feat(mcp): per-session MCP profiles — launch a topic with only the servers it needs (dynamic-MCP lever 1) #3157
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # worktree-trailer-sig-check — origin-side authoritative push gate. | |
| # | |
| # Per PARALLEL-DEV-ISOLATION-SPEC.md "Authoritative push gate (iter 4)". | |
| # | |
| # Verifies the Ed25519 signature on every Instar commit trailer using the | |
| # public key baked below (offline; no live server contact required for the | |
| # signature check). Then calls the agent server via Cloudflare Tunnel | |
| # (authenticated with this workflow's GitHub OIDC token) for nonce | |
| # uniqueness — falling back to the INSTAR_VERIFY_CACHE Repo Variable when | |
| # the server is unreachable. | |
| # | |
| # This file is part of the trust root: changes to it require 2 approvals | |
| # (enforced by the GitHub Repository Ruleset configured by the Day -2 | |
| # migration script). | |
| name: worktree-trailer-sig-check | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'topic/**' | |
| - 'platform/**' | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| id-token: write # OIDC token for nonce-uniqueness call | |
| jobs: | |
| verify: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 50 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Verify trailers | |
| env: | |
| PUBLIC_KEY_PEM: ${{ vars.INSTAR_TRAILER_PUBLIC_KEY }} | |
| VERIFY_TUNNEL_URL: ${{ vars.INSTAR_VERIFY_TUNNEL_URL }} | |
| VERIFY_CACHE_JSON: ${{ vars.INSTAR_VERIFY_CACHE }} | |
| REPO_ORIGIN_URL: ${{ github.server_url }}/${{ github.repository }}.git | |
| PUSH_RANGE: ${{ github.event_name == 'push' && format('{0}..{1}', github.event.before, github.event.after) || format('{0}..{1}', github.event.pull_request.base.sha, github.event.pull_request.head.sha) }} | |
| # K2 (iter-4 hardening): Tunnel URL hash pin. The verify-trailers script | |
| # SHA-256s the configured VERIFY_TUNNEL_URL and aborts if it does not | |
| # match this baked-in value. Changing the tunnel URL requires editing | |
| # this workflow file (which itself requires the trust-root 2-approval | |
| # ruleset entry). Prevents `actions:write` PAT exfiltration of OIDC | |
| # tokens via attacker-controlled URL. | |
| INSTAR_VERIFY_TUNNEL_URL_HASH: ${{ vars.INSTAR_VERIFY_TUNNEL_URL_HASH }} | |
| run: node .github/scripts/verify-trailers.js |