Skip to content

feat: concierge mints SIGNED grants + publishes its keys (issuer side)#6

Merged
bdelanghe merged 4 commits into
mainfrom
claude/concierge-signs-grants
Jun 27, 2026
Merged

feat: concierge mints SIGNED grants + publishes its keys (issuer side)#6
bdelanghe merged 4 commits into
mainfrom
claude/concierge-signs-grants

Conversation

@bdelanghe

Copy link
Copy Markdown
Contributor

What

The concierge mints grants, so it signs them (issuer side of the transit-grant work, prx-79id):

  • resolve now returns a SignedGrant bound to the caller (audience), a short expiry, and a nonce — signed with an Ed25519 grant key generated + persisted on first use ($CONCIERGE_GRANT_KEY).
  • New keys method publishes the issuer's public key set (kid-indexed) for keyless verification (verifyGrantWithKeys) by serving rooms — no shared secret.
  • Un-stubs the Phase-1 null signature (CONCIERGE.md §7 / the transport-split ADR).

Verification

bun test — 11 pass. The key test drives the daemon: resolve mints a grant that verifies against the published keys, and a different audience is rejected (audience-mismatch). guest-room-mirror check passes (bumped to the rev with signGrant/IssuerKeys).

Remaining (next sub-step)

The serving-room verify step in each door daemon (door-net / door-scout / door-keeper): fetch the concierge's keys, verifyGrantWithKeys before honoring a call, then checkCaveats. Plus the guest-room release + mirror-sync into claude-box.

🤖 Generated with Claude Code

Robert DeLanghe and others added 4 commits June 27, 2026 19:42
The concierge mints grants, so it signs them. resolve now returns a
SignedGrant bound to the caller (audience), a short expiry, and a nonce,
signed with an Ed25519 grant key (generated + persisted on first use).
A new `keys` method publishes the issuer's public key set (kid-indexed)
for keyless verification by serving rooms (verifyGrantWithKeys) — no
shared secret. Un-stubs the Phase-1 null signature (CONCIERGE.md §7 /
the transport-split ADR).

Tests: resolve mints a grant that verifies against the published keys,
and a different audience cannot present it. 11 pass.

Remaining: the serving-room verify step in each door daemon + key fetch.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@bdelanghe bdelanghe merged commit 8760187 into main Jun 27, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant