Skip to content

Self-healing security settings: surface SSRF violations with one-click allow #671

Open
Open
Self-healing security settings: surface SSRF violations with one-click allow#671
Labels
prio:mediumShould do, but not blockingscope:large3+ days of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemtype:featureNew feature implementationv0.7Minor version v0.7v0.7.7Patch release v0.7.7
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 21, 2026

Note: the web dashboard has been rebuilt in React 19 + shadcn/ui as part of #762. Vue/PrimeVue references in this issue are outdated.

Problem

When SSRF protection blocks a legitimate provider URL (e.g., host.docker.internal resolving to a private IP), the user sees an opaque error with no easy way to resolve it. The current workflow requires code-level understanding of the SSRF validation, preset trust mechanism, and blocked IP ranges.

Proposed solution

Add a self-healing settings flow where SSRF violations are surfaced in the dashboard with a one-click allow:

  1. Violation log -- when SSRF validation blocks a URL, record the violation in a structured table (timestamp, URL, resolved IP, blocked range, provider name, action taken)
  2. Dashboard widget -- surface recent violations in the security/settings area of the web dashboard, showing what was blocked and why
  3. One-click allow -- each violation has an "Allow this host" button that adds the hostname:port to the provider discovery allowlist (from the dynamic allowlist feature)
  4. Audit trail -- all allow/deny decisions are logged to the audit sink with the user who approved them
  5. Batch operations -- allow/deny all violations from a provider at once

UX flow

  1. User sets up Ollama provider via setup wizard
  2. Discovery fails silently (SSRF blocks host.docker.internal)
  3. Dashboard shows notification: "1 provider connection blocked by security policy"
  4. User clicks through to see: "host.docker.internal:11434 blocked -- resolves to private IP 192.168.65.254"
  5. User clicks "Allow" -- hostname is added to allowlist, discovery retries automatically
  6. Models appear in the provider

Technical notes

  • Depends on the dynamic SSRF allowlist feature
  • Violation records should be stored in the persistence layer (not just logs)
  • WebSocket push for real-time violation notifications
  • Consider a "learning mode" toggle that auto-allows all private-range IPs for local development setups
  • The security module's rule engine (src/synthorg/security/) could be extended for this

API surface

  • GET /api/v1/security/violations -- list recent SSRF violations
  • POST /api/v1/security/violations/{id}/allow -- add to allowlist
  • POST /api/v1/security/violations/{id}/deny -- dismiss (with optional "don't show again")
  • GET /api/v1/security/allowlist -- current provider discovery allowlist
  • PUT /api/v1/security/allowlist -- update allowlist directly

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:mediumShould do, but not blockingscope:large3+ days of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemtype:featureNew feature implementationv0.7Minor version v0.7v0.7.7Patch release v0.7.7

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions