signal-isolated-auth
Maximally isolated Signal authentication via colored operad security boundaries. VM→Container→Process enclosure with GF(3) conservation for Agent-O-Rama pathways.
Best use case
signal-isolated-auth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Maximally isolated Signal authentication via colored operad security boundaries. VM→Container→Process enclosure with GF(3) conservation for Agent-O-Rama pathways.
Teams using signal-isolated-auth should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/signal-isolated-auth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How signal-isolated-auth Compares
| Feature / Agent | signal-isolated-auth | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Maximally isolated Signal authentication via colored operad security boundaries. VM→Container→Process enclosure with GF(3) conservation for Agent-O-Rama pathways.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Signal Isolated Authentication
## Overview
Maximally isolated Signal client authentication using **colored operad security boundaries**. Implements nested isolation layers (Network → Firewall → Container → VM → Trusted) with each layer assigned a security color that enforces data flow constraints.
```
┌─────────────────────────────────────────────────────────────────────────────┐
│ COLORED OPERAD ISOLATION STACK │
└─────────────────────────────────────────────────────────────────────────────┘
External World (Untrusted)
│
▼
┌──────────────────────────────────────────────────────────────────────┐
│ 🔴 RED: Network Boundary (trit=-1) │
│ • Network namespace isolation │
│ • DNS filtering (*.signal.org only) │
│ • Firewall: outbound-only, ports 443/80 │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ 🟡 YELLOW: Container Boundary (trit=-1) │ │
│ │ • Podman/Docker rootless │ │
│ │ • --privileged=false, --read-only │ │
│ │ • Seccomp profile, AppArmor/SELinux │ │
│ │ • CAP_DROP=ALL, CAP_ADD=NET_RAW │ │
│ │ ┌──────────────────────────────────────────────────────────┐ │ │
│ │ │ 🟢 GREEN: VM Boundary (trit=0) │ │ │
│ │ │ • Firecracker microVM │ │ │
│ │ │ • 1 vCPU, 512MB RAM │ │ │
│ │ │ • Minimal kernel, read-only rootfs │ │ │
│ │ │ ┌────────────────────────────────────────────────────┐ │ │ │
│ │ │ │ 🔵 BLUE: Trusted Core (trit=+1) │ │ │ │
│ │ │ │ • Signal CLI process │ │ │ │
│ │ │ │ • Key material in memory-encrypted enclave │ │ │ │
│ │ │ │ • Attestation verification │ │ │ │
│ │ │ └────────────────────────────────────────────────────┘ │ │ │
│ │ └──────────────────────────────────────────────────────────┘ │ │
│ └────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────┘
```
## GF(3) Conservation
```
RED(-1) ⊗ YELLOW(-1) ⊗ GREEN(0) ⊗ BLUE(+1) = -1
To balance: Add dynamic-sufficiency(-1) + skill-dispatch(0) + signal-messaging(+1)
Full triad: (-1) + (-1) + (0) + (+1) + (-1) + (0) + (+1) = -1 + 1 = 0 ✓
```
| Role | Skill/Layer | Trit | Function |
|------|-------------|------|----------|
| **MINUS** (-1) | signal-isolated-auth | -1 | **THIS SKILL** - validates enclosure |
| **MINUS** (-1) | Network + Container | -2 | External constraints |
| **ERGODIC** (0) | VM boundary | 0 | Coordination layer |
| **PLUS** (+1) | Trusted core | +1 | Key generation |
## Supported Signal Clients
| Client | Technology | Status | Notes |
|--------|------------|--------|-------|
| **signal-cli** | Java | ✅ Primary | Full protocol support |
| **presage** | Rust | ✅ Supported | Modern, performant |
| **whisperfish** | Rust/QML | ⚠️ Experimental | Sailfish OS focused |
| **libsignal** | Rust | ⚠️ Library | Requires wrapper |
## Security Color Rules
### Color Flow Constraint
Data can only flow **INWARD** (less trusted → more trusted):
```
RED → YELLOW → GREEN → BLUE ✓
BLUE → RED ✗ (security violation)
```
### Color-to-Trit Mapping
| Color | Trust Level | Trit | Meaning |
|-------|-------------|------|---------|
| 🔴 RED | 1 (lowest) | -1 | External constraint |
| 🟡 YELLOW | 2 | -1 | Container constraint |
| 🟢 GREEN | 3 | 0 | Boundary coordination |
| 🔵 BLUE | 4 (highest) | +1 | Trusted generation |
## Usage
### Python API
```python
from signal_isolation_manager import (
SignalIsolationManager,
SignalClientType,
build_agentorama_signal_pathway,
)
# Build maximally isolated pathway
pathway = build_agentorama_signal_pathway(
name="agent-signal-secure",
client_type=SignalClientType.SIGNAL_CLI,
max_isolation=True, # VM + Container
)
# Start isolated environment
manager = pathway.isolation_manager
await manager.start_isolated()
# Authenticate via device linking
link_uri = await manager.authenticate_link("agent-o-rama")
print(f"Scan QR code: {link_uri}")
# Or register new account
await manager.authenticate_register("+1234567890")
await manager.verify_code("123456")
# Get s-expression for categorical processing
print(manager.get_enclosure_sexp())
```
### Julia API (WorldColoredOperads)
```julia
using Gay.WorldColoredOperads
# Build Signal-specific enclosure
enclosure = world_signal_enclosure(:signal_cli; seed=0xE12A4E)
# Verify security properties
result = verify_enclosure(enclosure)
println("Security score: ", result.security_score)
println("GF(3) balanced: ", result.gf3_balanced)
println("Color chain: ", result.color_chain)
# Output as s-expression
println(to_sexp(enclosure))
```
### CLI Usage
```bash
# Start Signal in maximum isolation
python signal_isolation_manager.py
# With specific client
python -c "
import asyncio
from signal_isolation_manager import *
async def main():
manager = SignalIsolationManager(
client_type=SignalClientType.PRESAGE,
use_vm=True,
use_container=True,
)
manager.build_enclosure('+1234567890')
await manager.start_isolated()
link = await manager.authenticate_link('my-agent')
print(link)
asyncio.run(main())
"
```
## S-Expression Output
All authentication events emit s-expressions for categorical processing:
```lisp
(signal-auth-event
:type :device-link
:device-name "agent-o-rama"
:enclosure-fingerprint "a3b7c9d1e5f2"
:link-uri "sgnl://linkdevice?uuid=agent-a3b7c9d1&pub_key=..."
