Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions .github/workflows/_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,15 @@ on:
description: 'Version string (e.g. v0.8.0)'
type: string
default: ''
attest:
description: 'Generate build provenance attestations for release artifacts'
type: boolean
default: false

permissions:
contents: read
id-token: write
attestations: write

jobs:
build-unix:
Expand Down Expand Up @@ -83,6 +89,12 @@ jobs:
tar -czf "codebase-memory-mcp-${GOOS}-${GOARCH}.tar.gz" \
-C build/c codebase-memory-mcp LICENSE install.sh THIRD_PARTY_NOTICES.md

- name: Attest standard binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz

- name: Build UI binary
env:
VERSION: ${{ inputs.version }}
Expand Down Expand Up @@ -113,6 +125,12 @@ jobs:
tar -czf "codebase-memory-mcp-ui-${GOOS}-${GOARCH}.tar.gz" \
-C build/c codebase-memory-mcp LICENSE install.sh THIRD_PARTY_NOTICES.md

- name: Attest UI binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-ui-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz

- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: binaries-${{ matrix.goos }}-${{ matrix.goarch }}
Expand Down Expand Up @@ -158,6 +176,12 @@ jobs:
scripts/gen-third-party-notices.sh THIRD_PARTY_NOTICES.md
zip codebase-memory-mcp-windows-amd64.zip codebase-memory-mcp.exe LICENSE install.ps1 THIRD_PARTY_NOTICES.md

- name: Attest standard binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-windows-amd64.zip

- name: Build UI binary
shell: msys2 {0}
env:
Expand All @@ -178,6 +202,12 @@ jobs:
scripts/gen-third-party-notices.sh THIRD_PARTY_NOTICES.md
zip codebase-memory-mcp-ui-windows-amd64.zip codebase-memory-mcp.exe LICENSE install.ps1 THIRD_PARTY_NOTICES.md

- name: Attest UI binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-ui-windows-amd64.zip

- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: binaries-windows-amd64
Expand Down Expand Up @@ -227,6 +257,12 @@ jobs:
scripts/gen-third-party-notices.sh THIRD_PARTY_NOTICES.md
zip codebase-memory-mcp-windows-arm64.zip codebase-memory-mcp.exe LICENSE install.ps1 THIRD_PARTY_NOTICES.md

- name: Attest standard binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-windows-arm64.zip

- name: Build UI binary
shell: msys2 {0}
env:
Expand All @@ -247,6 +283,12 @@ jobs:
scripts/gen-third-party-notices.sh THIRD_PARTY_NOTICES.md
zip codebase-memory-mcp-ui-windows-arm64.zip codebase-memory-mcp.exe LICENSE install.ps1 THIRD_PARTY_NOTICES.md

- name: Attest UI binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-ui-windows-arm64.zip

- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: binaries-windows-arm64
Expand Down Expand Up @@ -299,6 +341,12 @@ jobs:
tar -czf "codebase-memory-mcp-linux-${ARCH}-portable.tar.gz" \
-C build/c codebase-memory-mcp LICENSE install.sh THIRD_PARTY_NOTICES.md

- name: Attest standard binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-linux-${{ matrix.arch }}-portable.tar.gz

- name: Build UI binary (static)
env:
VERSION: ${{ inputs.version }}
Expand All @@ -318,6 +366,12 @@ jobs:
tar -czf "codebase-memory-mcp-ui-linux-${ARCH}-portable.tar.gz" \
-C build/c codebase-memory-mcp LICENSE install.sh THIRD_PARTY_NOTICES.md

- name: Attest UI binary provenance
if: ${{ inputs.attest }}
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: codebase-memory-mcp-ui-linux-${{ matrix.arch }}-portable.tar.gz

- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: binaries-linux-${{ matrix.arch }}-portable
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/dry-run.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,13 @@ jobs:
build:
if: ${{ inputs.skip_builds != true && !cancelled() && (needs.test.result == 'success' || needs.test.result == 'skipped') }}
needs: [test]
permissions:
contents: read
id-token: write
attestations: write
uses: ./.github/workflows/_build.yml
with:
attest: false

# ── Smoke test every binary ────────────────────────────────────
# Run unless builds were skipped or a build leg FAILED. Every build leg
Expand Down
9 changes: 7 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,14 @@ jobs:
# ── 3. Build all platforms ──────────────────────────────────────
build:
needs: [test]
permissions:
contents: read
id-token: write
attestations: write
uses: ./.github/workflows/_build.yml
with:
version: ${{ inputs.version }}
attest: true

