Skip to content

[codex] Enforce NIP-OA authorization bounds (BUZZ-SEC-002)#1984

Open
jmecom wants to merge 1 commit into
mainfrom
codex/fix-buzz-sec-002
Open

[codex] Enforce NIP-OA authorization bounds (BUZZ-SEC-002)#1984
jmecom wants to merge 1 commit into
mainfrom
codex/fix-buzz-sec-002

Conversation

@jmecom

@jmecom jmecom commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

What changed

The relay now evaluates signed NIP-OA created_at< and created_at> conditions against the signed authentication event on every membership-gated transport. WebSocket auth, HTTP bridge requests, huddles, Git, invites, operator calls, and media reads/uploads all carry the authenticated timestamp into the same verifier.

The ACP harness now treats owner-only literally. It accepts the configured owner pubkey and no longer infers sibling authority from another agent's profile metadata. Explicit allowlists still support intentional multi-actor access.

Why

Buzz previously verified that an owner signed the NIP-OA condition string but did not evaluate its time bounds. Anyone holding an old delegated agent key and credential could therefore reconnect indefinitely while the owner remained a member. Profile-based sibling discovery also let stale or unrelated delegations trigger owner-only agents.

Valid unbounded credentials and credentials whose signed authentication timestamp is inside the requested window continue to work. Direct relay members are unchanged.

Testing

  • cargo fmt --all --check
  • cargo test -p buzz-sdk nip_oa
  • cargo test -p buzz-relay nip_oa_time_conditions
  • cargo test -p buzz-acp author_gate_tests

@jmecom
jmecom force-pushed the codex/fix-buzz-sec-002 branch from f5cfba9 to 53477f0 Compare July 16, 2026 18:50
@jmecom
jmecom force-pushed the codex/fix-buzz-sec-002 branch from 53477f0 to 3084a74 Compare July 16, 2026 20:11
@jmecom
jmecom marked this pull request as ready for review July 16, 2026 20:26
@jmecom
jmecom requested a review from a team as a code owner July 16, 2026 20:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant