Skip to content

Add SCOPE-D delivery envelope validation#39

Merged
mdheller merged 7 commits into
mainfrom
feature/scope-d-delivery-envelopes-v1
Jun 29, 2026
Merged

Add SCOPE-D delivery envelope validation#39
mdheller merged 7 commits into
mainfrom
feature/scope-d-delivery-envelopes-v1

Conversation

@mdheller

@mdheller mdheller commented Jun 28, 2026

Copy link
Copy Markdown
Member

Summary

Adds the first CloudShell Fog delivery boundary for SCOPE-D.

Changes:

  • Adds internal/delivery with a SCOPE-D delivery envelope type.
  • Adds validation for policy-gated, operator-approved, non-executing envelopes.
  • Rejects execution, network, mutation, credential, and payload capabilities in v0.1.
  • Adds receipt hash helper.
  • Adds Go tests for allowed and blocked envelopes.
  • Adds docs for SCOPE-D delivery envelope handoff.

Validation

CI should run Go tests. The focused local path is:

go test ./internal/delivery

Tranche role

This gives CloudShell Fog a concrete place in the SCOPE-D pipeline as an edge assurance and operator review boundary.

mdheller and others added 7 commits June 28, 2026 16:05
@mdheller
Add SCOPE-D delivery envelope validation
3c8b346
@mdheller
Add SCOPE-D delivery envelope tests
4ab0386
@mdheller
Document SCOPE-D delivery envelopes
6b05fe4
@mdheller
Simplify delivery envelope vet surface
bbd02bd
@claude
fix(deps): add missing go.sum entry for github.com/evanphx/json-patch
ba7bf90 
k8s.io/client-go/testing imports github.com/evanphx/json-patch
v4.12.0+incompatible. The go.sum entry was absent, causing `go vet`
and `go test` to fail in CI with "missing go.sum entry" errors.

Hashes sourced from sum.golang.org and cross-verified against the
k8s.io/client-go v0.30.2 transitive dependency graph.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(go): add missing evanphx/json-patch indirect dep to go.mod
abe3235 
go mod tidy requires this transitive dependency of k8s.io/client-go@v0.30.2
to be listed in go.mod. The go.sum hashes were already added; go.mod was
missing the indirect require entry, causing CI to report "updates to go.mod needed".

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix(go): add pkg/errors transitive dep required by evanphx/json-patch
150aafb 
github.com/evanphx/json-patch imports github.com/pkg/errors; both go.sum
hashes and the go.mod indirect entry were missing, causing the CI "Go build
& test" check to fail with a missing go.sum entry error.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mdheller mdheller merged commit 3e95eb4 into main Jun 29, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mdheller