azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
16017456aad16cb5cba9bc852afe3def98c0eaf7
guru-connect/specs/v2-secure-session-core/standards.md
Mike Swanson 81e4b99a34
All checks were successful
Build and Test / Build Agent (Windows) (push) Successful in 7m2s
Details
Build and Test / Build Server (Linux) (push) Successful in 10m41s
Details
Build and Test / Security Audit (push) Successful in 4m17s
Details
Build and Test / Build Summary (push) Successful in 8s
Details
spec: add v2-secure-session-core shape spec 
Phase 1 of SPEC-002 (GuruConnect v2). Keystone-first plan: Tasks 1-4
rebuild the auth/session core that closes the 3 audit CRITICALs by design
(per-agent cak_ keys, plane separation, session-scoped viewer tokens,
blacklist+frame-caps+throttle on the relay WS, single-use rate-limited
support codes, tenancy-ready schema); Tasks 5-7 deliver attended consent,
native full key fidelity (WH_KEYBOARD_LL hook, scan-code injection, SAS
Ctrl+Alt+Del), and HW H.264 with raw+Zstd fallback. plan/shape/references/
standards.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 18:15:37 -07:00

59 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# v2 Secure Session Core — Applicable Standards
The following standards from `.claude/standards/` apply to this feature.
## security/credential-handling
No hardcoded credentials — JWT secret and the integration/agent keys come from env/SOPS only.
Argon2id for passwords (keep). **Per-agent keys and viewer tokens are hashed at rest and short-lived;
log every auth attempt (success and failure).** Directly governs Tasks 24 (the whole point of the phase).
Source: `.claude/standards/security/credential-handling.md`
## api/response-format
RESTful plural nouns, kebab-case multi-word segments (`/viewer-token`), a consistent error envelope
(`{ detail, error_code, status_code }` — and do NOT leak raw `e.to_string()`, the audit's Pass B finding),
pagination where lists grow, **idempotent sqlx migrations**. Governs the new endpoints in Tasks 2/4.
Source: `.claude/standards/api/response-format.md`
## gururmm/sqlx-migrations
Never manually pre-apply migrations; use `CREATE TABLE IF NOT EXISTS` / `ADD COLUMN IF NOT EXISTS`; let
the server apply its own migrations on startup and record them in `_sqlx_migrations`. Governs Task 1
(the v2 schema). (GC is PostgreSQL like RMM, so RMM's checksum/INET lessons transfer.)
Source: `.claude/standards/gururmm/sqlx-migrations.md`
## gururmm/platform-parity
Agent features must not silently no-op on a platform — a no-op without a `// TODO(platform): <os>` stub is
a bug. GC's agent is Windows-first, so this mostly governs the **raw+Zstd codec fallback** (Task 7 — the
Win7/no-HW path must work, not silently produce nothing) and any server code that branches on OS.
Source: `.claude/standards/gururmm/platform-parity.md`
## conventions/naming
Rust `snake_case` functions/vars, `PascalCase` types; **protobuf `PascalCase` messages / `snake_case`
fields**; database `snake_case` tables/columns. Governs the new proto messages (Task 5/7), the
`connect_agent_keys` schema (Task 1), and all new Rust.
Source: `.claude/standards/conventions/naming.md`
## conventions/no-emojis
Never use emojis in code, comments, logs, commit messages, or output — ASCII markers only
(`[OK]`/`[ERROR]`/`[WARNING]`/`[INFO]`). Applies to everything written this phase.
Source: `.claude/standards/conventions/no-emojis.md`
## git/commit-style
Conventional commit types (`feat:`/`fix:`/`docs:`/`refactor:`), `Co-Authored-By` trailer on Claude
commits, never commit secrets or build artifacts. Governs Task 0 and every task commit. (Conventional
commits also drive GC's auto-versioning per SPEC-001 §3.)
Source: `.claude/standards/git/commit-style.md`
Reference in New Issue View Git Blame Copy Permalink