# ── 4. Smoke test every binary ──────────────────────────────────
smoke:
Expand Down Expand Up @@ -99,10 +104,10 @@ jobs:
- name: Generate checksums
run: sha256sum *.tar.gz *.zip > checksums.txt

- name: Attest build provenance
- name: Attest checksum provenance
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
with:
subject-path: '*.tar.gz,*.zip,checksums.txt'
subject-path: checksums.txt

- name: Generate SBOM
run: |
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,7 @@ internal/cbm/ Vendored tree-sitter grammars (158 languages) + AST extrac
Every release binary is verified through a multi-layer pipeline before publication:

- **VirusTotal** — all binaries scanned by 70+ antivirus engines (zero detections required to publish)
- **SLSA Level 3** — cryptographic build provenance generated by GitHub Actions; verify with `gh attestation verify <file> --repo DeusData/codebase-memory-mcp`
- **SLSA Level 3** — cryptographic build provenance generated by the trusted GitHub Actions build workflow; verify with `gh attestation verify <file> --repo DeusData/codebase-memory-mcp --signer-workflow DeusData/codebase-memory-mcp/.github/workflows/_build.yml`
- **Sigstore cosign** — keyless signatures on all artifacts; bundles included in every release
- **SHA-256 checksums** — `checksums.txt` published with every release; verified by both install scripts before extraction
- **CodeQL SAST** — blocks release pipeline if any open alerts remain
Expand Down
20 changes: 15 additions & 5 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

codebase-memory-mcp interacts deeply with your filesystem. It reads source files across your entire codebase, writes to agent configuration files, and spawns background processes. This is inherent to what it does — not a bug.

**If you are uncomfortable with these access patterns**, please audit the source code before running. The full source is available in this repository. Every release binary is reproducibly built from this source and can be independently verified via SLSA provenance, Sigstore signatures, and SHA-256 checksums (see [Verification](#verification) below).
**If you are uncomfortable with these access patterns**, please audit the source code before running. The full source is available in this repository. Release binaries produced by the current release pipeline are verifiably built from this source and can be independently verified via SLSA Build Level 3 provenance, Sigstore signatures, and SHA-256 checksums (see [Verification](#verification) below).

We are humans and can make mistakes. We take security seriously — it is Priority #1 for this project — but we cannot guarantee perfection. By using this software you accept responsibility for evaluating whether it meets your own security requirements.

Expand Down Expand Up @@ -122,13 +122,21 @@ This project implements multiple layers of security verification. Every release

Releases are created as **drafts** (invisible to users) and only published after all verification passes:

1. **SLSA build provenance** — cryptographic attestation proving each binary was built by GitHub Actions from this repository
1. **SLSA Build Level 3 provenance for release binaries** — cryptographic attestation generated inside the trusted GitHub Actions build workflow immediately after each release archive is produced
2. **Sigstore cosign signing** — keyless digital signatures verifiable by anyone
3. **SBOM** — Software Bill of Materials (CycloneDX) listing all vendored dependencies
3. **SBOM** — Software Bill of Materials (SPDX) listing all vendored dependencies
4. **SHA-256 checksums** — published with every release
5. **VirusTotal scanning** — all binaries scanned by 70+ antivirus engines (zero-tolerance: any detection blocks the release)
6. **OpenSSF Scorecard** — repository security health score

Scope of the SLSA claim: this is a build provenance claim for release
artifacts. It proves the attested archive was produced by the repository's
trusted GitHub-hosted build workflow from repository source. It is not
third-party certification, it is not retroactive to older releases, and it does
not mean the source code is vulnerability-free or that maintainers cannot change
source. Consumers should verify the signer workflow, not only repository
ownership.

If ANY antivirus engine flags ANY binary, the release stays as a draft and is not published until the issue is investigated and resolved.

### Code-Level Defenses
Expand All @@ -145,8 +153,10 @@ If ANY antivirus engine flags ANY binary, the release stays as a draft and is no
Users can independently verify any release binary:

```bash
# SLSA provenance (proves binary came from this repo's CI)
gh attestation verify <downloaded-file> --repo DeusData/codebase-memory-mcp
# SLSA Build Level 3 provenance for release binaries
gh attestation verify <downloaded-file> \
--repo DeusData/codebase-memory-mcp \
--signer-workflow DeusData/codebase-memory-mcp/.github/workflows/_build.yml

# Sigstore cosign (keyless signature)
cosign verify-blob --bundle <file>.bundle <file>
Expand Down
Loading