vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 11:30:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Pulse/internal/agentexec
History
rcourtman b7a94bad9f security: fix websocket scope and agent impersonation 
1. Enforce monitoring:read scope on WebSocket upgrades
   - Prevents low-privilege tokens (e.g. host-agent:report) from accessing
     full infra state via requestData on the main WebSocket.

2. Enforce agent token binding to prevent impersonation
   - Added Metadata field to APITokenRecord to support bound_agent_id
   - Updated agentexec server to validate token-to-agent binding if present
   - Prevents agent:exec tokens from registering as arbitrary agent IDs
2026-02-03 20:40:08 +00:00
..
policy.go fix: Allow qm/pct reboot/shutdown commands with approval 2026-01-04 17:57:51 +00:00
policy_test.go fix: Allow qm/pct reboot/shutdown commands with approval 2026-01-04 17:57:51 +00:00
server.go security: fix websocket scope and agent impersonation 2026-02-03 20:40:08 +00:00
server_coverage_test.go Improve internal package test coverage 2025-12-29 17:25:21 +00:00
server_test.go Improve internal package test coverage 2025-12-29 17:25:21 +00:00
server_websocket_test.go security: fix websocket scope and agent impersonation 2026-02-03 20:40:08 +00:00
types.go Enhance devcontainer and CI workflows 2026-01-01 22:29:15 +00:00