rcourtman 9aafa6449f feat(security): Add capability-based authorization ... Implements proper least-privilege model for RPC methods. Previously, any UID in allowed_peer_uids could call privileged methods, meaning another service's UID would inherit full host-level control. Capability System: - Three levels: read, write, admin - Per-UID capability assignment via allowed_peers config - Privileged methods require admin capability - Backwards compatible with legacy allowed_peer_uids format Configuration: allowed_peers: - uid: 0 capabilities: [read, write, admin] # Root gets all - uid: 1000 capabilities: [read] # Docker: read-only - uid: 1001 capabilities: [read, write] # Temps but not key distribution Security benefit: Services can be granted only the capabilities they need, preventing unintended privilege escalation. Related to security audit 2025-11-07. Co-authored-by: Codex <codex@openai.com>		2025-11-07 17:09:32 +00:00
..
hashpw	Add hashpw utility for generating password hashes	2025-11-06 16:46:56 +00:00
pulse	Improve bootstrap token UX for easier discovery	2025-11-06 17:29:49 +00:00
pulse-docker-agent	Improve Alpine Linux support and agent startup validation	2025-11-05 19:01:09 +00:00
pulse-host-agent	Refactor: Code cleanup and localStorage consolidation	2025-11-04 21:50:46 +00:00
pulse-sensor-proxy	feat(security): Add capability-based authorization	2025-11-07 17:09:32 +00:00