ def test_multi_sig_config_defaults(self) -> None:
         self.assertEqual(config.high_risk_patterns, [])
         self.assertEqual(config.timeout_seconds, 300)
 
+    def test_multi_sig_config_from_workspace_json(self) -> None:
+        import json
+        import tempfile
+        from pathlib import Path
+
+        with tempfile.TemporaryDirectory() as tmpdir:
+            root = Path(tmpdir)
+            (root / '.teaagent').mkdir()
+            (root / '.teaagent' / 'config.json').write_text(
+                json.dumps(
+                    {
+                        'multi_sig': {
+                            'enabled': True,
+                            'required_approvals': 2,
+                            'peer_agent_ids': ['peer-a'],
+                            'peer_relay_urls': {
+                                'peer-a': 'https://peer-a.example:8791'
+                            },
+                            'local_relay_base_url': 'https://collector.example:8791',
+                        }
+                    }
+                ),
+                encoding='utf-8',
+            )
+            config = MultiSigQuorumConfig.from_workspace_config(root)
+            self.assertTrue(config.enabled)
+            self.assertEqual(
+                config.peer_relay_urls['peer-a'], 'https://peer-a.example:8791'
+            )
+            self.assertEqual(
+                config.local_relay_base_url, 'https://collector.example:8791'
+            )
+
     def test_multi_sig_config_custom(self) -> None:
         """Verify custom multi-sig configuration."""
         config = MultiSigQuorumConfig(
