Skip to content

feat: Add SHADI implementation#2

Merged
muscariello merged 16 commits intomainfrom
1-shadi-secure-host-for-agentic-ai-dynamic-instantiation
Feb 23, 2026
Merged

feat: Add SHADI implementation#2
muscariello merged 16 commits intomainfrom
1-shadi-secure-host-for-agentic-ai-dynamic-instantiation

Conversation

@muscariello
Copy link
Member

@muscariello muscariello commented Feb 19, 2026

Summary

  • add SHADI core crates (agent secrets, sandbox, memory, transport, CLI)
  • add Python bindings and agents demos with sandbox runner and per-agent policies
  • add docs, scripts, and workflows for CI/coverage/publish

Testing

  • not run (local environment)

Notes

  • per-agent sandbox policies live under policies/demo/
  • memory inspection available via shadictl memory

@muscariello
feat: Add SHADI implementation
cbf6fb8 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello muscariello linked an issue Feb 19, 2026 that may be closed by this pull request
[Epic] SHADI: Secure Host for Agentic AI Dynamic Instantiation #1
Closed
@muscariello
chore: remove issue pr description file
0f256b0 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: install nettle and llvm dependencies
224df51 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: fix macos pyo3 linking
643d650 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: skip shadi_py tests on macos
9b7ab91 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: install openssl for windows
22ba26f 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: use preinstalled vcpkg on windows
c7a74ce 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
ci: add pkg-config and nettle on windows
13096bb 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
chore: add codeowners
86b007b 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello muscariello force-pushed the 1-shadi-secure-host-for-agentic-ai-dynamic-instantiation branch from b9112c1 to d0ed1b5 Compare February 20, 2026 08:23
@muscariello
build: add Windows build and test support
c44bb44 
- Add windows-shell to Justfile and windows-build/windows-test recipes
- Fix Win32_Security_Isolation missing feature in shadi_sandbox
- Fix WindowsAclRollback visibility and unused-mut warnings
- Switch sequoia-openpgp to crypto-rust backend on Windows (pure Rust,
  no native deps) with allow-experimental-crypto and
  allow-variable-time-crypto opt-in flags
- Fix test failures on Windows: backslash escaping in path assertions,
  Windows-specific run_cli_executes_allowed_command using where.exe
- Update ci.yml: add windows-latest matrix, taiki-e/install-action for
  just, Swatinem/rust-cache@v2 with cache-on-failure on all platforms
- Add Swatinem/rust-cache@v2 to coverage.yml

Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Signed-off-by: Luca Muscariello (lumuscar) <lumuscar@cisco.com>
@muscariello muscariello force-pushed the 1-shadi-secure-host-for-agentic-ai-dynamic-instantiation branch from 3d50248 to c44bb44 Compare February 20, 2026 19:52
@muscariello
ci: restore OpenSSL env vars for libsqlite3-sys on Windows
b5edfdc 
libsqlite3-sys (sqlcipher) requires OPENSSL_DIR to compile on Windows
regardless of the sequoia-openpgp crypto backend. Detect pre-installed
OpenSSL on the runner and only fall back to choco if not found.
Auto-detect lib dir (VC\x64\MD vs lib) to handle different installers.

Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Signed-off-by: Luca Muscariello (lumuscar) <lumuscar@cisco.com>
@muscariello muscariello requested a review from msardara February 21, 2026 22:34
@muscariello
Add portable launcher profiles and verifiable human-agent identity de…
c2a9338 
…rivation

Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
fix(shadi-py): resolve macOS PyO3 linking and expand root README
e1635e8 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
docs(scripts): update launcher script guide
141c00d 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
test(shadictl): make profile path assertions cross-platform
0ac9569 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello
fix(windows): preserve existing DACL when granting sandbox access
bddf9f1 
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
@muscariello muscariello requested review from micpapal and removed request for msardara February 23, 2026 17:59
@muscariello muscariello merged commit e27d2e9 into main Feb 23, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@micpapal micpapal micpapal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Epic] SHADI: Secure Host for Agentic AI Dynamic Instantiation

2 participants

@muscariello @micpapal