fix(security): replace unregistered package names + MD5→SHA-256

[imran-siddique]

Fixes that didn't land in empty PR #349:

• \�gentmesh\ → \�gentmesh-platform\ (5 files)
• \�gentmesh-governance\ → \�gent-governance-toolkit\
• \�gent-os-observability\ → \�gent-os-kernel[observability]\
• \hashlib.md5\ → \hashlib.sha256\ (3 files)

9 files, 11 replacements. Verified zero remaining instances.

[github-actions]

🤖 AI Agent: docs-sync-checker — Issues Found

📝 Documentation Sync Report

Issues Found

• ❌ check_dependency_confusion.py in scripts/check_dependency_confusion.py — missing docstring for the following public functions:
  • extract_package_names(install_args: str) -> list[str]
  • check_file(filepath: str) -> list[str]
  • main() -> int
• ⚠️ packages/agent-os/modules/observability/README.md — The installation command for the agent-os-observability package has been updated to pip install agent-os-kernel[observability]. The README reflects this change, so no issue here.
• ⚠️ CHANGELOG.md — No entry for the changes in this PR, including:
  • Replacement of hashlib.md5 with hashlib.sha256 in multiple files.
  • Replacement of unregistered package names (e.g., agentmesh → agentmesh-platform).
  • Addition of weekly-security-audit.yml GitHub workflow.
  • Addition of check_dependency_confusion.py script.

Suggestions

• 💡 Add docstrings for the following functions in scripts/check_dependency_confusion.py:
  • extract_package_names(install_args: str) -> list[str]: Explain the purpose of extracting package names, input format, and return value.
  • check_file(filepath: str) -> list[str]: Describe how the function scans a file for unregistered pip install targets and its return value.
  • main() -> int: Provide an overview of the script's main entry point, its purpose, and the meaning of the return value.
• 💡 Add a new entry in CHANGELOG.md summarizing the changes introduced in this PR:
  • Updated package names to registered versions.
  • Replaced hashlib.md5 with hashlib.sha256 for cryptographic operations.
  • Added a new GitHub Actions workflow for weekly security audits.
  • Introduced a new script, check_dependency_confusion.py, to detect unregistered PyPI package names in pip install commands.

Additional Notes

• The changes to the README files appear to be in sync with the updated package names.
• The example code in the repository does not seem to require updates, as the changes primarily involve package names and cryptographic functions.
• All new public APIs in the check_dependency_confusion.py script should include type hints, which are already present.

Action Items

1. Add missing docstrings to the public functions in scripts/check_dependency_confusion.py.
2. Update CHANGELOG.md to include a summary of the changes in this PR.

Once the above issues are addressed, the documentation will be in sync.

[github-actions]

🤖 AI Agent: breaking-change-detector — Summary

🔍 API Compatibility Report

Summary

The changes in this pull request primarily involve replacing unregistered package names with registered ones and switching from MD5 to SHA-256 for cryptographic operations. These changes are largely non-breaking but could have downstream implications for users relying on specific package names or hash algorithms. No public API changes were detected in the diff.

Findings

Severity	Package	Change	Impact
🟡	agent-os	MD5 replaced with SHA-256 in cryptographic operations	May affect systems relying on MD5 hashes for compatibility or validation
🟡	agentmesh	Package name changed from agentmesh to agentmesh-platform	Users must update their pip install commands
🟡	agentmesh-governance	Package name changed to agent-governance-toolkit	Users must update their pip install commands
🟡	agent-os-observability	Package name changed to agent-os-kernel[observability]	Users must update their pip install commands

Migration Guide

1. Package Name Updates:

   • Replace agentmesh with agentmesh-platform in all pip install commands.
   • Replace agentmesh-governance with agent-governance-toolkit in all pip install commands.
   • Replace agent-os-observability with agent-os-kernel[observability] in all pip install commands.

