feat(engine): sync confidential opt-out + threat model (#22, #23)#72
Merged
Merged
Conversation
#22 — `sensitivity: confidential` opt-out from sync (security gap C) Topics with frontmatter `sensitivity: confidential` are kept local-only: - `saga sync` scans the layer notes dir, parses frontmatter, and excludes matched files from `git add` via a pathspec (`:(exclude)<path>`). The file stays on disk untracked / unstaged. - New `--dry-run` flag prints the push plan (pending + excluded) without staging, committing, pulling, or pushing. - When a confidential topic's file already exists in `origin/<branch>` (was pushed previously), sync emits a warning explaining that local marking is not retroactive and pointing to a manual `git rm --cached` workflow until `saga sync --purge` lands. - Personal layer seed default flipped from `confidential` to `internal`: the layer-default of confidential contradicted the very design of a syncable layer. Confidential is now an explicit per-topic opt-out for the rare cases (credentials notes, medical info, etc.). - Existing installs keep whatever value already in their meta.yml; only new `saga` installs see the new default. Tests: confidential excluded from remote, file stays local, dry-run reports plan without mutation, warning fires on previously-pushed flip, no warning on never-pushed confidential. #23 — SECURITY.md threat model (security gap D) Rewritten with the sections #23 asks for: Threat model (what Saga protects / what it does not), Trust boundaries, Storage at rest (and why no encryption at rest in v1), Sync transport, Secret handling (pattern list), `sensitivity: confidential` semantics (what it does / does not do), Scope, Disclosure. Explicitly documents v1 limitations: no encryption at rest (v2 opt-in via DESIGN_v2.md), no per-topic ACL beyond confidential, agent that writes via `topic_write` is trusted. README gets a short "Security model" section that links into SECURITY.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bundle E of the v1.0.0-rc.1 plan — closes the two remaining security-roadmap gaps that block tagging rc.1.
sensitivity: confidentialopt-out from sync (security gap C) #22 —sensitivity: confidentialopt-out from sync (gap C).saga syncscans the layer notes dir, parses frontmatter, and excludes matched files fromgit addvia a:(exclude)<path>pathspec. Confidential files stay on disk, never staged, never pushed. A new--dry-runflag prints the plan (pending + excluded) without mutating anything. If a confidential topic's file already exists inorigin/<branch>(was pushed previously), sync emits a warning explaining that local marking is not retroactive and pointing to a manual cleanup workflow untilsaga sync --purgelands.sensitivity: confidentialsemantics, Scope, Disclosure. README gets a short "Security model" section linking into it.One non-trivial design decision
The personal layer seed previously defaulted to
sensitivity_default: confidential. With #22 implemented as the issue describes, that default would make every new topic local-only — defeating the entire point of a syncable personal layer. Flipped tointernal.confidentialis now the explicit per-topic opt-out the issue asks for (credentials notes, medical info, etc.).The change only affects new installs. Existing layers keep whatever value is already in their
meta.yml— users with the old default can migrate at their own pace.Test plan
go test ./...— full suite greengolangci-lint run— 0 issuesinternal/saga/sync_test.go:TestSyncExcludesConfidentialTopicsFromPush— confidential file does not appear in remote clone after syncTestSyncConfidentialFileStaysLocal— file remains on disk after syncTestSyncDryRunListsPendingAndExcluded— dry-run reports plan without committing/pushingTestSyncWarnsWhenConfidentialAlreadyInRemote— flipping a pushed topic to confidential surfaces the warningTestSyncNoWarningWhenConfidentialNeverPushed— clean case stays warning-freeCloses #22
Closes #23