Skip to main content

Module execution_nonce

chio_kernel

Module execution_nonce 

Source
Expand description

Phase 1.1: Execution Nonces (TOCTOU fix).

An ExecutionNonce is a short-lived, single-use token that the kernel attaches to every Verdict::Allow response. Tool servers MUST present the nonce before executing; the kernel rejects stale (>nonce_ttl_secs, default 30s) or replayed nonces. This closes the time-of-check / time-of-use window between evaluate() and tool-server execution that DPoP alone cannot close.

§Design

  • The nonce body is an opaque nonce_id plus a NonceBinding that binds the nonce to the exact (subject, capability, server, tool, parameter_hash) tuple. Substituting a nonce between unrelated tool calls therefore fails the binding check.
  • The kernel signs the full body (nonce id + binding + expires_at) with its receipt-signing key, so downstream tool servers can cryptographically verify authenticity without a round trip.
  • Replay is prevented by an ExecutionNonceStore: the first reserve(nonce_id) returns true and consumes the nonce; any subsequent reservation returns false and the verify path rejects.

§Backward compatibility

The whole feature is opt-in. When ExecutionNonceConfig::require_nonce is false (the default), no nonce is minted and the verify path is a no-op. Existing non-nonce deployments keep working; new tool servers opt in by flipping require_nonce on the kernel’s config.

Structs§

ExecutionNonce
The signable body of an execution nonce.
ExecutionNonceConfig
Configuration for execution nonce issuance and verification.
InMemoryExecutionNonceStore
In-memory LRU-backed execution nonce store.
NonceBinding
Fields that tie a nonce to one specific tool invocation.
SignedExecutionNonce
A kernel-signed execution nonce ready for transmission on an allow verdict.

Enums§

ExecutionNonceError
All the reasons an execution nonce can fail verification.

Constants§

DEFAULT_EXECUTION_NONCE_STORE_CAPACITY
Default capacity for the in-memory replay-prevention LRU cache.
DEFAULT_EXECUTION_NONCE_TTL_SECS
Default TTL for a freshly minted execution nonce.
EXECUTION_NONCE_SCHEMA
Schema identifier for Chio execution nonces.

Traits§

ExecutionNonceStore
Persistence boundary for replay-prevention of execution nonces.

Functions§

is_supported_execution_nonce_schema
mint_execution_nonce
Mint a fresh signed execution nonce.
verify_execution_nonce
Verify a signed execution nonce against the expected binding.