2. Hash Algorithm Updates:

   • If your system relies on MD5 hashes for validation or compatibility, update your code to handle SHA-256 hashes instead. For example:

     # Old code using MD5
     hashlib.md5(data).hexdigest()
     
     # Updated code using SHA-256
     hashlib.sha256(data).hexdigest()

Conclusion

✅ No breaking changes were detected in the public API. However, users must update their package installation commands and ensure compatibility with SHA-256 hashes where applicable.

[github-actions]

🤖 AI Agent: test-generator — `packages/agent-mesh/src/agentmesh/cli/main.py`

🧪 Test Coverage Analysis

packages/agent-mesh/src/agentmesh/cli/main.py

• ✅ Existing coverage:

  • The register function is likely covered by tests that verify the behavior of the agentmesh CLI, including scenarios where the agentmesh.identity.AgentIdentity module is not installed.
  • The error message for missing dependencies (pip install agentmesh) is likely tested in CLI-related test cases.

• ❌ Missing coverage:

  • The specific change from pip install agentmesh to pip install agentmesh-platform in the error message may not be explicitly tested.
  • There may be no tests verifying the correctness of the updated error message.

• 💡 Suggested test cases:

  1. test_register_missing_dependency_error_message — Verify that the error message displayed when agentmesh.identity.AgentIdentity is not installed correctly reflects the updated package name (agentmesh-platform).
  2. test_register_with_invalid_agent_dir — Test the behavior of the register function when an invalid agent_dir is provided, ensuring the error message is displayed correctly.

---

packages/agent-mesh/src/agentmesh/transport/grpc_transport.py

• ✅ Existing coverage:

  • The _require_grpc function is likely covered by tests that verify the behavior of the gRPC transport layer when the grpcio package is missing.
  • The error message for missing dependencies (pip install agentmesh[grpc]) is likely tested in transport-related test cases.

• ❌ Missing coverage:

  • The specific change from pip install agentmesh[grpc] to pip install agentmesh-platform[grpc] in the error message may not be explicitly tested.
  • There may be no tests verifying the correctness of the updated error message.

• 💡 Suggested test cases:

  1. test_require_grpc_missing_dependency_error_message — Verify that the error message displayed when the grpcio package is missing correctly reflects the updated package name (agentmesh-platform[grpc]).
  2. test_grpc_transport_initialization_without_grpc — Simulate the absence of the grpcio package and ensure that the _require_grpc function raises the correct ImportError with the updated error message.

---

General Recommendations

1. Policy Evaluation:

   • Test scenarios where the register function is called with conflicting or invalid policies to ensure proper error handling and logging.
   • Test edge cases where the agent_name is empty, excessively long, or contains special characters.

2. Input Validation:

   • Test the register function with malformed agent_dir inputs, such as non-existent directories, directories without the required files, or directories with invalid file formats.
   • Test the _require_grpc function with unexpected inputs or edge cases to ensure it handles them gracefully.

3. Concurrency:

   • If the register function or gRPC transport is used in a multi-threaded or asynchronous context, test for potential race conditions or deadlocks.

4. Error Handling:

   • Test scenarios where the agentmesh.identity.AgentIdentity.create method raises exceptions, and ensure the register function handles them appropriately.
   • Test scenarios where the _require_grpc function raises an ImportError, and verify that the error message is logged or displayed correctly.

By addressing these areas, the test coverage for the modified files can be improved, ensuring robust and reliable functionality.

[github-actions]

🤖 AI Agent: security-scanner — Security Review of Pull Request

Security Review of Pull Request

This PR introduces several changes, including replacing unregistered package names, switching from MD5 to SHA-256 for cryptographic operations, and adding a new script to detect dependency confusion vulnerabilities. Below is a detailed security analysis of the changes:

---

1. Prompt Injection Defense Bypass

No direct prompt injection vulnerabilities were identified in this PR. The changes primarily focus on package renaming, cryptographic updates, and dependency confusion checks, which do not directly interact with user-provided input in a way that could lead to prompt injection.

