-
Notifications
You must be signed in to change notification settings - Fork 93
migration signed feed
github-actions[bot] edited this page Feb 26, 2026
·
2 revisions
Document how ClawSec advisory distribution moved from unsigned feed.json delivery to detached-signature verification, with compatibility preserved for legacy clients.
Current status on main:
- Signed feed publishing is active in advisory workflows and deploy workflow.
- Suite and NanoClaw consumers default to signed feed endpoints.
- Unsigned behavior exists only as explicit compatibility bypass (
CLAWSEC_ALLOW_UNSIGNED_FEED=1).
Current feed paths in active use:
- Source of truth:
advisories/feed.json - Source signature:
advisories/feed.json.sig - Skill copy:
skills/clawsec-feed/advisories/feed.json - Skill copy signature:
skills/clawsec-feed/advisories/feed.json.sig - Pages copy:
public/advisories/feed.json - Pages signature:
public/advisories/feed.json.sig - Latest mirror copy:
public/releases/latest/download/advisories/feed.json(+.sig)
Current consumer defaults:
skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.tsskills/clawsec-suite/scripts/guarded_skill_install.mjsskills/clawsec-nanoclaw/lib/advisories.ts- default URL:
https://clawsec.prompt.security/advisories/feed.json
- Dual-publish first: publish signatures before enforcing verification.
- Fail-open only during transition: temporary compatibility period is explicit and time-bounded.
- Measured rollout: enforce verification after telemetry confirms stable signed publishing.
- Fast rollback: preserve a path back to unsigned behavior while root cause is investigated.
Deliverables:
- signing keys generated and fingerprints recorded
- GitHub secrets created
- public key(s) added in repo
- runbooks approved (
security-signing-runbook.md, this file)
Exit criteria:
- key fingerprints verified by reviewer
- protected branch/workflow controls enabled
Implement:
- add feed signing step/workflow to produce
advisories/feed.json.sig - optionally produce
advisories/checksums.json+.sig - ensure CI verifies signatures before publishing artifacts
Also update deployment:
- copy
.sigartifacts topublic/advisories/ - mirror
.siginpublic/releases/latest/download/advisories/
Exit criteria:
- signatures generated successfully for all feed update paths
- deploy artifacts contain both payload and signature companions
Implement in consumers:
- read
feed.jsonandfeed.json.sig - verify with pinned public key
- keep controlled temporary unsigned fallback during migration window
Validation:
- test remote signed path
- test local signed fallback path
- test invalid signature rejection
Exit criteria:
- verification logic released and tested
- no false-positive verification failures in soak period
Actions:
- disable temporary unsigned fallback behavior in default paths
- add CI/publish gates that fail when
.sigis missing - announce enforcement date in release notes and docs
Exit criteria:
- all production clients verify signatures by default
- no unsigned feed dependency in standard installation flow
Actions:
- run first key rotation tabletop drill
- run rollback tabletop drill
- close migration with post-implementation review
Initiate rollback if any of the following occur:
- sustained signature verification failures across clients
- signing workflow cannot produce valid signatures
- key compromise suspected but replacement key is not yet deployed
- deployment path publishes mismatched payload/signature pairs
Use when: signing is healthy, client-side verifier has a defect.
Actions:
- Re-enable temporary unsigned-acceptance behavior in client release branch.
- Ship patch release with explicit expiry date for bypass.
- Keep signing pipeline active to avoid authenticity gap.
Recovery target: restore strict verification within 24–48h.
Use when: signing pipeline is unstable or producing inconsistent artifacts.
Actions:
- Disable signing workflow or signing step.
- Continue publishing unsigned
advisories/feed.jsonvia existing workflows. - Revert deploy gates that require
.sigartifacts. - Open incident record and track time in unsigned mode.
Recovery target: restore signed publishing ASAP, ideally <72h.
Use when: compromise or integrity of repository/workflows is in doubt.
Actions:
- Pause feed mutation and deployment workflows.
- Restore known-good commit for advisory files/workflows.
- Rotate keys and credentials.
- Resume pipeline only after security review sign-off.
- identify root cause
- add regression tests/gates
- redeploy signed artifacts
- publish incident + remediation summary
For enforcement and rollback events, communicate:
- what changed
- expected operator/client action
- duration of temporary compatibility mode (if any)
- verification commands for users
Recommended channels:
- GitHub release notes
- repository README/docs updates
- issue/incident report in repository
Go only if all are true:
- signing workflow success rate is stable
- signatures are mirrored to all documented feed endpoints
- consumer verification path tested for remote + local fallback
- rollback owner is assigned and reachable
- key rotation procedure has been dry-run at least once
- .github/workflows/poll-nvd-cves.yml
- .github/workflows/community-advisory.yml
- .github/workflows/deploy-pages.yml
- skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts
- skills/clawsec-suite/scripts/guarded_skill_install.mjs
- advisories/feed.json
- wiki/security-signing-runbook.md