Add Pipelock to Security & Compliance#4807
Merged
caniszczyk merged 1 commit intocncf:masterfrom Apr 20, 2026
Merged
Conversation
|
You can preview your changes by visiting this link. Note This feature is still experimental and may not work as expected in some cases. Please report any issues you find! |
Signed-off-by: luckyPipewrench <gitlucky@pipelab.org>
luckyPipewrench
force-pushed
the
add-pipelock
branch
from
d8a1175 to
2110ba8
Compare
luckyPipewrench
added a commit
to luckyPipewrench/pipelock
that referenced
this pull request
Apr 21, 2026
#418) * docs: add detection-integration guide for downstream receipt consumers New guide explaining how SIEM rules, analyst review, and long-window LLM-based detectors all consume the same signed action-receipt stream. Includes a 40-line runnable Python example that verifies a chain via pipelock-verify and routes each verified receipt to a pluggable handler. Explicit "What this does not solve" section covers compromised mediators, real-time coverage gaps, receipts-as-input-not-substitute, agent-side compromise, and the same-user deployment ceiling. The existing tool-response-injection harness gains a short pointer to the new guide. * docs: address review findings on detection-integration Three corrections from a close review of the first draft: 1. Gate the "every proxy decision produces a signed receipt" claim on flight_recorder.signing_key_path being set. Without a signing key, pipelock still enforces but the evidence stream is not emitted. Docs now say so and point at the config. 2. Rewrite the SIEM section. Receipts live in the flight-recorder JSONL file; the emit pipeline (webhook, syslog, OTLP) carries a separate security-event envelope. They are complementary streams, not the same stream in different wrappers. Guide now recommends a file shipper (Filebeat, Fluent Bit, Vector) tailing flight_recorder.dir and points readers at siem-integration.md for the emit format. 3. Fix the Python example to filter entries to type == "action_receipt" (evidence files contain non-receipt entries) and carry the outer envelope's session_id into the yielded record. The handler prints session_id now. Verified the updated script against the conformance corpus: valid-chain passes, broken-chain rejects with CHAIN BROKEN. * docs: align receipt-signing language across config, flight-recorder, and detection-integration Three corrections after a review pass: 1. configuration.md: signing_key_path description no longer implies full hot-reload rotation. Reload re-reads key bytes when the same path stays configured; changing the configured path requires restart. 2. flight-recorder.md: remove stale reference to the pipelock-assess keystore. The receipt-signing key is loaded from flight_recorder.signing_key_path and is separate from the assess key. Add a note clarifying that replacing key file contents at a fixed path is an advanced operation; the operator-safe path is still a restart so the old chain closes cleanly. 3. detection-integration.md: gate the intro claim on signing being enabled, fix the key-rotation guidance to match configuration.md, and describe the worked-example evidence file as mixed (action_receipt plus other recorder entries) rather than receipt-only. * docs: add CNCF Landscape badge to README Pipelock was listed in the CNCF Landscape under Provisioning > Security & Compliance on 2026-04-20 (cncf/landscape#4807). Badge placed alongside OpenSSF Scorecard + OpenSSF Best Practices so the ecosystem-trust signals group together, ahead of the CI/quality row. * docs: capitalize Pipelock in prose per style guide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds Pipelock to Provisioning > Security & Compliance.
Pipelock is an open-source agent firewall: a network proxy that scans HTTP, WebSocket, and MCP traffic for prompt injection, DLP leaks, SSRF, tool poisoning, and credential leaks.
Repo: https://github.com/luckyPipewrench/pipelock
Homepage: https://pipelab.org
License: Apache-2.0