build: add capsec capability-security tokens to CLI and infra adapters

Cargo.toml

@@ -47,6 +47,8 @@ subtle = "2.6"
 zeroize = { version = "1.8.1", features = ["serde", "derive"] }
 # Exact pin: canonicalization changes silently break all existing attestation signatures.
 json-canon = "=0.1.3"
+# Exact pin: pre-1.0 capability API — pin to avoid silent breaking changes.
+capsec = { version = "=0.1.6", features = ["tokio"] }
 
 auths-core = { path = "crates/auths-core", version = "0.0.1-rc.4" }
 auths-id = { path = "crates/auths-id", version = "0.0.1-rc.4" }

crates/auths-cli/Cargo.toml

@@ -72,6 +72,7 @@ url = "2.5"
 which = "8.0.0"
 open = "5"
 indicatif = "0.18.4"
+capsec.workspace = true
 
 # LAN pairing (optional, default-on)
 auths-pairing-daemon = { workspace = true, optional = true }

crates/auths-cli/src/adapters/config_store.rs

@@ -3,32 +3,58 @@
 use std::path::Path;
 
 use auths_core::ports::config_store::{ConfigStore, ConfigStoreError};
+use capsec::SendCap;
 
 /// Reads and writes config files from the local filesystem.
-pub struct FileConfigStore;
+pub struct FileConfigStore {
+    _fs_read: SendCap<capsec::FsRead>,
+    fs_write: SendCap<capsec::FsWrite>,
+}
+
+impl FileConfigStore {
+    pub fn new(fs_read: SendCap<capsec::FsRead>, fs_write: SendCap<capsec::FsWrite>) -> Self {
+        Self {
+            _fs_read: fs_read,
+            fs_write,
+        }
+    }
+}
 
 impl ConfigStore for FileConfigStore {
     fn read(&self, path: &Path) -> Result<Option<String>, ConfigStoreError> {
-        match std::fs::read_to_string(path) {
+        match capsec::fs::read_to_string(path, &self._fs_read) {
             Ok(content) => Ok(Some(content)),
-            Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(None),
+            Err(capsec::CapSecError::Io(ref io_err))
+                if io_err.kind() == std::io::ErrorKind::NotFound =>
+            {
+                Ok(None)
+            }
             Err(e) => Err(ConfigStoreError::Read {
                 path: path.to_path_buf(),
-                source: e,
+                source: capsec_to_io(e),
             }),
         }
     }
 
     fn write(&self, path: &Path, content: &str) -> Result<(), ConfigStoreError> {
         if let Some(parent) = path.parent() {
-            std::fs::create_dir_all(parent).map_err(|e| ConfigStoreError::Write {
-                path: path.to_path_buf(),
-                source: e,
+            capsec::fs::create_dir_all(parent, &self.fs_write).map_err(|e| {
+                ConfigStoreError::Write {
+                    path: path.to_path_buf(),
+                    source: capsec_to_io(e),
+                }
             })?;
         }
-        std::fs::write(path, content).map_err(|e| ConfigStoreError::Write {
+        capsec::fs::write(path, content, &self.fs_write).map_err(|e| ConfigStoreError::Write {
             path: path.to_path_buf(),
-            source: e,
+            source: capsec_to_io(e),
         })
     }
 }
+
+fn capsec_to_io(e: capsec::CapSecError) -> std::io::Error {
+    match e {
+        capsec::CapSecError::Io(io) => io,
+        other => std::io::Error::other(other.to_string()),
+    }
+}

crates/auths-cli/src/adapters/git_config.rs

@@ -1,40 +1,48 @@
+use capsec::SendCap;
 use std::path::PathBuf;
 
 use auths_sdk::ports::git_config::{GitConfigError, GitConfigProvider};
 
 /// System adapter for git signing configuration.
 ///
 /// Runs `git config <scope> <key> <value>` via `std::process::Command`.
-/// Construct with `SystemGitConfigProvider::global()` or
-/// `SystemGitConfigProvider::local(repo_path)`.
+/// Holds a `SendCap<Spawn>` to document subprocess execution.
 ///
 /// Usage:
 /// ```ignore
-/// let provider = SystemGitConfigProvider::global();
+/// let cap_root = capsec::test_root();
+/// let provider = SystemGitConfigProvider::global(cap_root.spawn().make_send());
 /// provider.set("gpg.format", "ssh")?;
 /// ```
 pub struct SystemGitConfigProvider {
     scope_flag: &'static str,
     working_dir: Option<PathBuf>,
+    _spawn_cap: SendCap<capsec::Spawn>,
 }
 
 impl SystemGitConfigProvider {
     /// Creates a provider that sets git config in global scope.
-    pub fn global() -> Self {
+    ///
+    /// Args:
+    /// * `spawn_cap`: Capability token proving the caller has subprocess execution permission.
+    pub fn global(spawn_cap: SendCap<capsec::Spawn>) -> Self {
         Self {
             scope_flag: "--global",
             working_dir: None,
+            _spawn_cap: spawn_cap,
         }
     }
 