Rating: 🔵 LOW

---

2. Policy Engine Circumvention

No changes in this PR directly impact the policy engine or its enforcement mechanisms. The changes are primarily related to package naming and cryptographic improvements.

Rating: 🔵 LOW

---

3. Trust Chain Weaknesses

The PR includes changes to replace MD5 hashing with SHA-256 in several locations. This is a positive change, as MD5 is considered cryptographically weak and unsuitable for security-sensitive operations. However, there are some issues:

Finding 1: Use of SHA-256 for versioning

• Attack Vector: The _compute_version method in lifecycle.py uses hashlib.sha256 to compute a hash of the module's file contents and name for versioning purposes. While SHA-256 is cryptographically secure, using it for versioning may lead to confusion as it implies cryptographic integrity, which is not the intended purpose here. A non-cryptographic hash function like xxhash or cityhash would be more appropriate and performant.
• Suggested Fix: Replace hashlib.sha256 with a non-cryptographic hash function for versioning purposes.

Rating: 🟡 MEDIUM

---

4. Credential Exposure

No credentials or sensitive information were exposed in the changes. The PR does not introduce any logging or error messages that could inadvertently leak sensitive data.

Rating: 🔵 LOW

---

5. Sandbox Escape

No changes in this PR affect sandboxing or process isolation mechanisms. The changes are limited to package renaming, cryptographic updates, and dependency checks.

Rating: 🔵 LOW

---

6. Deserialization Attacks

The PR includes a check for pickle.load usage in non-test code as part of the weak-crypto-check job. This is a good practice to prevent deserialization attacks. No new deserialization vulnerabilities were introduced in this PR.

Rating: 🔵 LOW

---

7. Race Conditions

No changes in this PR introduce or modify concurrency-related code. The changes are limited to package renaming, cryptographic updates, and dependency checks.

Rating: 🔵 LOW

---

8. Supply Chain

The PR addresses potential supply chain vulnerabilities by:

• Replacing unregistered package names with registered ones.
• Adding a check_dependency_confusion.py script to detect unregistered package names in pip install commands.

Finding 2: Dependency confusion detection limitations

• Attack Vector: The check_dependency_confusion.py script relies on a hardcoded list of registered package names (REGISTERED_PACKAGES). This approach is error-prone and requires manual updates whenever new packages are added to the project. If a new package is introduced and not added to this list, it could lead to a false positive or a missed detection.
• Suggested Fix: Instead of maintaining a hardcoded list, consider querying the PyPI API to dynamically check if a package is registered. This would eliminate the need for manual updates and reduce the risk of errors.

Rating: 🟠 HIGH

---

Summary of Findings

Finding	Rating	Description	Suggested Fix
1. Use of SHA-256 for versioning	🟡 MEDIUM	SHA-256 is used for versioning, which is not its intended purpose.	Replace with a non-cryptographic hash function like xxhash or cityhash.
2. Dependency confusion detection limitations	🟠 HIGH	The dependency confusion script relies on a hardcoded list of package names, which is error-prone.	Use the PyPI API to dynamically check package registration.

---

Recommendations

1. Address the findings above to improve the security and reliability of the changes.
2. Ensure that the check_dependency_confusion.py script is integrated into the CI/CD pipeline and tested thoroughly.
3. Consider adding unit tests for the new script to validate its functionality and edge cases.

Let me know if you need further clarification or assistance!

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request addresses two critical issues: replacing unregistered package names with registered ones to prevent dependency confusion attacks and replacing MD5 hashing with SHA-256 for improved cryptographic security. Additionally, it introduces a new GitHub Actions workflow for weekly security audits, including dependency confusion checks, weak cryptography scans, and other security-related tasks. The changes are well-documented and appear to be implemented correctly. However, there are a few areas that require attention.

---

🔴 CRITICAL

1. Potential False Negatives in Dependency Confusion Detection:

   • The check_dependency_confusion.py script uses a hardcoded list of registered packages (REGISTERED_PACKAGES). This approach is error-prone because it requires manual updates whenever new packages are added to the project. If a new package is introduced and not added to this list, it could lead to a false negative and a potential security vulnerability.
   • Recommendation: Instead of relying on a hardcoded list, consider querying the PyPI API to dynamically check if a package is registered. This will ensure that the check remains accurate even as new dependencies are added.

