feat(web-security): operator-gated auth flow memory#70
Open
GangGreenTemperTatum wants to merge 2 commits into
Open
feat(web-security): operator-gated auth flow memory#70GangGreenTemperTatum wants to merge 2 commits into
GangGreenTemperTatum wants to merge 2 commits into
Conversation
Add an Authentication Context section to the agent prompt that distinguishes operator-sourced vs agent-discovered credentials: - Operator-sourced: when the operator provides credentials (in chat, from a file, or via stored credential), the agent persists the auth *flow* (endpoints, token mechanics, multi-step choreography) to project memory with subtype: auth-flow. Raw credentials are never persisted — they stay session-scoped in store_credential only. - Agent-discovered: when the agent finds credentials autonomously (default creds, self-registration, JS extraction), they are used for the current session but the flow is NOT persisted. Security- relevant discoveries are tracked as findings/leads instead. - Resuming: future sessions load auth-flow memories and replay them with fresh operator-provided credentials, skipping re-discovery. If no credentials are provided, the agent proceeds unauthenticated without prompting. Also updates the tracking section to include auth-flow as a memory subtype with payload_json.role and payload_json.auth_type fields.
c623c20 to
0cb55b3
Compare
Drop health-check ceremony, fallback chains, and prescriptive routing. Proxies are now framed as evidence capture for confirmed findings: replay PoC through available proxy after assess_confidence passes. Thermoptic reduced to one-liner.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The web-security agent has no structured way to persist or reuse authentication context across sessions. Credentials are ephemeral (chat-only), the prompt says "don't persist secrets", and there's no mechanism to carry forward how to authenticate — even when the operator provides the same target repeatedly.
This means every new session re-discovers the auth flow from scratch, wasting time on targets with complex multi-step login choreography (CSRF token → login → JWT → refresh → MFA).
Solution
Add an Authentication Context section to the agent prompt that distinguishes two credential sources with different persistence rules:
Operator-sourced auth (persist the flow)
When the operator provides credentials — in chat, by pointing to a file, or by referencing a stored credential — the agent:
store_credentialfor the session (as before)subtype: auth-flowAgent-discovered auth (don't persist)
When the agent discovers credentials autonomously (default creds, self-registration, JS extraction):
store_credentialfor the session (as before)Resuming from memory
Future sessions load
auth-flowmemories and replay them with fresh operator-provided credentials, skipping re-discovery entirely. If no credentials are provided, the agent proceeds unauthenticated without prompting.Security rationale
The operator's explicit act of providing credentials is the authorization signal — no confirmation prompts needed, no autonomous persistence of potentially sensitive auth patterns. Agent-discovered auth (which may involve default creds, brute force, or token extraction) is intentionally kept ephemeral since the operator never sanctioned it as the intended auth path.
Changes
agents/web-security.md: New Authentication Context section, updated tracking to includeauth-flowsubtype withpayload_json.roleandpayload_json.auth_type, updatedstore_credentialguidance to connect to flow persistence