@rohanprabhuchecks…feat/single-switch-bundle-signature-mandate → master4 files · +211 −115updated 1w agoSimplifies how bundle signing is mandated down to one switch: MODULE_BUNDLE_REQUIRE_SIGNATURE.
MODULE_BUNDLE_REQUIRE_SIGNATURE | Behaviour |
|---|---|
false (default) | Verification skipped entirely — bundles load as-is. |
true | Verification mandatory — a bundle loads only if it carries a signature that verifies against the public key. Missing signature, invalid signature, or unconfigured public key → rejected. |
DISABLE_BUNDLE_SIGNATURE_VERIFICATION env var + config field_verification_enabled state machineMODULE_BUNDLE_REQUIRE_SIGNATURE is now the only thing that turns verification on or off.
MODULE_BUNDLE_VERIFICATION_PUBLIC_KEY_BASE64 is kept — it's the cryptographic material used to verify, not a behaviour toggle, and verification is impossible without it. It's only consulted when the switch is on. (If you actually want the key embedded as a constant rather than configurable, that's a separate change — say the word.)
error level with all available bundle context — module_prefix (toolkit/tool, e.g. apps.slack), target, layout_version, entrypoint, entrypoint_type, payload_size_bytes, and (when present) key_id / algorithm — to make rejections easy to trace. Raw signature bytes are deliberately excluded (high cardinality).require_signature overrides disable_flag test.pytest tests/test_bundling/test_signing.py → 20 passed. ruff + mypy clean.🤖 Generated with Claude Code
✨ Fix all issues with Cursor
🛠️ 1 Code quality issue detected
🛡️ No new code vulnerabilities
📚 No new vulnerable libraries detected
🔑 No new secrets detected