Category: spec-conformance Severity: blocker
Location: crates/arcp-runtime/src/runtime/server.rs:1194-1205
Spec: ARCP v1.1 §14
What
handle_subscribe accepts any filter and SubscriptionFilter::default() matches every envelope, so an authenticated client can subscribe without a session/job constraint and receive other sessions’ events. The security section requires same-principal scoping by default and explicit policy to broaden it.
Evidence
async fn handle_subscribe(
out: &mpsc::Sender<Envelope>,
manager: &SubscriptionManager,
connection_subs: &Arc<DashMap<SubscriptionId, JoinHandle<()>>>,
correlation_id: MessageId,
session_id: SessionId,
payload: SubscribePayload,
) {
let SubscribePayload { filter, since: _ } = payload;
// PLAN.md §A4.10 reserves richer authorisation; for v0.1 we accept
// any filter from an authenticated session.
let (subscription_id, mut rx) = manager.register(filter, session_id.clone());Proposed fix
Default generic subscriptions to the caller session/principal and reject filters that name other sessions/jobs unless an explicit authorization policy permits them.
Acceptance criteria
Category: spec-conformance Severity: blocker
Location:
crates/arcp-runtime/src/runtime/server.rs:1194-1205Spec: ARCP v1.1 §14
What
handle_subscribeaccepts any filter andSubscriptionFilter::default()matches every envelope, so an authenticated client can subscribe without a session/job constraint and receive other sessions’ events. The security section requires same-principal scoping by default and explicit policy to broaden it.Evidence
Proposed fix
Default generic subscriptions to the caller session/principal and reject filters that name other sessions/jobs unless an explicit authorization policy permits them.
Acceptance criteria
PERMISSION_DENIED.