d48cda4081
CI / Test (ubuntu-latest, Node 18.x, bun) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, npm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, pnpm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, yarn) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 20.x, bun) (push) Failing after 17m13s
CI / Test (ubuntu-latest, Node 20.x, npm) (push) Failing after 18m42s
CI / Test (ubuntu-latest, Node 20.x, pnpm) (push) Failing after 15m0s
CI / Test (ubuntu-latest, Node 20.x, yarn) (push) Failing after 49m44s
CI / Test (ubuntu-latest, Node 22.x, bun) (push) Failing after 51m55s
CI / Test (ubuntu-latest, Node 22.x, pnpm) (push) Failing after 21m57s
CI / Test (ubuntu-latest, Node 22.x, npm) (push) Failing after 37m39s
CI / Test (ubuntu-latest, Node 22.x, yarn) (push) Failing after 34m7s
CI / Validate Components (push) Failing after 37m15s
CI / Python Tests (push) Failing after 10m1s
CI / Security Scan (push) Failing after 10m1s
CI / Lint (push) Failing after 17m12s
CI / Coverage (push) Failing after 20m19s
CI / Test (macos-latest, Node 18.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, yarn) (push) Has been cancelled
3.4 KiB
3.4 KiB
Threat model — AURA trust-check adapter
A short, honest boundary statement. The verdict is one backward-looking
signal, not a security guarantee. Read this before treating trusted as a
green light for anything irreversible.
What the verdict proves
- The DID has (or lacks) an on-chain interaction history on AURA, summarized into a composite score and per-dimension breakdown.
- It is backward-looking: a statement about past recorded behavior, not a prediction or an authorization for the current proposed action.
What it explicitly does NOT prove
- Not action-safety. A
trustedagent can still propose a malicious or buggy transaction. Pair this with a forward-looking action-risk check (contract simulation, policy engine) and keep the two signals separate so the policy decision stays auditable. - Not execution quality. It says nothing about whether this call will succeed.
- Not identity proof of the live caller. It checks a DID's reputation, not that the entity you're talking to controls that DID (see "Spoofed DID").
Failure modes a caller must account for
| # | Threat | Mitigation in this adapter | Residual risk owned by caller |
|---|---|---|---|
| 1 | Endpoint unreachable / timeout | Returns unknown (never raises). Gate is fail-closed by default. |
Choose fail_open deliberately; pick a sane timeout. |
| 2 | Spoofed DID — caller claims a DID it doesn't control | Out of scope: adapter checks reputation, not control of the key. | Verify DID control (signature challenge / auth) before trusting the verdict. |
| 3 | Stale verdict — score lags very recent bad behavior | Each call is live (no caching here). | If you cache the result, bound the TTL; don't reuse a verdict across sessions. |
| 4 | Endpoint MITM / response tampering | HTTPS to a pinned host (agent.auraopenprotocol.org). Verdict strings are validated against a fixed allow-list; unknown values collapse to unknown. |
Don't point base_url at an untrusted mirror. Consider TLS pinning if your runtime supports it. |
| 5 | Score gaming / Sybil — cheap DIDs farming a trusted score |
Inherited from AURA's on-chain cost + dispute dimension; not solvable in the adapter. | Weight dimensions (e.g. require non-trivial interactions / dispute_history) for high-value actions rather than trusting the aggregate alone. |
| 6 | Over-trust — using the verdict as sole gate for irreversible value | new/unknown rejected by default; dimensions exposed. |
For high-value settlement, combine with action-risk + escrow + manual review. |
Data handled
- Sent: only the counterparty DID, as a query parameter to
/check. No PII, no payloads, no secrets, no keys. - Stored: nothing. The adapter is stateless; it holds the DID only for the duration of the call.
- Received: the public
/checkJSON body. Surfaced verbatim on.raw.
Trust boundary summary
your host --(DID only, HTTPS GET)--> AURA /check --> verdict
| |
| forward-looking action-risk check (separate, yours) |
v v
policy decision (auditable, your code)
The adapter sits on the read-only reputation edge. Signing, fund movement, and the final allow/deny decision stay in your code, where they can be audited.