26 lines
1.7 KiB
Markdown
26 lines
1.7 KiB
Markdown
# Security Review
|
|
|
|
## Checked Areas
|
|
|
|
- Shell execution: browser auto-open is gated by `AUTO_OPEN_BROWSER` and defaults to false.
|
|
- Secrets: `.env` remains ignored; `.env.example` contains no real keys.
|
|
- External network calls: source fetches use timeout/retry diagnostics and expose degraded state.
|
|
- Manual actions: `/api/sweep` and `/api/action` are gated by `TERMINAL_ACTIONS_ENABLED` and local-only or `SWEEP_TOKEN` authorization.
|
|
- File writes: runtime writes are limited to `runs/`.
|
|
- HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE.
|
|
|
|
## Terminal Actions
|
|
|
|
- `TERMINAL_ACTIONS_ENABLED=true` enables dashboard-triggered `status`, `sweep`, and `brief` actions through `POST /api/action`.
|
|
- If `SWEEP_TOKEN` is set, callers must send the token through `x-sweep-token`, `Authorization: Bearer ...`, or the `token` request body field.
|
|
- If `SWEEP_TOKEN` is empty, actions are accepted only from local loopback addresses.
|
|
- For private Dockge/LAN deployments, this is intended to make the terminal operable from the browser.
|
|
- For Pangolin or other internet-exposed deployments, set `SWEEP_TOKEN` or `TERMINAL_ACTIONS_ENABLED=false` until the public reverse-proxy hardening issue is completed.
|
|
|
|
## Residual Risk
|
|
|
|
- External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs.
|
|
- LLM outputs are advisory only and must not be treated as financial advice.
|
|
- `node:sqlite` availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.
|
|
- Browser-stored sweep tokens are acceptable for a trusted home-server UI, but should not be treated as a strong auth boundary on a public endpoint.
|