:timestamp 1735689600
:color-chain (:red :yellow :green :blue))
(isolation-enclosure
:target "signal_signal-cli"
:client "signal-cli"
:fingerprint "a3b7c9d1e5f2"
:gf3-sum -1
:gf3-balanced nil
:valid t
:security-score 100
:color-chain (:red :yellow :green :blue)
:layers (
(layer :name "network_isolation" :color :red :tech :network :trit -1)
(layer :name "firewall_rules" :color :red :tech :firewall :trit -1)
(layer :name "container_boundary" :color :yellow :tech :container :trit -1)
(layer :name "vm_boundary" :color :green :tech :firecracker :trit 0)
(layer :name "trusted_signal_process" :color :blue :tech :enclave :trit 1)
))
```
## Isolation Technologies
### Firecracker microVM (Recommended)
```yaml
vm:
type: firecracker
vcpus: 1
memory_mb: 512
kernel: vmlinux-5.10-signal
rootfs: signal-rootfs.ext4
boot_args: "console=ttyS0 reboot=k panic=1 pci=off"
jailer:
uid: 1000
gid: 1000
chroot: /srv/jailer/signal
```
### Container (Podman Rootless)
```bash
podman run \
--rm \
--read-only \
--security-opt no-new-privileges \
--cap-drop=ALL \
--cap-add=NET_RAW \
--network=slirp4netns \
-v /path/to/data:/data:rw \
signal-cli-isolated:latest \
daemon --json
```
### Firejail (Alternative)
```bash
firejail \
--private=/tmp/signal-sandbox \
--net=none \
--seccomp \
--noroot \
signal-cli daemon
```
## Agent-O-Rama Integration
This skill provides a **pathway** for Agent-O-Rama's Signal communication:
```python
from signal_isolation_manager import AgentOramaPathway
# Pathway carries color attributes for all components
pathway = AgentOramaPathway(
name="signal-isolated",
isolation_manager=manager,
color_attributes={
"ingress": SecurityColor.RED, # Network input
"processing": SecurityColor.YELLOW, # Container work
"verification": SecurityColor.GREEN, # VM attestation
"execution": SecurityColor.BLUE, # Trusted action
}
)
# GF(3) conservation across pathway
print(f"Pathway trit sum: {pathway.trit_sum}")
```
## Required Skills (Dependency Triad)
| Skill | Trit | Status | Purpose |
|-------|------|--------|---------|
| signal-isolated-auth | -1 | ✅ THIS | Isolation boundary |
| dynamic-sufficiency | -1 | ✅ Have | ε-machine gating |
| signal-messaging | 0 | ✅ Have | Message transport |
| gay-mcp | +1 | ✅ Have | Color generation |
## Files
| File | Purpose |
|------|---------|
| `signal_isolation_manager.py` | Main isolation orchestrator |
| `Gay.jl/src/world_colored_operads.jl` | Julia security model |
| `configs/signal_seccomp.json` | Seccomp profile |
| `configs/firecracker_signal.json` | Firecracker config |
## Security Considerations
1. **Key Material**: Never leaves BLUE boundary
2. **Network**: Egress-only to *.signal.org
3. **Persistence**: Data encrypted at rest in dedicated volume
4. **Attestation**: VM and enclave verified before key operations
5. **Least Privilege**: CAP_DROP=ALL, minimal syscalls
## Related Skills
- `dynamic-sufficiency` - ε-machine gating for skill coverage
- `signal-messaging` - Message send/receive (requires auth)
- `gay-mcp` - Deterministic color generation
- `livekit-omnimodal` - Real-time coaching integration
- `blackhat-go` - Adversarial security analysisRelated Skills
testing-oauth2-implementation-flaws
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.
testing-mobile-api-authentication
Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.
testing-api-for-broken-object-level-authorization
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
testing-api-authentication-weaknesses
Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.
signal-messaging
Signal Protocol MCP server (Rust). 3 tools — encrypt, initialize_session, verify_safety_number. Bypass route when Beeper Desktop is down.
performing-oauth-scope-minimization-review
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.
performing-authenticated-vulnerability-scan
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett
performing-authenticated-scan-with-openvas
Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.
oauth-integrations
Implement OAuth 2.0 authentication with GitHub and Microsoft Entra (Azure AD) in Cloudflare Workers and other edge environments. Covers provider-specific quirks, required headers, scope requirements, and token handling without MSAL. Use when: implementing GitHub OAuth, Microsoft/Azure AD authentication, handling OAuth callbacks, or troubleshooting 403 errors in OAuth flows.
implementing-zero-knowledge-proof-for-authentication
Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati
implementing-passwordless-authentication-with-fido2
Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn API integration, FIDO2 server configuration, passkey enrollment, biometric authentica
implementing-passwordless-auth-with-microsoft-entra
Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for Business, Microsoft Authenticator passkeys, and certificate-based authentication to eliminate password-based attacks. Activates for requests involving passwordless deployment, FIDO2 passkey configuration, phishing-resistant MFA, or Microsoft Entra authentication method policies.