feat: secure build phase 2 — enforce image verification by default

All store images are now digest-pinned and cosign-signed by the publish pipeline, so the warn-by-default training-wheels period is over: an unsigned or undigested image must not install unless the admin explicitly opts out. The service_composer fallback used when the config manager is unavailable or corrupt also flips to enforce — config corruption must fail closed rather than silently weaken verification. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 14:12:58 -04:00
parent c430a392b8
commit 2ab3d2d5ac
5 changed files with 66 additions and 13 deletions
@@ -1016,15 +1016,15 @@ class ConfigManager:
    #   enforce — refuse to start a service whose image is undigested,
    #             unsigned, or whose signature does not verify
    #
-    # Default is "warn" until the publish pipeline signs all store images; a
-    # later phase flips the default to "enforce". The section is backed up and
-    # restored with the rest of cell_config.json automatically.
+    # All store images are now signed + digest-pinned via the publish pipeline,
+    # so the default is "enforce". The section is backed up and restored with
+    # the rest of cell_config.json automatically.

    def get_image_verification(self) -> Dict[str, Any]:
-        """Return the image verification config, e.g. {'mode': 'warn'}."""
+        """Return the image verification config, e.g. {'mode': 'enforce'}."""
        cfg = self.configs.get('image_verification')
        if not isinstance(cfg, dict) or cfg.get('mode') not in _IMAGE_VERIFY_MODES:
-            cfg = {'mode': 'warn'}
+            cfg = {'mode': 'enforce'}
            self.configs['image_verification'] = cfg
        return dict(cfg)