2. Inadequate Handling of pickle Usage:

   • The weak-crypto-check job in the GitHub Actions workflow includes a check for pickle.load usage. However, it only excludes files with certain patterns (e.g., test_, security_skills) and does not provide a mechanism to validate whether the usage of pickle is safe.
   • Recommendation: Implement a more robust mechanism to validate pickle usage. For example, enforce the use of pickle only in trusted contexts or replace it with safer serialization libraries like json or MessagePack.

---

🟡 WARNING

1. Breaking Changes in Package Names:

   • The renaming of packages (e.g., agentmesh → agentmesh-platform, agentmesh-governance → agent-governance-toolkit) is a breaking change for users who rely on the old package names in their dependencies.
   • Recommendation: Clearly document these changes in the release notes and provide a migration guide for users. Consider publishing a deprecation notice for the old package names on PyPI, if applicable.

2. Backward Compatibility for MD5 Replacement:

   • Replacing hashlib.md5 with hashlib.sha256 may cause issues if the MD5 hashes were being used for compatibility with other systems or as part of a protocol.
   • Recommendation: Verify that the change to SHA-256 does not break compatibility with any external systems or protocols. If compatibility is a concern, consider making the hash algorithm configurable.

---

💡 SUGGESTIONS

1. Enhance Dependency Confusion Detection:

   • The check_dependency_confusion.py script currently scans for pip install commands in various file types. However, it does not account for dynamically constructed package names or indirect dependencies.
   • Recommendation: Consider integrating a tool like PyUp Safety or pip-audit into the CI pipeline for a more comprehensive dependency security check.

2. Improve Logging for Security Scans:

   • The security-skills-scan job in the GitHub Actions workflow uses tee to write the output to a file and the console. However, the output format is not standardized, which could make it harder to parse and analyze.
   • Recommendation: Use a structured logging format (e.g., JSON or YAML) for the scan output to facilitate automated analysis and integration with other tools.

3. Add Tests for Dependency Confusion Script:

   • The check_dependency_confusion.py script does not appear to have any associated tests.
   • Recommendation: Add unit tests for this script to ensure its correctness and to prevent regressions. For example, test cases could include valid and invalid pip install commands, as well as edge cases like multiline commands.

4. Document Security Audit Workflow:

   • The new weekly-security-audit.yml workflow is a valuable addition, but it is not mentioned in the documentation.
   • Recommendation: Update the repository's documentation to explain the purpose and usage of the new workflow. Include instructions for interpreting the reports and addressing any findings.

5. Optimize Regular Expressions:

   • The PIP_INSTALL_RE regex in check_dependency_confusion.py could be simplified and made more robust. For example, it currently does not handle cases where pip install commands are split across multiple lines using \.
   • Recommendation: Refactor the regex to handle multiline pip install commands and edge cases. Consider using a library like shlex to parse shell commands more reliably.

6. Thread Safety of Cryptographic Changes:

   • The replacement of hashlib.md5 with hashlib.sha256 appears to be thread-safe, as the hashlib module is designed to be thread-safe. However, it would be prudent to confirm that no shared state is being modified in multithreaded contexts.
   • Recommendation: Review the usage of hashlib in the context of multithreaded execution to ensure there are no race conditions or shared state issues.

---

Summary of Changes

• 🔴 CRITICAL: Address potential false negatives in dependency confusion detection and improve pickle usage validation.
• 🟡 WARNING: Document breaking changes in package names and verify compatibility of MD5-to-SHA-256 changes.
• 💡 SUGGESTION: Enhance dependency confusion detection, improve logging, add tests for the new script, and document the security audit workflow.

Please address the critical issues and consider the warnings and suggestions before merging this pull request. Let me know if you need further clarification or assistance!