e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
13 lines
575 B
Python
13 lines
575 B
Python
# This file MUST NOT contain anything but the __version__ assignment.
|
|
#
|
|
# When making a release, change the value of __version__
|
|
# to an appropriate value, and open a pull request against
|
|
# the correct branch (master if making a new feature release).
|
|
# The commit message MUST contain a properly formatted release
|
|
# log, and the commit must be signed.
|
|
#
|
|
# The release automation will: build and test the packages for the
|
|
# supported platforms, publish the packages on PyPI, merge the PR
|
|
# to the target branch, create a Git tag pointing to the commit.
|
|
|
|
__version__ = '0.7.1'
|