fix(agent): harden macos es/ne scaffolding and supervision#179
fix(agent): harden macos es/ne scaffolding and supervision#179bb-connor wants to merge 1 commit into
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| case latencyMs = "latency_ms" | ||
| case deadlineMs = "deadline_ms" | ||
| case notifyObserved = "notify_observed" | ||
| } |
There was a problem hiding this comment.
AuthorizationEvent excludes observedAt from CodingKeys
Medium Severity
The AuthorizationEvent struct declares an observedAt: Date? property but the CodingKeys enum does not include a corresponding case for it. This means observedAt is silently excluded from JSON encoding and decoding. While the exceededDeadline computed property still works at runtime, any serialized AuthorizationEvent will lose the observedAt value, making it impossible to reconstruct timestamps from JSON fixtures or status tool output.
| } else { | ||
| EnforcementLevel::Kernel | ||
| } | ||
| } |
There was a problem hiding this comment.
Supervised mode always reports degraded on macOS
Medium Severity
effective_enforcement_level always returns Degraded on macOS even for a fully successful supervised_mode(true, true, None) call, because default_provider_states unconditionally adds ProviderState::unknown(...) entries for endpoint_security and network_extension with active: false and healthy: false. The has_degraded_provider check in effective_enforcement_level fires on these, preventing the code from ever reaching the KernelSupervised return path on macOS. This means receipts for legitimate supervised sandbox runs on macOS always claim degraded enforcement, which may cause downstream trust/verification logic to treat valid runs as untrusted.
Additional Locations (1)
|
Superseded by #180 after moving the work to fix/macos-es-ne-hardening. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c52c469b75
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| Ok(Json(AgentHealthResponse { | ||
| status: "ok", | ||
| status: macos_host_health_status(&macos_host), |
There was a problem hiding this comment.
This now sets top-level health to macos_host_health_status(...), but on non-macOS builds start_status_collector is a no-op (apps/agent/src-tauri/src/macos/mod.rs), so MacosHostService stays at its default unknown state and /api/v1/agent/health reports "pending" indefinitely even when daemon/session are healthy. That makes readiness/monitoring checks fail on Linux/Windows; the top-level status should be gated to macOS-only host checks (or remain "ok" off macOS).
Useful? React with 👍 / 👎.
1 participant
Summary
Testing
Note
Medium Risk
Touches security-adjacent areas (sandbox attestation/receipt semantics) and modifies macOS packaging/release workflows, which could block releases or change reported health if the new validation/status tooling misbehaves.
Overview
Adds macOS EndpointSecurity/NetworkExtension scaffolding under
apps/agent/src-tauri/macos/system-extension(Swift packages, status tools, fixtures/tests, and packaging entitlements/plist templates) and wires a newMacosHostService+ periodic collector into the agent to surface combined host status in/api/v1/agent/healthand local heartbeat payloads.Hardens build/release gating for macOS packaging:
build.rsvalidates required assets +tauri.conf.jsonentries (optionally fails release builds if placeholders/scaffold markers remain), CI and release workflows add checks and switch DMG build to a notarization script with required signing/notary env.Extends sandbox/receipt attestation to include provider-level states, degraded enforcement semantics, and additional counters/hints; updates
hush-clisupervised execution to fail closed on non-Linux (marking supervised runs as degraded with an explicit failure) and adjusts tests accordingly.Written by Cursor Bugbot for commit c52c469. This will update automatically on new commits. Configure here.