Skip to content

[ASI03] Task-scoped short-lived tokens per invocation — close ASI03 #1 #232

Description

@initializ-mk

Problem

Long-lived, caller-supplied tokens widen the window for identity abuse: a leaked token remains usable well beyond the task it was needed for.

Current state

Auth verifies a caller-supplied token via an external chain (FORGE_ORG_ID/X-Org-ID -> org_id; forge-cli/runtime/admission_loader.go:30,89, auth chain), with auth_verify/auth_fail audit events. But forge-core does not mint per-task, short-lived tokens; token lifetime is the caller's/IdP's concern. See docs/security/owasp-asi-conformance.md (ASI03 #1).

Proposed control

Integrate task-scoped token minting/exchange (Platform IdM) with a per-invocation TTL; forge-core threads and audits the token scope.

Acceptance criteria

  • A task-scoped token is bound to a single invocation and expires after it.
  • Token scope is audited.

Conformance test

TestASI03_TaskScopedTokenExpires (Platform xfail — token minting is Platform's lane; forge-core side is threading/audit).

Out of scope

Building the IdM/token-exchange service (Platform). Delegation-chain elevation detection (DEP-IAM).

Guideline reference

ASI03 mitigation #1 (OWASP Agentic Top 10 2026).

Metadata

Metadata

Assignees

No one assigned

    Labels

    asi03OWASP ASI03forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformanceplatformInitializ Platform (governance control plane) responsibilitysecuritySecurity vulnerability fixes

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions