Skip to content

[codex] rework stale docs PR follow-ups#190

Merged
jeremi merged 8 commits into
mainfrom
codex/doc-pr-rework-20260704
Jul 4, 2026
Merged

[codex] rework stale docs PR follow-ups#190
jeremi merged 8 commits into
mainfrom
codex/doc-pr-rework-20260704

Conversation

@jeremi

@jeremi jeremi commented Jul 4, 2026

Copy link
Copy Markdown
Member

Summary

  • Reworks the relevant pieces from the stale docs PRs into the current docs structure, including Relay/Notary trust boundaries, disclosure-mode downgrade semantics, public route notes, and threat-model caveats.
  • Reworks [codex] Secure notary holder binding defaults #175 by making Notary credential issuance default to holder binding when the credential profile is absent, while keeping explicit unbound credentials opt-in and visible through doctor warnings.
  • Reworks chore(deps): bump the npm-minor-patch group across 1 directory with 6 updates #182 by updating the docs-site dependency set that passes local gates, while keeping astro pinned to 7.0.2 because 7.0.5 reproduced a static-route regression for /accessibility.md/.
  • Carries the local CONTRIBUTING.md correction so the cargo-deny gate description matches the root CI behavior.

Security notes

  • No new Notary or Relay endpoint, auth route, scope path, nonce/replay path, admin mutation, audit sink, signing-key path, or config-trust verifier was added.
  • The credential-profile default is narrower than the prior absent-profile behavior: absent holder_binding now emits the secure did + did:jwk binding profile, while explicit mode: none remains available for intentional unbound credentials.
  • Disclosure/redaction edits are documentation-only. Predicate handling and redacted-claim opacity remain enforced by existing runtime tests.

Validation

  • cargo fmt --check
  • cargo test --locked -p registry-notary-core holder_binding
  • cargo test --locked -p registry-notary --test doctor_cli doctor_json_warns_on_explicit_unbound_credential_profile
  • cargo test --locked -p registry-notary-server issued_sd_jwt_disclosure_uses_view_claim_redacted_object_value
  • cd docs/site && npm run generate
  • cd docs/site && npm test
  • cd docs/site && npm run check:content
  • cd docs/site && npm run check:markdown
  • cd docs/site && npm run check:style (passed with existing generated-doc warnings only)
  • cd docs/site && npm run build
  • cd docs/site && npm run check
  • git diff --check
  • cd docs/site && npm ls @astrojs/starlight astro starlight-openapi @redocly/cli markdownlint-cli2 starlight-llms-txt @astrojs/markdown-remark --depth=0

jeremi added 4 commits July 4, 2026 14:22
The root rust job runs the full cargo deny check (advisories gated via
scoped deny.toml ignores), and the current release manifest is beta-9.
CONTRIBUTING still described the pre-ignore posture and validated beta-6.

Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
@jeremi jeremi marked this pull request as ready for review July 4, 2026 08:06
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e3ac4e0fa3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/registry-notary-core/src/config.rs
Comment thread crates/registry-notary-core/src/config.rs
Comment thread docs/site/src/content/docs/explanation/known-limitations.mdx Outdated
Comment thread crates/registry-notary-core/src/config.rs
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 476808d7c9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread crates/registry-notary-core/src/config.rs
Comment thread docs/site/src/content/docs/explanation/threat-model.mdx Outdated
Comment thread docs/site/src/content/docs/explanation/records-stay-home.mdx Outdated
jeremi added 2 commits July 4, 2026 15:45
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
@jeremi jeremi merged commit ebe613a into main Jul 4, 2026
10 checks passed
@jeremi jeremi deleted the codex/doc-pr-rework-20260704 branch July 4, 2026 08:59

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ba40a1f6cf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +147 to +150
holder cannot present an undisclosed field. Holder binding defaults to `did:jwk` for
credential profiles; where a profile keeps binding enabled, and on the self-attestation
issuance path, which requires it, the holder is bound by a fresh audience-bound
proof-of-possession. An operator can explicitly configure `holder_binding.mode: none` for

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Scope holder proof to profiles that require it

Fresh evidence in this diff is that this threat-model paragraph still applies the fresh proof-of-possession guarantee to any profile that keeps holder binding enabled. For direct /v1/credentials issuance with the new default profile, HolderBindingConfig::default() leaves proof_of_possession as None, and validate_holder_request only validates holder.proof when the profile sets proof_of_possession: required, so default did:jwk profiles require a holder DID but do not verify a fresh audience-bound proof. Please limit this claim to self-attestation or profiles that explicitly require proof of possession.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant