kairos-chain 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/kairos_mcp/version.rb +1 -1
- data/templates/skillsets/mmp/tools/meeting_connect.rb +2 -1
- data/templates/skillsets/service_grant/lib/service_grant/access_checker.rb +1 -1
- data/templates/skillsets/service_grant/lib/service_grant/access_gate.rb +1 -0
- data/templates/skillsets/service_grant/lib/service_grant/grant_manager.rb +9 -5
- data/templates/skillsets/service_grant/lib/service_grant.rb +3 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e54f4f7441bfe3317429a9e4108553e38b0cfa385eddb31073c992b031b7b1d3
|
|
4
|
+
data.tar.gz: 02f49343b4d7093e1a21e7d1744c1baee811e2e4b0d41de9ace45f3fe7d85b6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc5d36893a14b35805e16660194e3e41baa3d7ca81cee43673c7bff099121eb6ac06f1a291636a95c4ae324fc7f8e0cfebf8fd30a0f7bbf4df89ecbe5c63ce58
|
|
7
|
+
data.tar.gz: d732c15570847c314b2a6c55689007f5bb9fbc1318ff1bd075016da999e8bcf45812834dd9e17a3df42cd53ee8c7fa645cd2b55577785eff1ebfe74b172a74b2
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,32 @@ All notable changes to the `kairos-chain` gem will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
This project follows [Semantic Versioning](https://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [3.1.0] - 2026-03-22
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
- **Docker Production Deployment**: Complete Docker setup for Meeting Place server on EC2
|
|
12
|
+
- `docker-compose.prod.yml` with Caddy TLS reverse proxy (`meeting.kairoschain.io`)
|
|
13
|
+
- Network isolation: `frontend` (Caddy + app) / `backend` (app + PG)
|
|
14
|
+
- Security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
|
|
15
|
+
- EC2 setup script (Amazon Linux 2023, Docker Compose via dnf)
|
|
16
|
+
- Service Grant DB migrations in entrypoint
|
|
17
|
+
- Volume upgrade: automatic SkillSet backfill from template on existing volumes
|
|
18
|
+
- **Configurable Grant Creation Cooldown** (`grant_creation_cooldown`): Config option in `service_grant.yml` (default: 300s, set to 0 to disable). Future: trust-based cooldown where `cooldown = base * (1.0 - trust_score)`
|
|
19
|
+
|
|
20
|
+
### Fixed
|
|
21
|
+
|
|
22
|
+
- **AccessGate owner bypass**: Admin/owner tokens (from `--init-admin`) were blocked by Service Grant with "pubkey_hash missing from auth context". Owner role now bypasses Service Grant checks — admin tokens are system management, not service consumers
|
|
23
|
+
- **GrantManager record_with_retry kwargs**: `record_grant_event` passed bare kwargs to `record_with_retry(event, attempt:)`, leaving the positional `event` parameter empty → `ArgumentError`. Fixed with explicit `{}` braces. Caused 500 errors on Place API endpoints
|
|
24
|
+
- **meeting_connect session_token**: `connect_relay` saved the MMP introduce handshake token (`/meeting/v1/introduce`) instead of the Place register token (`/place/v1/register`). The MMP token lacks `pubkey_hash` in the session store, causing all Place API write operations (deposit, acquire) to fail with 403 "Cannot resolve identity"
|
|
25
|
+
|
|
26
|
+
### Review
|
|
27
|
+
|
|
28
|
+
- Docker deployment: 2 rounds × 3 LLMs (Claude Agent Team, Cursor Composer-2, Cursor GPT-5.4), converged at Round 2
|
|
29
|
+
- Service Grant bugfixes: 1 round × 3 LLMs, 3/3 APPROVE
|
|
30
|
+
|
|
31
|
+
---
|
|
32
|
+
|
|
7
33
|
## [3.0.0] - 2026-03-21
|
|
8
34
|
|
|
9
35
|
### Added
|
|
@@ -476,6 +502,7 @@ This project follows [Semantic Versioning](https://semver.org/).
