Expand description
SDK identity classification (AAASM-3621).
A pure, no-I/O classifier that compares the SDK identity an agent claimed
on the wire (the observed signal, attacker-controlled) against the
identity an authenticated channel established (the verified signal,
from the AAASM-3569 IPC handshake) and produces an SdkIdentityVerdict.
§Why this is its own pure module
The trusted enforcement layers must never trust an SDK-supplied identity
at face value — they recompute the verdict from inputs they control
(extends the AAASM-2569 no-trust-marker principle). Centralising that
decision here, with zero I/O and no tokio / aa-proto dependency, keeps
the forged / downgraded logic exhaustively unit-testable without a running
runtime. The module mirrors the leaf placement of scanner
and redaction.
§What a “version” is here
Versions are compared as dot-separated numeric components (a simple
semver-ish ordering) without pulling in a semver crate — the leaf crate
stays dependency-light. Non-numeric / malformed components fail closed:
an unparseable observed version that has a minimum to clear is treated as a
downgrade rather than silently passing.
Structs§
- Observed
SdkIdentity - The SDK identity an agent claimed on the wire.
- Verified
SdkIdentity - The SDK identity an authenticated channel established.
Enums§
- SdkIdentity
Verdict - The server-recomputed verdict on an agent’s presented SDK identity.
Functions§
- classify
- Recompute the SDK-identity verdict from inputs the server controls.