Skip to content

Lpcox/add difc #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lpcox merged 2 commits into from
Jan 1, 2026
Merged

Lpcox/add difc #4

lpcox merged 2 commits into from
Jan 1, 2026

Conversation

@lpcox
Copy link
Collaborator

@lpcox lpcox commented Jan 1, 2026

Added preliminary scaffolding for DIFC support.

lpcox added 2 commits December 30, 2025 16:11
@lpcox
feat: Add DIFC (Decentralized Information Flow Control) integration
edc5abc 
Implements Phase 1 (Foundation) and Phase 2 (Integration) of DIFC support:

Phase 1 - Foundation:
- Add DIFC label system with secrecy and integrity labels
- Implement label flow semantics (secrecy subset, integrity superset)
- Create evaluator for policy enforcement with detailed violation messages
- Build agent registry for tracking per-agent labels
- Add capabilities registry for global tag management
- Create guard framework with interface and noop implementation
- Implement guard registry with automatic noop fallback

Phase 2 - Integration:
- Integrate DIFC into UnifiedServer with 6-phase request flow
- Add guard registration for all backend servers
- Implement guardBackendCaller for metadata queries
- Add agent ID extraction from Authorization headers
- Implement label accumulation from read operations (taint tracking)
- Add fine-grained collection filtering support

Features:
- ✅ NoopGuard ensures 100% backward compatibility
- ✅ Comprehensive logging at each DIFC phase
- ✅ Detailed violation errors with remediation guidance
- ✅ Collection filtering for fine-grained access control
- ✅ Label accumulation for taint tracking
- ✅ 24 passing unit tests with full coverage

Testing:
- Complete test suite for DIFC label operations
- Evaluator tests for read/write access control
- Agent registry tests with label accumulation
- Guard system tests including registry and context helpers
- Collection filtering tests

All tests passing. Ready for Phase 3 (custom guard implementations).
@lpcox
Updated documentation
a4304f6
@lpcox lpcox merged commit 79278e4 into main Jan 1, 2026
lpcox added a commit that referenced this pull request Jan 8, 2026
@lpcox
Merge pull request #4 from githubnext/lpcox/add-difc
c6a7e9a 
Lpcox/add difc
Copilot AI mentioned this pull request Jan 10, 2026
Closed
This was referenced Jan 19, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lpcox @Claude @Codex