Back to skills
SkillHub ClubRun DevOpsFull StackSecurity
signal-isolated-auth
Imported from https://github.com/plurigrid/asi.
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Stars
10
Hot score
84
Updated
March 20, 2026
Overall rating
C3.8
Composite score
3.8
Best-practice grade
B84.0
Install command
npx @skill-hub/cli install plurigrid-asi-signal-isolated-auth
Repository
plurigrid/asi
Skill path: skills/signal-isolated-auth
Imported from https://github.com/plurigrid/asi.
Open repositoryBest for
Primary workflow: Run DevOps.
Technical facets: Full Stack, Security.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: plurigrid.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install signal-isolated-auth into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/plurigrid/asi before adding signal-isolated-auth to shared team environments
- Use signal-isolated-auth for development workflows
Works across
Claude CodeCodex CLIGemini CLIOpenCode
Favorites: 0.
Sub-skills: 0.
Aggregator: No.
Original source / Raw SKILL.md
---
name: signal-isolated-auth
description: Maximally isolated Signal authentication via colored operad security boundaries. VM→Container→Process enclosure with GF(3) conservation for Agent-O-Rama pathways.
version: 1.0.0
---
# Signal Isolated Authentication
## Overview
Maximally isolated Signal client authentication using **colored operad security boundaries**. Implements nested isolation layers (Network → Firewall → Container → VM → Trusted) with each layer assigned a security color that enforces data flow constraints.
```
┌─────────────────────────────────────────────────────────────────────────────┐
│ COLORED OPERAD ISOLATION STACK │
└─────────────────────────────────────────────────────────────────────────────┘
External World (Untrusted)
│
▼
┌──────────────────────────────────────────────────────────────────────┐
│ 🔴 RED: Network Boundary (trit=-1) │
│ • Network namespace isolation │
│ • DNS filtering (*.signal.org only) │
│ • Firewall: outbound-only, ports 443/80 │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ 🟡 YELLOW: Container Boundary (trit=-1) │ │
│ │ • Podman/Docker rootless │ │
│ │ • --privileged=false, --read-only │ │
│ │ • Seccomp profile, AppArmor/SELinux │ │
│ │ • CAP_DROP=ALL, CAP_ADD=NET_RAW │ │
│ │ ┌──────────────────────────────────────────────────────────┐ │ │
│ │ │ 🟢 GREEN: VM Boundary (trit=0) │ │ │
│ │ │ • Firecracker microVM │ │ │
│ │ │ • 1 vCPU, 512MB RAM │ │ │
│ │ │ • Minimal kernel, read-only rootfs │ │ │
│ │ │ ┌────────────────────────────────────────────────────┐ │ │ │
│ │ │ │ 🔵 BLUE: Trusted Core (trit=+1) │ │ │ │
│ │ │ │ • Signal CLI process │ │ │ │
│ │ │ │ • Key material in memory-encrypted enclave │ │ │ │
│ │ │ │ • Attestation verification │ │ │ │
│ │ │ └────────────────────────────────────────────────────┘ │ │ │
│ │ └──────────────────────────────────────────────────────────┘ │ │
│ └────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────┘
```
## GF(3) Conservation
```
RED(-1) ⊗ YELLOW(-1) ⊗ GREEN(0) ⊗ BLUE(+1) = -1
To balance: Add dynamic-sufficiency(-1) + skill-dispatch(0) + signal-messaging(+1)
Full triad: (-1) + (-1) + (0) + (+1) + (-1) + (0) + (+1) = -1 + 1 = 0 ✓
```
| Role | Skill/Layer | Trit | Function |
|------|-------------|------|----------|
| **MINUS** (-1) | signal-isolated-auth | -1 | **THIS SKILL** - validates enclosure |
| **MINUS** (-1) | Network + Container | -2 | External constraints |
| **ERGODIC** (0) | VM boundary | 0 | Coordination layer |
| **PLUS** (+1) | Trusted core | +1 | Key generation |
## Supported Signal Clients
| Client | Technology | Status | Notes |
|--------|------------|--------|-------|
| **signal-cli** | Java | ✅ Primary | Full protocol support |
| **presage** | Rust | ✅ Supported | Modern, performant |
| **whisperfish** | Rust/QML | ⚠️ Experimental | Sailfish OS focused |
| **libsignal** | Rust | ⚠️ Library | Requires wrapper |
## Security Color Rules
### Color Flow Constraint
Data can only flow **INWARD** (less trusted → more trusted):
```
RED → YELLOW → GREEN → BLUE ✓
BLUE → RED ✗ (security violation)
```
### Color-to-Trit Mapping
| Color | Trust Level | Trit | Meaning |
|-------|-------------|------|---------|
| 🔴 RED | 1 (lowest) | -1 | External constraint |
| 🟡 YELLOW | 2 | -1 | Container constraint |
| 🟢 GREEN | 3 | 0 | Boundary coordination |
| 🔵 BLUE | 4 (highest) | +1 | Trusted generation |
## Usage
### Python API
```python
from signal_isolation_manager import (
SignalIsolationManager,
SignalClientType,
build_agentorama_signal_pathway,
)
# Build maximally isolated pathway
pathway = build_agentorama_signal_pathway(
name="agent-signal-secure",
client_type=SignalClientType.SIGNAL_CLI,
max_isolation=True, # VM + Container
)
