security inventory: runtime GPG binding patch remains execution-unverified

[Riverbraid]

Status

PATCHED_UNVERIFIED

Original findings

runtime-binding.js previously skipped GPG verification when process.env.CI === 'true', used shell-string execSync for GPG verification, appeared to have a missing fi in the visible shell command, and wrapped hydraSynth.eval as a runtime interception surface.

Patch applied

runtime-binding.js was patched to:

• remove the CI GPG verification skip
• replace shell-string execSync with execFileSync('gpg', ['--verify', sigPath, anchorPath])
• remove the visible missing fi shell issue
• keep runtime evaluator wrapping explicitly bounded

The repository verification workflow was also updated with explicit read-only permissions:

permissions:
  contents: read

Remaining verification requirement

This issue should remain open until execution evidence confirms the patched runtime binding and workflow path.

Required evidence before closure:

• workflow run or local execution evidence after the patch
• confirmation that GPG verification fails closed when signature or anchor is invalid
• confirmation that CI no longer skips the GPG verification path

Boundary

This issue records patched but unverified security-relevant behavior.
It does not claim the repository is secure, hardened, audited, production ready, defect free, or externally reviewed.
It does not change registry, protocol, hash, seal, manifest, tag, or release state.