Skip to content

fix(storage): require HTTPS by default (TIN-2854)#550

Merged
Jesssullivan merged 1 commit into
mainfrom
codex/tls-transport-default-20260714
Jul 14, 2026
Merged

fix(storage): require HTTPS by default (TIN-2854)#550
Jesssullivan merged 1 commit into
mainfrom
codex/tls-transport-default-20260714

Conversation

@Jesssullivan

Copy link
Copy Markdown
Owner

Outcome

  • Requires HTTPS by default in core, daemon, CLI, and direct FileProvider storage construction.
  • Rejects HTTPS-to-HTTP redirect downgrades unless an explicit development-only compatibility flag is enabled.
  • Carries an explicit strict boolean through generated FileProvider JSON so ambient environment cannot weaken a strict config.
  • Rejects insecure iOS bootstrap and invite endpoints before credentials are saved.
  • Makes QR generation fail closed, secret-safe, and permission-bounded; the regression harness runs from an empty environment.

Validation

  • Rust format and diff checks
  • Core, storage, FileProvider, CLI, daemon-config, and non-live E2E parser tests
  • FileProvider tests with UniFFI enabled
  • Changed-package Clippy with warnings denied
  • FileProvider provisioning and iOS bootstrap shell regressions
  • Independent adversarial review: P0 none, P1 none

Claim boundary

This is source-only transport hardening. It does not provision a fleet TLS endpoint, deploy to Neo or Honey, or prove a live migration canary. Direct FileProvider private-CA propagation and secure signed enrollment remain separate follow-ups. The active credential-incident freeze remains in force.

Linear: TIN-2854

@Jesssullivan
Jesssullivan merged commit 5b3f30c into main Jul 14, 2026
13 checks passed
@Jesssullivan
Jesssullivan deleted the codex/tls-transport-default-20260714 branch July 14, 2026 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant