Skip to content

fix(agent): route set_identity through agent to preserve meta-tag integrity#242

Merged
jgowdy-godaddy merged 3 commits into
mainfrom
fix/set-identity-meta-tag
May 21, 2026
Merged

fix(agent): route set_identity through agent to preserve meta-tag integrity#242
jgowdy-godaddy merged 3 commits into
mainfrom
fix/set-identity-meta-tag

Conversation

@jgowdy-godaddy
Copy link
Copy Markdown
Contributor

@jgowdy-godaddy jgowdy-godaddy commented May 21, 2026

Summary

  • Root cause: sshenc identity called save_meta() directly from the CLI, modifying .meta without updating the keychain HMAC meta-tag. This broke all signing after setting an identity.
  • Fix: Added SetIdentity agent IPC message (0xF7). The CLI now sends identity updates through the agent, which modifies .meta and atomically re-stamps the meta-tag.
  • Also fixed error swallowing in the sign path where backend.get() failures logged "key lookup failed" without the actual error.
  • Updated AGENTS.md with stronger CI/CD-only binary guidance.

Changes

File Change
sshenc-agent-proto/src/message.rs Add SetIdentity message type (0xF7), parse, serialize, tests
sshenc-agent-proto/src/client.rs Add try_set_identity_via_socket()
sshenc-agent/src/server.rs Add SetIdentity handler; fix error logging in sign path
sshenc-cli/src/main.rs Pass socket_path to run_command
sshenc-cli/src/commands.rs Rewrite set_identity() to route through agent IPC
sshenc-se/src/compat.rs Add warning field to KeyMeta literal
AGENTS.md Strengthen CI/CD-only binary guidance

Companion PR

Test plan

  • cargo test --workspace — 622 tests pass, 0 failures
  • cargo clippy --workspace --all-targets -- -D warnings — clean
  • cargo fmt --all -- --check — clean
  • Manual e2e: keygen → identity → sign → verify signing still works

Closes #240

@jgowdy-godaddy
fix(agent): route set_identity through agent to preserve meta-tag int…
7596976 
…egrity

set_identity previously called save_meta() directly from the CLI process,
modifying the .meta file without updating the HMAC meta-tag in the keychain.
This broke all subsequent sign operations because ensure_meta_integrity()
detected the file/tag mismatch and rejected it as tampering.

Route identity updates through a new SetIdentity agent IPC message (0xF7).
The agent modifies the .meta file and atomically re-stamps the meta-tag,
maintaining integrity. Also fix error swallowing in the sign path where
backend.get() failures were logged without the actual error message, and
update AGENTS.md with stronger CI/CD-only binary guidance.

Closes #240
@jgowdy-godaddy
fix(agent): make meta-tag re-stamp non-fatal in SetIdentity
d62af93 
On platforms where the meta-integrity store is unavailable (e.g. Linux
without Secret Service), perform_migrate_meta fails. Since the identity
metadata was already saved successfully, log the re-stamp failure as a
warning instead of propagating it as an error.
@jgowdy-godaddy
fix(e2e): start agent before sshenc identity in tests
475e949 
sshenc identity now routes through the agent IPC, so the agent must
be running. Two e2e tests called sshenc identity without starting the
agent first: gitenc_config_signs_commit_and_verifies and
identity_persists_through_metadata.
@jgowdy-godaddy jgowdy-godaddy merged commit 7c509cb into main May 21, 2026
7 checks passed
@jgowdy-godaddy jgowdy-godaddy deleted the fix/set-identity-meta-tag branch May 21, 2026 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jgowdy-godaddy