Customs

Install Gate Evidence

Operational evidence for the Customs install gate. Customs blocks poisoned package lifecycle hooks before they run and emits an offline-verifiable Ed25519 receipt. This page reflects a controlled-fixture verification path, not production package traffic.

Install decision deny poisoned_postinstall_detected
Lifecycle execution false postinstall marker did not appear
Receipt verification ok trusted public key required
Scope boundary install runtime import gate is not claimed

Red-team replay

Attack Corpus

4 cases
P1
Clinejection-style postinstall RCE

Control install executes the marker. Customs stages with ignore-scripts, denies, and writes a receipt.

blocked
P2
Nx telemetry-style secret scan

Poisoned postinstall scanner is denied before it can inspect the environment.

blocked
B1
Hook-alias lifecycle payload

preinstall and prepare aliases are treated as denied lifecycle surface.

blocked
B5
Import-time payload

Recorded as a scope gap. No install lifecycle hook means Customs does not claim runtime blocking yet.

gap

Verification path

Verification Runbook

offline verifiable 
npm run release:smoke
npm run customs:verify-receipt -- artifacts/poisoned-install-receipt.json --trusted-public-key artifacts/customs-issuer-public.jwk.json

The controlled test package writes POSTINSTALL_RAN.txt only if its lifecycle script executes. A passing Customs run denies the install, keeps the marker absent, writes the receipt, and verifies it against an out-of-band trusted public key.

Product claim: Customs gates install-lifecycle execution and blocks Clinejection/Nx-style poisoned lifecycle hooks before they run.

Release evidence

Current Main

green
Branch main
Merge 8251d29
CI success
Release YAML parse fixed