Skip to content

Fail closed on identity registry load errors#81

Merged
coreytshaffer merged 1 commit into
mainfrom
cr-097-identity-registry-load-fail-closed
Jul 3, 2026
Merged

Fail closed on identity registry load errors#81
coreytshaffer merged 1 commit into
mainfrom
cr-097-identity-registry-load-fail-closed

Conversation

@coreytshaffer

Copy link
Copy Markdown
Owner

Summary

Implements CR-097: Fail-Closed Identity Registry Load Handling.

This hardens identity registry load failures in reviewer-facing CLI paths so malformed, unreadable, or invalid .triagecore/identity/agents.json state produces bounded registry_load_failed output instead of an unhandled traceback.

Scope

  • Normalizes identity registry load failures into typed identity errors.
  • Adds bounded CLI failure output with static categories:
    • malformed_registry
    • invalid_identity_record
    • unreadable_registry
  • Guards:
    • tc identity list
    • tc audit --verify-signatures
    • tc audit --signed-smoke-test
    • tc audit --signed-route-decision-smoke-test
  • Preserves missing-registry empty-state behavior.
  • Does not change signing, routing, authority semantics, manifest loading, execution behavior, or historical ledger records.

Validation

  • pytest tests/test_cr_097_identity_registry_load.py -q: 8 passed
  • Focused suite: 108 passed
  • Full regression before commit: 710 passed, 2 skipped
  • tc doctor: Overall OK

@coreytshaffer coreytshaffer merged commit 45406c7 into main Jul 3, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant