Skip to main content

Deterministic input-bounds / DoS hardening gate for the AlgoVoi JCS substrate; runs before canonicalization and fails closed on well-formed but resource-hostile payloads with named reject codes; the bounds in force are content-addressed (profile_ref)

Reason this release was yanked:

software issue

Project description

algovoi-substrate-guard (lite)

Deterministic input-bounds / DoS hardening gate for the AlgoVoi JCS substrate. It runs before canonicalization and fails closed on well-formed but resource-hostile payloads, with a named reject code. Apache-2.0.

The substrate already fails closed on malformed input. A payload can be perfectly valid JSON and still be hostile by resource: megabytes of data, nested ten thousand deep, millions of keys, an 8 MB string, numbers outside the safe-integer range. Those sail past "is it well-formed?" and into your canonicalizer and hasher, which is exactly where a cheap denial-of-service lives. This guard is the front door that stops them, so the expensive work never touches a hostile payload.

pip install algovoi-substrate-guard
from algovoi_substrate_guard import guard, profile_ref, GuardError, Profile

# Accept or reject BEFORE canonicalization. Never truncates, never repairs.
try:
    guard(value)                 # uses the default profile guard-receipt-v1
    ref = ...                    # ...then action_ref(...) / decision_ref(...) / a receipt
except GuardError as e:
    print("rejected:", e.code)   # e.g. REJECT_OVER_DEPTH, REJECT_TOO_MANY_KEYS

# The limits in force are content-addressed, so a record can prove which bounds admitted it.
profile_ref()                    # "sha256:a4791b13...c3d5524a6"  (guard-receipt-v1)
profile_ref(Profile(max_depth=8, max_object_keys=16))   # your own pinnable profile

What it adds

  • A pre-canonicalization gate. Runs before JCS + SHA-256, so the expensive work never touches a hostile payload. Accept, or reject with a named code (REJECT_OVER_DEPTH, REJECT_TOO_MANY_KEYS, …). Never truncates or repairs: no silent mangling, no ambiguous half-processing.
  • Resource fail-closed, to match the malformed fail-closed. Together the substrate fails closed on both axes: bad shape and bad size.
  • Pinnable, provable limits. profile_ref = "sha256:" + SHA-256(JCS(profile)) — the same discipline as policy_binding. An adopter pins guard-receipt-v1 (or their own profile); a record can carry the profile_ref it was admitted under, so an auditor can prove which limits were enforced.
  • Cross-implementation by construction. Every bound is a pure structural property of the parsed value (depth, count, length), so independent implementations enforce it identically — "N independent implementations reject the same hostile inputs with the same code."
  • Additive, zero blast radius. Changes no hash, adds no crypto primitive. Composes in one line: guard(value) then your existing action_ref(...). Everything built on the canonicalization substrate gets the protection for free, with no format change.

Default profile guard-receipt-v1

limit default reject code
max_bytes (UTF-8 of canonical form) 65536 REJECT_OVER_SIZE
max_depth (nesting, root = 1) 32 REJECT_OVER_DEPTH
max_object_keys (per object) 256 REJECT_TOO_MANY_KEYS
max_array_length 1024 REJECT_OVER_ARRAY
max_string_length (per string / key) 8192 REJECT_OVER_STRING
max_total_nodes 4096 REJECT_OVER_NODES
number_safety on REJECT_UNSAFE_NUMBER (outside JSON safe-int range / non-finite)

guard-receipt-v1 addresses to sha256:a4791b13c67a16109b85ef67fc65700ea902b6ad40dad44d8556632c3d5524a6.

Honest scope

A deterministic structural validator plus a content-addressed profile — not cryptography, and not rate-limiting or replay windows (those stay in the runtime verifier layer, never claimed as a substrate property). This is the open, lite tier of the AlgoVoi hardening layer.

Conformance

conformance/substrate_guard_v1/ carries the canonical vectors plus an independent verifier (verify.py). The same vectors and a Node verifier ship in the @algovoi/substrate-guard package, so the two implementations are checked to reject the same hostile inputs with the same code and compute the same profile_ref. Vectors are also published in the AlgoVoi JCS conformance corpus.

pip install rfc8785 algovoi-substrate
python conformance/substrate_guard_v1/verify.py

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

algovoi_substrate_guard-0.1.0.tar.gz (11.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

algovoi_substrate_guard-0.1.0-py3-none-any.whl (11.6 kB view details)

Uploaded Python 3

File details

Details for the file algovoi_substrate_guard-0.1.0.tar.gz.

File metadata

  • Download URL: algovoi_substrate_guard-0.1.0.tar.gz
  • Upload date:
  • Size: 11.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for algovoi_substrate_guard-0.1.0.tar.gz
Algorithm Hash digest
SHA256 9b0658a67701f214e2b0904e7b955aa74f55720ad2796a4365b1974b864962a8
MD5 e5f76f4c8661b28ac09a7c3c05cf93dc
BLAKE2b-256 fddbaf051b31e94024699f2521b91ed7e99021cec05dd2c9c965b867879919e0

See more details on using hashes here.

File details

Details for the file algovoi_substrate_guard-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for algovoi_substrate_guard-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 68898f480c962e0fe467a66b6b01aaa9f76f2b1280e816f2e47271148ef91142
MD5 974fc7871b5650b8ecd8b8f88546c426
BLAKE2b-256 cb91f8a520551564561ce7501a0d033c5b9328350cbb4d990ae38e185770edc9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page