- Added kingfisher.temporal.1 rule for Temporal Cloud API keys (namespace-scoped and user-scoped JWT formats) with Temporal-specific pattern matching.

- Added Temporal Cloud active credential validation via GET https://saas-api.tmprl.cloud/cloud/current-identity using bearer auth, so Temporal keys validate against provider APIs instead of generic OIDC discovery. - Fixed JWT issuer normalization to treat bare host issuers (e.g. iss: temporal.io) as HTTPS URLs during discovery, avoiding low-level URL builder failures. - Added crates/kingfisher-rules/build.rs to ensure embedded rule assets rebuild when files under crates/kingfisher-rules/data change.
2026-02-11 23:33:35 -08:00 · 2026-02-11 23:33:35 -08:00 · 57845eebcd
commit 57845eebcd
parent ec44d9b60b
3 changed files with 43998 additions and 25576 deletions
--- a/2
+++ b/2
@ -198,4 +198,4 @@
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
--- a/44588
+++ b/44588
--- a/nextest.toml
+++ b/nextest.toml
@ -1,3 +1,3 @@
 [profile.default]
 # Hard limit: kill any single test that runs longer than 5 minutes
-test-timeout = "5m"
+test-timeout = "10m"