gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Pulse/internal/agentexec
History
rcourtman b7a94bad9f security: fix websocket scope and agent impersonation 
1. Enforce monitoring:read scope on WebSocket upgrades
   - Prevents low-privilege tokens (e.g. host-agent:report) from accessing
     full infra state via requestData on the main WebSocket.

2. Enforce agent token binding to prevent impersonation
   - Added Metadata field to APITokenRecord to support bound_agent_id
   - Updated agentexec server to validate token-to-agent binding if present
   - Prevents agent:exec tokens from registering as arbitrary agent IDs
2026-02-03 20:40:08 +00:00
..
policy_test.go
fix: Allow qm/pct reboot/shutdown commands with approval
2026-01-04 17:57:51 +00:00
policy.go
fix: Allow qm/pct reboot/shutdown commands with approval
2026-01-04 17:57:51 +00:00
server_coverage_test.go
Improve internal package test coverage
2025-12-29 17:25:21 +00:00
server_test.go
Improve internal package test coverage
2025-12-29 17:25:21 +00:00
server_websocket_test.go
security: fix websocket scope and agent impersonation
2026-02-03 20:40:08 +00:00
server.go
security: fix websocket scope and agent impersonation
2026-02-03 20:40:08 +00:00
types.go
Enhance devcontainer and CI workflows
2026-01-01 22:29:15 +00:00