MrSphay/intelligence-terminal
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Harden Terminal Actions for public reverse-proxy deployments #6

New Issue
Closed
opened 2026-05-17 11:21:50 +00:00 by MrSphay · 2 comments
MrSphay commented 2026-05-17 11:21:50 +00:00
Owner
Copy Link

Created from local project scan after adding dashboard actions.

Current status: /api/action supports status/sweep/brief and can be protected by SWEEP_TOKEN. For private LAN use this is useful, but public Pangolin/reverse-proxy deployments need a clearer security model.

Acceptance criteria:

  • Provide an in-dashboard token configuration flow that does not require browser devtools/localStorage manual editing.
  • Add CSRF/rate-limit/audit-log considerations for POST /api/action and POST /api/sweep.
  • Document recommended settings for private LAN, Pangolin-authenticated, and public internet exposure.
  • Consider defaulting TERMINAL_ACTIONS_ENABLED based on deployment mode or requiring SWEEP_TOKEN when not local-only.
Created from local project scan after adding dashboard actions. Current status: /api/action supports status/sweep/brief and can be protected by SWEEP_TOKEN. For private LAN use this is useful, but public Pangolin/reverse-proxy deployments need a clearer security model. Acceptance criteria: - Provide an in-dashboard token configuration flow that does not require browser devtools/localStorage manual editing. - Add CSRF/rate-limit/audit-log considerations for POST /api/action and POST /api/sweep. - Document recommended settings for private LAN, Pangolin-authenticated, and public internet exposure. - Consider defaulting TERMINAL_ACTIONS_ENABLED based on deployment mode or requiring SWEEP_TOKEN when not local-only.
MrSphay commented 2026-05-17 12:09:07 +00:00
Author
Owner
Copy Link

In Bearbeitung durch Codex auf Branch codex/issue-6-terminal-actions-hardening. Scope: Terminal Actions fuer Reverse-Proxy-Betrieb haerten: Token-Konfiguration im Dashboard statt DevTools, Server-Gates fuer Action-Endpunkte, Rate-Limit/Audit-Log-Basis und Betriebsdoku. Keine Source-/Memory-Aenderungen, damit parallele Branches sauber mergbar bleiben.

In Bearbeitung durch Codex auf Branch codex/issue-6-terminal-actions-hardening. Scope: Terminal Actions fuer Reverse-Proxy-Betrieb haerten: Token-Konfiguration im Dashboard statt DevTools, Server-Gates fuer Action-Endpunkte, Rate-Limit/Audit-Log-Basis und Betriebsdoku. Keine Source-/Memory-Aenderungen, damit parallele Branches sauber mergbar bleiben.
MrSphay commented 2026-05-17 12:23:01 +00:00
Author
Owner
Copy Link

PR geoeffnet und aktualisiert: #25\n\nStatus: Branch auf aktuelle codex/production-intelligence-terminal rebased, PR ist mergeable. Scope: Terminal Actions fuer Reverse-Proxy/Public-Betrieb gehaertet: Header-Token statt URL-Token, Same-Origin-POST-Check, per-IP Rate-Limit, sanitised Audit Logs, Dashboard-Token-Konfiguration und Deployment-Doku. Keine lokalen npm/node Tests gemaess Runner-only Vorgabe; Regressionstests fuer den Runner ergaenzt.

PR geoeffnet und aktualisiert: https://git.wilkensxl.de/MrSphay/intelligence-terminal/pulls/25\n\nStatus: Branch auf aktuelle codex/production-intelligence-terminal rebased, PR ist mergeable. Scope: Terminal Actions fuer Reverse-Proxy/Public-Betrieb gehaertet: Header-Token statt URL-Token, Same-Origin-POST-Check, per-IP Rate-Limit, sanitised Audit Logs, Dashboard-Token-Konfiguration und Deployment-Doku. Keine lokalen npm/node Tests gemaess Runner-only Vorgabe; Regressionstests fuer den Runner ergaenzt.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
design-revert
Reverts visual/design changes
 enhancement
New feature or product improvement
 frontend-redesign
Frontend redesign and app-shell/UI work
 marketing-finalization
Product presentation, README, packaging metadata, and customer-facing communication.
 product
User-facing product capability or workflow
 research
Research-originated product idea ready for implementation design
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrSphay
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MrSphay/intelligence-terminal#6
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?