Security Hardening v4.3.3

This page documents every security fix applied in v4.3.3, derived from the internal technical audit. Each fix references the System Invariant it enforces.

Critical Fixes (P0)

CORTEX — Ed25519 key encrypted at rest

Before: The CORTEX ledger signing key was stored as a plaintext PEM file (NoEncryption()).

After: The key is stored with BestAvailableEncryption(password) using CORTEX_SIGNING_KEY_PASSWORD. In CORTEX_ENV=production, absence of the password raises RuntimeError at startup.

# ledger.py
encryption = (
    serialization.BestAvailableEncryption(password)
    if password
    else serialization.NoEncryption()
)

File permissions: chmod 0600.

SI-003: No plaintext keys in memory.

CORTEX gRPC bridge — token authentication

Before: octagon_server.py bound to unix:/tmp/abs-octagon.sock with no authentication. Any local process could call CognitionService.AnalyzeIntent().

After: TokenAuthInterceptor validates x-auth-token gRPC metadata against OCTAGON_GRPC_TOKEN. Constant-time comparison. Socket permissions: chmod 0600. Hard fail in CORTEX_ENV=production if token not set.

CORTEX MCP — authentication on all tools

Before: No authentication on any MCP tool call.

After: _require_auth() validates _api_key argument against CORTEX_API_KEY on every tool call before any processing. _api_key field declared in all 6 tool schemas.

CHI vaccination — Fail-Closed (SI-004)

Before: If CHI vaccination failed (network error, timeout), CORTEX logged a warning and continued with unvaccinated text.

After: Any CHI failure:

1. Writes a CHI_VACCINATION_FAILURE ledger entry with action=DENY
2. Raises CHIVaccinationError
3. Memorization is blocked — no text enters memory without vaccination

Applies to both memorize_simple() and inbox ingestion via sensory.py.

SI-004: Any state ambiguity results in total execution denial.

OID — FileSystemKeyProvider key encryption

Before: FileSystemKeyProvider.storeKeys() wrote private key PEM without encryption.

After: When ABS_KEY_PASSWORD is set, key is stored with cipher: 'aes-256-cbc'. loadKeys() passes the passphrase to createPrivateKey(). Hard fail in ABS_ENV=production without password.

High Priority Fixes (P1)

CORTEX gRPC stub — real risk analysis (Gate 07)

Before: CognitionService.AnalyzeIntent() returned hardcoded risk_level="low" and recommended_action="ALLOW" for all inputs.

After: Loads mythos-patterns.yaml (42 patterns) via MythosScorer. Phase 1: kill-switch patterns → immediate DENY. Phase 2: scoring pass → ALLOW / ESCALATE. Falls back to keyword-based scoring if YAML unavailable.

See: Mythos Adversarial Pattern Database.

CORTEX gRPC stub — real PII vaccination (Gate 02)

Before: CognitionService.Vaccinate() used text.replace("CPF", "[REDACTED]") — a string substitution that misses formatted CPFs, email addresses, CNPJ, phone numbers, and credit cards.

After: 5 compiled regex patterns covering CPF, CNPJ, email, phone (BR variants), and payment card numbers (Visa, Mastercard, Amex).

QUORUM auth middleware — production hard fail

Before: When API_TOKEN was not configured, QUORUM logged a warning and allowed all requests.

After: In QUORUM_ENV=production, missing token returns HTTP 503 (Service misconfigured). Token comparison uses timingSafeEqual().

LEDGER auth middleware — constant-time comparison

Before: key !== c.env.LEDGER_API_KEY — standard string equality, susceptible to timing attacks.

After: timingSafeEqual() with char-by-char XOR. Hard fail in production when token not set.

IPC-HMAC — inter-pillar authentication

New implementation. All HTTP calls between pillars now carry HMAC-SHA256 signatures with replay protection.

See: IPC-HMAC Protocol.

CORTEX inbox ingestion — gate enforcement

Before: sensory.py ingested files from data/inbox/ by calling memorize() directly without CHI vaccination.

After: Text files pass through CHI vaccination before ingestion. Vaccination failure writes a SENSORY_REJECTED ledger entry and blocks ingestion (SI-004).

Medium Priority Fixes (P2)

CHI vaccines — complete PII coverage

Before: PIIVaccine covered CPF and email only.

After: 7 patterns: CPF, CNPJ, email, BR phone, credit/debit card, RG, IPv4. VaccineEngine applies multiple vaccines in sequence. apply_with_report() returns redacted types for audit logging.

CORTEX method collision resolved

Before: CortexService.memorize(text, user_id) overrode MemorizeMixin.memorize(resource_url, modality, user). The full 7-step memorization pipeline was inaccessible.

After: Renamed to memorize_simple(text, user_id). Full pipeline accessible via memorize(resource_url, modality, user).

CORTEX retrieve() return type fixed

Before: retrieve() returned list[dict] but callers (mcp_server, intuition) expected a dict with a context key — causing silent failures or TypeError.

After: retrieve_context(query_text, top_k) wraps retrieve() and returns a formatted string. All callers updated.

Test Coverage Added

Total: 51 new tests. All pass.