Tracking the tri-brain BLOCKING findings on the examples/agentfolio-beacon-bridge/ bridge merged in #855. The cross-identity verification can be bypassed (local-JSON-as-proof, substring name match, existence-implies-linked), the signature covers only part of the payload, NaN scores clamp to a forged 1.0, the verified tier is mathematically unreachable (max 0.77 < 0.8), it writes non-atomically into ~/.beacon/, and DID keys use invalid multibase encoding. Full detail in #855. Bounty rustchain-bounties#2890 is held pending these fixes.
This is an isolated example (not wired into production trust scoring), so severity to the live system is low, but it must not be cited as the canonical onboarding bridge until cross-verification actually proves linkage.
Tracking the tri-brain BLOCKING findings on the
examples/agentfolio-beacon-bridge/bridge merged in #855. The cross-identity verification can be bypassed (local-JSON-as-proof, substring name match, existence-implies-linked), the signature covers only part of the payload, NaN scores clamp to a forged 1.0, theverifiedtier is mathematically unreachable (max 0.77 < 0.8), it writes non-atomically into~/.beacon/, and DID keys use invalid multibase encoding. Full detail in #855. Bounty rustchain-bounties#2890 is held pending these fixes.This is an isolated example (not wired into production trust scoring), so severity to the live system is low, but it must not be cited as the canonical onboarding bridge until cross-verification actually proves linkage.