     /// Creates a provider that sets git config in local scope for the given repo.
     ///
     /// Args:
     /// * `repo_path`: Path to the git repository to configure.
-    pub fn local(repo_path: PathBuf) -> Self {
+    /// * `spawn_cap`: Capability token proving the caller has subprocess execution permission.
+    pub fn local(repo_path: PathBuf, spawn_cap: SendCap<capsec::Spawn>) -> Self {
         Self {
             scope_flag: "--local",
             working_dir: Some(repo_path),
+            _spawn_cap: spawn_cap,
         }
     }
 }

crates/auths-cli/src/adapters/local_file.rs

@@ -1,6 +1,7 @@
 //! Local filesystem artifact adapter.
 
 use auths_sdk::ports::artifact::{ArtifactDigest, ArtifactError, ArtifactMetadata, ArtifactSource};
+use capsec::SendCap;
 use sha2::{Digest, Sha256};
 use std::io::Read;
 use std::path::{Path, PathBuf};
@@ -9,16 +10,21 @@ use std::path::{Path, PathBuf};
 ///
 /// Usage:
 /// ```ignore
-/// let artifact = LocalFileArtifact::new("path/to/file.tar.gz");
+/// let cap_root = capsec::test_root();
+/// let artifact = LocalFileArtifact::new("path/to/file.tar.gz", cap_root.fs_read().make_send());
 /// let digest = artifact.digest()?;
 /// ```
 pub struct LocalFileArtifact {
     path: PathBuf,
+    fs_read: SendCap<capsec::FsRead>,
 }
 
 impl LocalFileArtifact {
-    pub fn new(path: impl Into<PathBuf>) -> Self {
-        Self { path: path.into() }
+    pub fn new(path: impl Into<PathBuf>, fs_read: SendCap<capsec::FsRead>) -> Self {
+        Self {
+            path: path.into(),
+            fs_read,
+        }
     }
 
     pub fn path(&self) -> &Path {
@@ -28,7 +34,7 @@ impl LocalFileArtifact {
 
 impl ArtifactSource for LocalFileArtifact {
     fn digest(&self) -> Result<ArtifactDigest, ArtifactError> {
-        let mut file = std::fs::File::open(&self.path)
+        let mut file = capsec::fs::open(&self.path, &self.fs_read)
             .map_err(|e| ArtifactError::Io(format!("{}: {}", self.path.display(), e)))?;
 
         let mut hasher = Sha256::new();
@@ -52,7 +58,7 @@ impl ArtifactSource for LocalFileArtifact {
 
     fn metadata(&self) -> Result<ArtifactMetadata, ArtifactError> {
         let digest = self.digest()?;
-        let file_meta = std::fs::metadata(&self.path)
+        let file_meta = capsec::fs::metadata(&self.path, &self.fs_read)
             .map_err(|e| ArtifactError::Metadata(format!("{}: {}", self.path.display(), e)))?;
 
         Ok(ArtifactMetadata {

crates/auths-cli/src/bin/sign.rs

@@ -39,6 +39,7 @@ use auths_core::storage::passphrase_cache::{get_passphrase_cache, parse_duration
 use auths_sdk::workflows::signing::{
     CommitSigningContext, CommitSigningParams, CommitSigningWorkflow,
 };
+use capsec::SendCap;
 
 /// Auths SSH signing program for Git integration.
 ///
@@ -125,7 +126,11 @@ fn parse_key_identifier(key_file: &str) -> Result<String> {
     }
 }
 
-fn build_signing_context(alias: &str) -> Result<CommitSigningContext> {
+fn build_signing_context(
+    alias: &str,
+    fs_read: SendCap<capsec::FsRead>,
+    fs_write: SendCap<capsec::FsWrite>,
+) -> Result<CommitSigningContext> {
     let env_config = EnvironmentConfig::from_env();
 
     let keychain =
@@ -135,7 +140,8 @@ fn build_signing_context(alias: &str) -> Result<CommitSigningContext> {
         if let Some(passphrase) = env_config.keychain.passphrase.clone() {
             Arc::new(auths_core::PrefilledPassphraseProvider::new(&passphrase))
         } else {
-            let config = load_config(&FileConfigStore);
+            let store = FileConfigStore::new(fs_read, fs_write);
+            let config = load_config(&store);
             let cache = get_passphrase_cache(config.passphrase.biometric);
             let ttl_secs = config
                 .passphrase
@@ -260,6 +266,8 @@ fn run_delegate_to_ssh_keygen(args: &Args) -> Result<()> {
 }
 
 fn run_sign(args: &Args) -> Result<()> {
+    let cap_root = capsec::root();
+
     let file_arg = args
         .file_arg
         .as_deref()
@@ -279,7 +287,11 @@ fn run_sign(args: &Args) -> Result<()> {
 
     let repo_path = auths_id::storage::layout::resolve_repo_path(None).ok();
 
-    let ctx = build_signing_context(&alias)?;
+    let ctx = build_signing_context(
+        &alias,
+        cap_root.fs_read().make_send(),
+        cap_root.fs_write().make_send(),
+    )?;
     let mut params = CommitSigningParams::new(&alias, namespace, data).with_pubkey(pubkey);
     if let Some(path) = repo_path {
         params = params.with_repo_path(path);