claudemesh

alezmad/claudemesh

Fork 0

Commit Graph

Author	SHA1	Message	Date
Alejandro Gutiérrez	2be5e9dccb	fix(security): resolve all 17 codex findings — auth, grants, crypto, ops Some checks failed CI / Lint (push) Has been cancelled Details CI / Typecheck (push) Has been cancelled Details CI / Broker tests (Postgres) (push) Has been cancelled Details CI / Docker build (linux/amd64) (push) Has been cancelled Details Critical: broker HTTP auth via cli_session bearer token on all /cli/*; file download requires auth+membership; v2 claim gated; duplicate claimInviteV2Core removed; grant enforcement tries member then session pubkey; audit hash uses canonical sorted-keys JSON. High: rate limit args fixed (burst 10, 60/min) + both buckets swept; BROKER_ENCRYPTION_KEY fail-fast in prod; migrate uses pg_try + lock_ timeout; hello validates sessionPubkey hex; blocked DMs rejected pre- queue; watch timers cleaned on disconnect. Medium: inbound pushes serialized; reconnect jitter + timer guard; hardcoded URLs through env; v2 claim path configurable. Low: WSHelloMessage optional protocolVersion+capabilities. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 19:18:25 +01:00
Alejandro Gutiérrez	070a3b7422	feat(broker): encrypt env vars at rest, restore on reboot Some checks failed CI / Lint (push) Has been cancelled Details CI / Typecheck (push) Has been cancelled Details CI / Broker tests (Postgres) (push) Has been cancelled Details CI / Docker build (linux/amd64) (push) Has been cancelled Details - broker-crypto.ts: AES-256-GCM encrypt/decrypt with BROKER_ENCRYPTION_KEY - mcp_deploy stores env as _encryptedEnv in mesh.service.config (no plaintext in DB) - boot restore: decrypts _encryptedEnv and re-spawns services via service-manager - auto-generates ephemeral key if BROKER_ENCRYPTION_KEY not set (logs warning) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 12:25:48 +01:00

Author

SHA1

Message

Date

Alejandro Gutiérrez

2be5e9dccb

fix(security): resolve all 17 codex findings — auth, grants, crypto, ops

CI / Lint (push) Has been cancelled

Details

CI / Typecheck (push) Has been cancelled

Details

CI / Broker tests (Postgres) (push) Has been cancelled

Details

CI / Docker build (linux/amd64) (push) Has been cancelled

Details

Critical: broker HTTP auth via cli_session bearer token on all /cli/*;
file download requires auth+membership; v2 claim gated; duplicate
claimInviteV2Core removed; grant enforcement tries member then
session pubkey; audit hash uses canonical sorted-keys JSON.

High: rate limit args fixed (burst 10, 60/min) + both buckets swept;
BROKER_ENCRYPTION_KEY fail-fast in prod; migrate uses pg_try + lock_
timeout; hello validates sessionPubkey hex; blocked DMs rejected pre-
queue; watch timers cleaned on disconnect.

Medium: inbound pushes serialized; reconnect jitter + timer guard;
hardcoded URLs through env; v2 claim path configurable.

Low: WSHelloMessage optional protocolVersion+capabilities.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 19:18:25 +01:00

Alejandro Gutiérrez

070a3b7422

feat(broker): encrypt env vars at rest, restore on reboot

CI / Lint (push) Has been cancelled

Details

CI / Typecheck (push) Has been cancelled

Details

CI / Broker tests (Postgres) (push) Has been cancelled

Details

CI / Docker build (linux/amd64) (push) Has been cancelled

Details

- broker-crypto.ts: AES-256-GCM encrypt/decrypt with BROKER_ENCRYPTION_KEY
- mcp_deploy stores env as _encryptedEnv in mesh.service.config (no plaintext in DB)
- boot restore: decrypts _encryptedEnv and re-spawns services via service-manager
- auto-generates ephemeral key if BROKER_ENCRYPTION_KEY not set (logs warning)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-08 12:25:48 +01:00

2 Commits