Implement headless mode policy enforcement and runtime permission handling #567
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements headless deployment mode for the MCP server, enabling declarative component provisioning with strict policy enforcement and digest verification. The headless mode blocks runtime permission grants and requires all permissions to be declared in a provisioning manifest upfront.
Key Changes:
- Introduced
DeploymentProfileenum (Interactive/Headless) with policy backends that control runtime permission grants - Implemented SHA-256 digest verification for component integrity checking
- Added comprehensive integration test suite covering policy enforcement, digest verification, and manifest validation
Reviewed Changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/headless_mode_integration_test.rs | Comprehensive integration tests for headless mode provisioning, policy enforcement, digest verification, and manifest validation |
| src/provisioning_controller.rs | Implemented digest verification logic and policy file renaming workflow |
| src/main.rs | Added validation for headless mode requirements and manifest file existence |
| src/lib.rs | Exported modules needed for integration tests |
| src/commands.rs | Added profile CLI argument to serve command |
| src/cli_handlers.rs | Updated default configuration to include profile field |
| crates/wassette/src/policy_internal.rs | Introduced PolicyBackend trait with Interactive/Headless implementations and PolicyError enum |
| crates/wassette/src/lib.rs | Integrated policy backend selection based on deployment profile |
| crates/wassette/src/config.rs | Added DeploymentProfile enum and configuration handling |
| crates/wassette/Cargo.toml | Added clap and thiserror dependencies |
| changelog.d/567.feature.md | Changelog entry for the feature |
| Cargo.toml | Added sha2 dependency |
| Cargo.lock | Updated lock file with new dependencies |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| let final_policy_path = self | ||
| .plugin_dir | ||
| .join(format!("{}.policy.yaml", load_outcome.component_id)); | ||
| std::fs::rename(&policy_path, &final_policy_path).with_context(|| { |
There was a problem hiding this comment.
Synchronous file operations (std::fs::rename) are being used in an async context. This can block the async runtime thread. Consider using tokio::fs::rename instead to avoid blocking the async executor.
| // 2. Compute SHA-256 hash | ||
| // 3. Compare with expected_digest (strip "sha256:" prefix) | ||
| // Read the component bytes | ||
| let component_bytes = std::fs::read(&component_path).with_context(|| { |
There was a problem hiding this comment.
Synchronous file operations (std::fs::read) are being used in an async context. This can block the async runtime thread. Consider using tokio::fs::read instead to avoid blocking the async executor.
Mossaka
force-pushed
the
mossaka/headless-rest
branch
from
8444c4e to
eace8a9
Compare
|
@copilot open a new pull request to apply changes based on the comments in this thread |
…dling Signed-off-by: Jiaxiao Zhou <[email protected]>
Mossaka
force-pushed
the
mossaka/headless-rest
branch
from
eace8a9 to
71e26dd
Compare
Signed-off-by: Jiaxiao Zhou [email protected]