feat(security): add FIPS 140-3 compliance support

[bsbodden]

Summary

Add FIPS 140-3 compliance support so AMS can be deployed on FIPS-enabled hosts (e.g., RHEL 9 in FIPS mode) for federal government and regulated-industry deployments requiring FedRAMP compliance.

Problem: The existing bcrypt token hashing uses the Blowfish cipher, which is not a FIPS-approved algorithm. Redis connections lack explicit TLS configuration knobs needed for FIPS-compliant data-in-transit.

Solution: Make AMS "FIPS-capable" — when deployed on a FIPS-enabled host with the FIPS Docker image, all cryptographic operations use FIPS-approved algorithms via the host's validated OpenSSL module.

Changes

• Configurable token hashing (auth.py, config.py): New TOKEN_HASH_ALGORITHM setting supporting hmac-sha256 (default), pbkdf2-sha256, and bcrypt. Existing bcrypt hashes auto-detected and verified for backward compatibility via hash prefix detection (hmac$, pbkdf2$, $2b$).
• Redis TLS configuration (config.py, utils/redis.py): New settings for REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE, REDIS_SSL_CERT_REQS, and REDIS_SSL_MIN_VERSION. TLS kwargs automatically applied when using rediss:// URLs or when CA certs are configured.
• FIPS diagnostics (fips.py, cli.py, healthcheck.py): New agent-memory fips-check CLI command and authenticated GET /v1/fips endpoint that report OpenSSL version, kernel FIPS mode, MD5 blocked status, configured token hash algorithm, Redis TLS status, and overall FIPS capability assessment.
• hashlib safety (utils/recency.py): Added usedforsecurity=False to SHA-256 calls used for deduplication (not security), preventing potential issues on strict FIPS OpenSSL configurations.
• FIPS Docker images (Dockerfile.fips): Multi-target Dockerfile with fips-ubi9 (Red Hat UBI 9) and fips-chainguard targets. Existing Dockerfile unchanged.
• cryptography bump (pyproject.toml): Minimum version raised to >=42.0.0 for proper OpenSSL 3.x FIPS provider support.

Crypto boundary coverage

Boundary	Algorithm	Status
Token hashing	HMAC-SHA256 / PBKDF2-SHA256	FIPS-approved
Memory dedup	SHA-256 (usedforsecurity=False)	FIPS-approved
JWT verification	RS256 via python-jose/cryptography	Already compliant
Random generation	secrets (OS CSPRNG)	Already compliant
Redis data-in-transit	TLS 1.2+ with configurable certs	Configurable

Backward compatibility

• Existing bcrypt token hashes continue to verify via automatic prefix detection
• Default algorithm changed to hmac-sha256 but bcrypt remains available
• No changes to existing Dockerfile or default non-FIPS deployment behavior
• All existing tests pass without modification

Test plan

• 24 new FIPS compliance tests (tests/test_fips_compliance.py)
• Updated token auth tests for new default hashing
• Full test suite: 727 passed, 0 failures
• Pre-commit (ruff, format, typos): all green
• Build Dockerfile.fips --target fips-ubi9 on FIPS-enabled host
• Verify GET /v1/fips endpoint returns correct diagnostics on FIPS host
• Verify agent-memory fips-check CLI output on FIPS host

---

Note

High Risk
Changes core token authentication hashing behavior (new default and new verification paths) and adds Redis TLS configuration, which can impact login validity and connectivity if misconfigured. Also introduces new FIPS diagnostic surfaces (CLI + authenticated API) that need to be reviewed for information exposure and operational expectations.

Overview
Adds a FIPS-capable deployment path by introducing Dockerfile.fips (UBI9 + Chainguard targets) and bumping cryptography to >=42.0.0 for OpenSSL 3.x/FIPS provider support.

Reworks token hashing to be configurable via settings.token_hash_algorithm with new FIPS-friendly schemes (hmac-sha256 default, pbkdf2-sha256, plus bcrypt), and updates verification to auto-detect hash formats by prefix for backward compatibility.

Adds Redis TLS knobs (redis_ssl_*) and applies them automatically in get_redis_conn() when using rediss:// or when CA certs are configured; also adds FIPS diagnostics via agent-memory fips-check and an authenticated GET /v1/fips endpoint, plus test coverage for hashing/TLS/diagnostics and usedforsecurity=False for SHA-256 used in non-security memory dedupe.

^{Written by Cursor Bugbot for commit 898fcc2. This will update automatically on new commits. Configure here.}

[github-actions]

FIPS compliance implementation looks solid overall with good test coverage and backward compatibility. A few security considerations identified below.

---

🤖 Automated review complete. Please react with 👍 or 👎 on the individual review comments to provide feedback on their usefulness.

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[Copilot]

Pull request overview

This PR adds FIPS 140-3 compliance support to the Agent Memory Server, enabling deployment in federal and regulated environments requiring FedRAMP compliance. The changes make the system "FIPS-capable" by switching from non-approved algorithms (bcrypt/Blowfish) to FIPS-approved alternatives (HMAC-SHA256, PBKDF2-SHA256) and adding configurable Redis TLS settings.

Changes:

• Introduces configurable token hashing with HMAC-SHA256 as the new default (replacing bcrypt), with backward compatibility for existing bcrypt hashes
• Adds Redis TLS configuration options (ca_certs, certfile, keyfile, cert_reqs, min_version)
• Provides FIPS diagnostics via new CLI command (fips-check) and authenticated API endpoint (GET /v1/fips)

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 20 comments.

Show a summary per file

File	Description
uv.lock	Updates cryptography minimum version to 42.0.0 for FIPS provider support
pyproject.toml	Updates cryptography minimum version to 42.0.0 for FIPS provider support
agent_memory_server/auth.py	Implements multi-algorithm token hashing with auto-detection; adds HMAC-SHA256 and PBKDF2-SHA256 support
agent_memory_server/config.py	Adds token hashing and Redis TLS configuration settings
agent_memory_server/utils/redis.py	Implements TLS kwargs builder for Redis connections based on URL scheme and settings
agent_memory_server/utils/recency.py	Adds usedforsecurity=False flag to SHA-256 calls used for deduplication
agent_memory_server/fips.py	New module providing FIPS compliance diagnostics (OpenSSL version, kernel FIPS mode, algorithm checks)
agent_memory_server/cli.py	Adds fips-check CLI command for runtime FIPS posture assessment
agent_memory_server/healthcheck.py	Adds authenticated /v1/fips endpoint for FIPS diagnostics
tests/test_fips_compliance.py	Comprehensive test suite covering token hashing algorithms, Redis TLS, and FIPS diagnostics
tests/test_token_auth.py	Updates tests for new default HMAC-SHA256 algorithm
Dockerfile.fips	New multi-target Dockerfile for FIPS-hardened images (UBI9 and Chainguard variants)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tylerhutcherson]

Looks good in terms of providing Redis TLR and hashing algorithm updates. A few other questions/points:

@bsbodden We need documentation on connecting AMS to Redis w/ SSL enabled. This is something ideally we test before we hand over to customers too.

Do we need to maintain both Docker images?

[bsbodden]

Looks good in terms of providing Redis TLR and hashing algorithm updates. A few other questions/points:

1. We need documentation on connecting AMS to Redis w/ SSL enabled. ==> YES!
2. Do we need to maintain both Docker images? ==> The two recommended FIPS base images, yes. The non-compliant OSS one depends, but I think most user that do not care about FIPS would like to stay with a plain-vanilla Ubuntu image - so unfortunately, 3 docker images.