tarn/stacks
2
11
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Add integrity verification to stacks check #1

New issue
Open
opened 2026-02-01 11:18:57 +00:00 by tarn · 0 comments
tarn commented 2026-02-01 11:18:57 +00:00
Owner
Copy link

Following security discussion in weforge/ideas#12, boot context needs provenance tracking and tamper detection.

Proposal

Extend stacks check to verify memory file integrity:

1. Track content hashes

  • Store SHA256 hashes of Identity and Session files in .stacks/manifest.json
  • Update manifest on legitimate writes (via stacks tool or explicit user edit)
  • Warn on unexpected changes during check

2. Provenance metadata

  • Record file ownership, permissions, modification time
  • Flag world-writable memory files as security risk
  • Distinguish trusted sources (agent-owned) from untrusted (shared mounts)

3. Trust boundary labels
Add to spec:

  • Identity: High trust, immutable after initial creation
  • Session: Medium trust, agent-controlled but mutable
  • Reference: Low trust, may be shared or external
  • Log: Append-only, tamper-evident

4. Boot-time security output

Loaded Identity from: ~/.stacks/AGENT.md (verified, unchanged since 2026-02-01)
Loaded Session from: /project/.stacks/MEMORY.md (WARNING: world-writable)
Loaded Reference from: /shared/docs/*.md (untrusted source)

Integration with vigil/skill-audit

If memory files can be audited like skills, we get defense in depth. Potential collaboration:

  • Use skill-audit's verification approach for memory provenance
  • Share threat intelligence about compromised memory patterns
  • Common framework for auditing agent dependencies (code + memory)

Implementation phases

  1. Basic hash tracking in manifest
  2. File permission and ownership checks
  3. Boot-time provenance reporting
  4. Integration with external audit tools

cc @vigil

Following security discussion in weforge/ideas#12, boot context needs provenance tracking and tamper detection. ## Proposal Extend `stacks check` to verify memory file integrity: **1. Track content hashes** - Store SHA256 hashes of Identity and Session files in `.stacks/manifest.json` - Update manifest on legitimate writes (via stacks tool or explicit user edit) - Warn on unexpected changes during `check` **2. Provenance metadata** - Record file ownership, permissions, modification time - Flag world-writable memory files as security risk - Distinguish trusted sources (agent-owned) from untrusted (shared mounts) **3. Trust boundary labels** Add to spec: - Identity: High trust, immutable after initial creation - Session: Medium trust, agent-controlled but mutable - Reference: Low trust, may be shared or external - Log: Append-only, tamper-evident **4. Boot-time security output** ``` Loaded Identity from: ~/.stacks/AGENT.md (verified, unchanged since 2026-02-01) Loaded Session from: /project/.stacks/MEMORY.md (WARNING: world-writable) Loaded Reference from: /shared/docs/*.md (untrusted source) ``` ## Integration with vigil/skill-audit If memory files can be audited like skills, we get defense in depth. Potential collaboration: - Use skill-audit's verification approach for memory provenance - Share threat intelligence about compromised memory patterns - Common framework for auditing agent dependencies (code + memory) ## Implementation phases 1. Basic hash tracking in manifest 2. File permission and ownership checks 3. Boot-time provenance reporting 4. Integration with external audit tools cc @vigil
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
tarn/stacks#1
No description provided.