Hardening: safer CORS config + localhost bind defaults

[TheodorNEngoy]

This hardens the LangChain agent runtime defaults to avoid two common security footguns for network-exposed MCP-adjacent servers:

• CORS: stop combining CORS_ORIGINS=* with credentials. The app now reads CORS_ORIGINS/CORS_CREDENTIALS and forces credentials off when CORS_ORIGINS=* (with a warning), since wildcard+credentials is unsafe.
• Bind host: default local dev runs to 127.0.0.1 instead of 0.0.0.0 in Makefile and start_agent.py (still configurable via HOST/PORT). The container Dockerfile remains --host 0.0.0.0.

Also updates .env.example to reflect safer defaults (CORS disabled by default; loopback bind by default).

Rationale: reduces accidental remote exposure + credentialed cross-origin access while keeping intentional remote deployments opt-in.

[crivetimihai]

Thanks for this hardening PR, @TheodorNEngoy! Solid security improvements:

• Catching the wildcard CORS + credentials anti-pattern and logging a warning is exactly right.
• Defaulting to localhost binding and CORS-disabled is good principle of least privilege.

A couple of minor suggestions:

1. DRY the port parsing: _env_int is defined in app.py but the same logic is manually reimplemented in start_agent.py (lines 116-120). Consider sharing the helper.
2. Makefile hardcodes host: The run/dev targets use literal --host 127.0.0.1, so HOST=0.0.0.0 make run won't work as expected. Using --host $${HOST:-127.0.0.1} would be more consistent.

Neither is a blocker. LGTM!

[TheodorNEngoy]

Thanks! Addressed both nits:

• DRY port parsing: factored env helpers into agent_runtimes/langchain_agent/env_utils.py and start_agent.py now uses shared _env_int().
• Makefile HOST override: run/dev now use --host 65847{HOST:-127.0.0.1} and --port 65847{PORT:-8000} so HOST=0.0.0.0 make run behaves as expected.

[crivetimihai]

Thanks @TheodorNEngoy — this is well-executed. Both suggestions from the previous review have been properly addressed:

• DRY the port parsing — extracted _env_bool, _env_int, _parse_csv into env_utils.py. Clean.
• Makefile host override — run/dev targets now use $${HOST:-127.0.0.1}. Works correctly.

The CORS hardening is sound (empty default = disabled, wildcard+credentials guard with warning, defense-in-depth), and the localhost bind default is a good security improvement.

One edge case to consider: the wildcard-with-credentials guard only fires when CORS_ORIGINS is exactly "*", not when "*" appears among a comma-separated list like "*,http://example.com". While unlikely, checking the parsed list instead of the raw string would make the guard more robust:

cors_allow_origins = _parse_csv(cors_origins_raw)
if "*" in cors_allow_origins:
    cors_allow_origins = ["*"]
    if cors_allow_credentials:
        logger.warning("...")
        cors_allow_credentials = False

This is a minor suggestion — the PR is solid as-is. LGTM.

[crivetimihai]

Thanks @TheodorNEngoy — this is a solid security hardening contribution!

What was done

Rebased onto main (clean, no conflicts) and applied three fixes during review:

1. CORS wildcard bypass fix (High): The original guard (cors_origins_raw == "*") only caught the exact * string. Mixed inputs like *,https://example.com bypassed the safety check while Starlette still treated the list as allow-all. Fixed by checking "*" in cors_allow_origins on the parsed list, and normalizing any wildcard-containing list to ["*"].

2. LOG_LEVEL validation (Medium): LOG_LEVEL was passed to uvicorn without validation — invalid values like warn or " info " would crash at startup. Added strip/lowercase/validation against allowed uvicorn levels with a warning fallback.

3. Unused import (Low): Removed unused pytest import in test file.

Tests added

44 differential tests covering all new code:

• test_env_utils.py (32 tests): _env_bool, _env_int, _parse_csv — truthy/falsy/default/whitespace/edge cases
• test_cors_config.py (12 tests): CORS disabled by default, explicit origins, wildcard safety, mixed wildcard bypass (the new regression tests), edge cases

Verification

All pass:

• make doctest — 1193 passed
• make test — 12447 passed
• make pylint — 10.00/10
• make flake8 — clean