# Start isolated environment
manager = pathway.isolation_manager
await manager.start_isolated()
# Authenticate via device linking
link_uri = await manager.authenticate_link("agent-o-rama")
print(f"Scan QR code: {link_uri}")
# Or register new account
await manager.authenticate_register("+1234567890")
await manager.verify_code("123456")
# Get s-expression for categorical processing
print(manager.get_enclosure_sexp())
```
### Julia API (WorldColoredOperads)
```julia
using Gay.WorldColoredOperads
# Build Signal-specific enclosure
enclosure = world_signal_enclosure(:signal_cli; seed=0xE12A4E)
# Verify security properties
result = verify_enclosure(enclosure)
println("Security score: ", result.security_score)
println("GF(3) balanced: ", result.gf3_balanced)
println("Color chain: ", result.color_chain)
# Output as s-expression
println(to_sexp(enclosure))
```
### CLI Usage
```bash
# Start Signal in maximum isolation
python signal_isolation_manager.py
# With specific client
python -c "
import asyncio
from signal_isolation_manager import *
async def main():
manager = SignalIsolationManager(
client_type=SignalClientType.PRESAGE,
use_vm=True,
use_container=True,
)
manager.build_enclosure('+1234567890')
await manager.start_isolated()
link = await manager.authenticate_link('my-agent')
print(link)
asyncio.run(main())
"
```
## S-Expression Output
All authentication events emit s-expressions for categorical processing:
```lisp
(signal-auth-event
:type :device-link
:device-name "agent-o-rama"
:enclosure-fingerprint "a3b7c9d1e5f2"
:link-uri "sgnl://linkdevice?uuid=agent-a3b7c9d1&pub_key=..."
:timestamp 1735689600
:color-chain (:red :yellow :green :blue))
(isolation-enclosure
:target "signal_signal-cli"
:client "signal-cli"
:fingerprint "a3b7c9d1e5f2"
:gf3-sum -1
:gf3-balanced nil
:valid t
:security-score 100
:color-chain (:red :yellow :green :blue)
:layers (
(layer :name "network_isolation" :color :red :tech :network :trit -1)
(layer :name "firewall_rules" :color :red :tech :firewall :trit -1)
(layer :name "container_boundary" :color :yellow :tech :container :trit -1)
(layer :name "vm_boundary" :color :green :tech :firecracker :trit 0)
(layer :name "trusted_signal_process" :color :blue :tech :enclave :trit 1)
))
```
## Isolation Technologies
### Firecracker microVM (Recommended)
```yaml
vm:
type: firecracker
vcpus: 1
memory_mb: 512
kernel: vmlinux-5.10-signal
rootfs: signal-rootfs.ext4
boot_args: "console=ttyS0 reboot=k panic=1 pci=off"
jailer:
uid: 1000
gid: 1000
chroot: /srv/jailer/signal
```
### Container (Podman Rootless)
```bash
podman run \
--rm \
--read-only \
--security-opt no-new-privileges \
--cap-drop=ALL \
--cap-add=NET_RAW \
--network=slirp4netns \
-v /path/to/data:/data:rw \
signal-cli-isolated:latest \
daemon --json
```
### Firejail (Alternative)
```bash
firejail \
--private=/tmp/signal-sandbox \
--net=none \
--seccomp \
--noroot \
signal-cli daemon
```
## Agent-O-Rama Integration
This skill provides a **pathway** for Agent-O-Rama's Signal communication:
```python
from signal_isolation_manager import AgentOramaPathway
# Pathway carries color attributes for all components
pathway = AgentOramaPathway(
name="signal-isolated",
isolation_manager=manager,
color_attributes={
"ingress": SecurityColor.RED, # Network input
"processing": SecurityColor.YELLOW, # Container work
"verification": SecurityColor.GREEN, # VM attestation
"execution": SecurityColor.BLUE, # Trusted action
}
)
# GF(3) conservation across pathway
print(f"Pathway trit sum: {pathway.trit_sum}")
```
## Required Skills (Dependency Triad)
| Skill | Trit | Status | Purpose |
|-------|------|--------|---------|
| signal-isolated-auth | -1 | ✅ THIS | Isolation boundary |
| dynamic-sufficiency | -1 | ✅ Have | ε-machine gating |
| signal-messaging | 0 | ✅ Have | Message transport |
| gay-mcp | +1 | ✅ Have | Color generation |
## Files
| File | Purpose |
|------|---------|
| `signal_isolation_manager.py` | Main isolation orchestrator |
| `Gay.jl/src/world_colored_operads.jl` | Julia security model |
| `configs/signal_seccomp.json` | Seccomp profile |
| `configs/firecracker_signal.json` | Firecracker config |
## Security Considerations
1. **Key Material**: Never leaves BLUE boundary
2. **Network**: Egress-only to *.signal.org
3. **Persistence**: Data encrypted at rest in dedicated volume
4. **Attestation**: VM and enclave verified before key operations
5. **Least Privilege**: CAP_DROP=ALL, minimal syscalls
## Related Skills
- `dynamic-sufficiency` - ε-machine gating for skill coverage
- `signal-messaging` - Message send/receive (requires auth)
- `gay-mcp` - Deterministic color generation
- `livekit-omnimodal` - Real-time coaching integration
- `blackhat-go` - Adversarial security analysis