|
|
|
476
502
|
- Skill promotion with Persona Assembly
|
|
477
503
|
- Tool guide and metadata system
|
|
478
504
|
|
|
505
|
+
[3.1.0]: https://github.com/masaomi/KairosChain_2026/compare/v3.0.0...v3.1.0
|
|
479
506
|
[3.0.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.10.1...v3.0.0
|
|
480
507
|
[2.10.1]: https://github.com/masaomi/KairosChain_2026/compare/v2.10.0...v2.10.1
|
|
481
508
|
[2.10.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.9.0...v2.10.0
|
data/lib/kairos_mcp/version.rb
CHANGED
|
@@ -155,7 +155,8 @@ module KairosMcp
|
|
|
155
155
|
result = {
|
|
156
156
|
status: 'connected', mode: 'relay', url: url, relay_mode: true,
|
|
157
157
|
identity_verified: verified,
|
|
158
|
-
session_token:
|
|
158
|
+
session_token: session_token,
|
|
159
|
+
meeting_session_token: meeting_session_token,
|
|
159
160
|
meeting_place: { url: url, name: place_info['name'] || place_info[:name] || 'Meeting Place' },
|
|
160
161
|
self_agent_id: agent_id,
|
|
161
162
|
your_skills: skill_counts,
|
|
@@ -43,7 +43,7 @@ module ServiceGrant
|
|
|
43
43
|
if @grant_manager.in_cooldown?(grant) && write_action?(service, action)
|
|
44
44
|
raise AccessDeniedError.new(:cooldown, service: service, action: action,
|
|
45
45
|
message: "New grant in cooldown period. Read-only actions only.",
|
|
46
|
-
cooldown_remaining:
|
|
46
|
+
cooldown_remaining: @grant_manager.cooldown -
|
|
47
47
|
(Time.now - grant[:first_seen_at]).to_i)
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -22,6 +22,7 @@ module ServiceGrant
|
|
|
22
22
|
return unless user_ctx # STDIO mode -- permissive
|
|
23
23
|
|
|
24
24
|
return if user_ctx[:local_dev] # local dev mode -- permissive
|
|
25
|
+
return if user_ctx[:role] == 'owner' # admin/owner bypasses service grant checks
|
|
25
26
|
|
|
26
27
|
pubkey_hash = user_ctx[:pubkey_hash]
|
|
27
28
|
|
|
@@ -4,12 +4,15 @@ require 'time'
|
|
|
4
4
|
|
|
5
5
|
module ServiceGrant
|
|
6
6
|
class GrantManager
|
|
7
|
-
|
|
7
|
+
DEFAULT_GRANT_CREATION_COOLDOWN = 300 # 5 minutes
|
|
8
8
|
MAX_GRANTS_PER_IP_PER_HOUR = 5
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
attr_reader :plan_registry, :cooldown
|
|
11
|
+
|
|
12
|
+
def initialize(pg_pool:, plan_registry:, cooldown: nil)
|
|
11
13
|
@pg = pg_pool
|
|
12
14
|
@plans = plan_registry
|
|
15
|
+
@cooldown = cooldown || DEFAULT_GRANT_CREATION_COOLDOWN
|
|
13
16
|
@ip_tracker = IpRateTracker.new(
|
|
14
17
|
max: MAX_GRANTS_PER_IP_PER_HOUR, window: 3600, pg_pool: pg_pool
|
|
15
18
|
)
|
|
@@ -133,8 +136,9 @@ module ServiceGrant
|
|
|
133
136
|
end
|
|
134
137
|
|
|
135
138
|
def in_cooldown?(grant)
|
|
139
|
+
return false if @cooldown <= 0
|
|
136
140
|
return false unless grant[:first_seen_at]
|
|
137
|
-
(Time.now - grant[:first_seen_at]) <
|
|
141
|
+
(Time.now - grant[:first_seen_at]) < @cooldown
|
|
138
142
|
end
|
|
139
143
|
|
|
140
144
|
def grants_with_unknown_plans(plan_registry)
|
|
@@ -177,11 +181,11 @@ module ServiceGrant
|
|
|
177
181
|
MAX_RECORDING_RETRIES = 3
|
|
178
182
|
|
|
179
183
|
def record_grant_event(pubkey_hash, service, action, details = {})
|
|
180
|
-
record_with_retry(
|
|
184
|
+
record_with_retry({
|
|
181
185
|
type: 'service_grant_event', layer: 'L1',
|
|
182
186
|
pubkey_hash: pubkey_hash, service: service,
|
|
183
187
|
action: action, details: details, timestamp: Time.now.iso8601
|
|
184
|
-
)
|
|
188
|
+
})
|
|
185
189
|
end
|
|
186
190
|
|
|
187
191
|
# Record with retry (non-blocking, up to MAX_RECORDING_RETRIES attempts).
|
|
@@ -47,7 +47,9 @@ module ServiceGrant
|
|
|
47
47
|
|
|
48
48
|
# 3. IP resolution + domain objects
|
|
49
49
|
@ip_resolver = ClientIpResolver.new(config['ip_resolution'] || {})
|
|
50
|
-
|
|
50
|
+
cooldown = config['grant_creation_cooldown']&.to_i
|
|
51
|
+
@grant_manager = GrantManager.new(pg_pool: @pg_pool, plan_registry: @plan_registry,
|
|
52
|
+
cooldown: cooldown)
|
|
51
53
|
@usage_tracker = UsageTracker.new(pg_pool: @pg_pool, plan_registry: @plan_registry,
|
|
52
54
|
cycle_manager: @cycle_manager)
|
|
53
55
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kairos-chain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Masaomi Hatakeyama
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-03-
|
|
11
|
+
date: 2026-03-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|
|
@@ -389,7 +389,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
389
389
|
- !ruby/object:Gem::Version
|
|
390
390
|
version: '0'
|
|
391
391
|
requirements: []
|
|
392
|
-
rubygems_version: 3.
|
|
392
|
+
rubygems_version: 3.5.22
|
|
393
393
|
signing_key:
|
|
394
394
|
specification_version: 4
|
|
395
395
|
summary: KairosChain - Self-referential MCP server for auditable skill self-management
|