Skip to content

exec-server: add Noise channel foundation#26239

Draft
viyatb-oai wants to merge 9 commits into
mainfrom
codex/viyatb/noise-channel-foundation
Draft

exec-server: add Noise channel foundation#26239
viyatb-oai wants to merge 9 commits into
mainfrom
codex/viyatb/noise-channel-foundation

Conversation

@viyatb-oai

@viyatb-oai viyatb-oai commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Why

The harness and exec-server need endpoint-authenticated encryption across a rendezvous relay that must not see or modify JSON-RPC plaintext. This first layer introduces the cryptographic identity and handshake foundation without changing any runtime connection path.

What changes

  • Adds the Clatter hybrid-IK dependency and an AWS-LC ML-KEM-768 adapter.
  • Introduces strongly typed Noise channel identities and public keys.
  • Validates the declared suite, canonical key encoding, and exact X25519 and ML-KEM key lengths.
  • Adds focused crypto-wrapper tests.
  • Configures BLAKE3 intrinsics for the Windows GNU Bazel target so the new dependency graph links in cross-platform CI.

This PR is independently landable and does not activate Noise in exec-server.

Stack

  1. #26239 - channel foundation
  2. #26242 - relay and provider transport
  3. #26245 - remote activation, hardening, and E2E

This was referenced Jun 3, 2026
Closed
Merged
Draft
Merged
Closed
Draft
Closed
Closed
Closed
Closed
Closed
@viyatb-oai viyatb-oai force-pushed the codex/viyatb/noise-channel-foundation branch from 17b3277 to c3373c7 Compare June 4, 2026 00:41
@viyatb-oai viyatb-oai mentioned this pull request Jun 4, 2026
Closed
viyatb-oai added 2 commits June 9, 2026 15:17
@viyatb-oai
feat: add Noise channel foundation
df0bd43 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai
refactor: keep Noise foundation independently usable
fd62a24 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai viyatb-oai force-pushed the codex/viyatb/noise-channel-foundation branch from c3373c7 to fd62a24 Compare June 9, 2026 22:21
@viyatb-oai
fix: use BLAKE3 intrinsics for Windows Bazel
1ec9593 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai viyatb-oai changed the title exec-server: Noise channel foundation exec-server: add Noise channel foundation Jun 10, 2026
viyatb-oai and others added 6 commits June 10, 2026 09:35
@viyatb-oai @codex
refactor(exec-server): validate Noise keys at use
29b362f 
Co-authored-by: Codex <noreply@openai.com>
@viyatb-oai
fix(exec-server): keep Noise foundation self-contained
5bd2787 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai
fix(exec-server): retain Clatter byte array trait
3088d8f 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai
docs(exec-server): explain Noise channel flow
b227892 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai
docs(exec-server): tighten Noise comments
0282030 
Co-authored-by: Codex noreply@openai.com
@viyatb-oai
docs(exec-server): use direct Noise comments
3471354 
Co-authored-by: Codex noreply@openai.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viyatb-oai