fix: low-batch hardening and behavior consistency#3220
Merged
crivetimihai merged 13 commits intomainfrom Feb 24, 2026
Merged
Conversation
- L-01: proxy-auth trust now requires explicit dangerous acknowledgement when client auth is disabled - L-02: unauthenticated admin behavior is explicit and warning-backed when AUTH_REQUIRED is disabled - L-03: OAuth state handling and gateway lookup behavior are aligned for consistent responses - L-05: OAuth state validation flow is tightened before downstream processing - L-07: docs/auth token validation paths are consistent with revocation and user-state checks - L-08: SSO admin preservation behavior is aligned with configured policy and role-sync rules - L-09: SSO issuer allowlist enforcement is active and normalized for comparisons - L-10: crypto/security documentation is aligned with runtime implementation behavior - L-11: SSO nonce-protection documentation is aligned with actual behavior - L-12: SSO team mapping is applied during login flows with regression coverage - L-15: tool cache auth-sensitive hydration is type-safe and avoids unsafe payload assumptions - L-16: token usage-limit enforcement path is active with deny-path coverage - L-17: debug console logging cleanup and frontend test alignment for admin UI scripts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
- Rate-limit proxy auth trust warning to log once per process - Replace unnecessary db.commit() with db.rollback() in read-only _check_usage_limits path - Use HTTPException directly for SSO preserve-admin enforcement instead of ValueError control flow; re-raise HTTPException before generic handler so 401 is no longer swallowed into 500 - Document TRUST_PROXY_AUTH_DANGEROUSLY and ALLOW_UNAUTHENTICATED_ADMIN in .env.example with DANGER warnings - Warn when blank issuer bypasses SSO_ISSUERS allowlist - Preserve original console.log/debug on window before override - Add plugin_context_table/plugin_global_context to anonymous context Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
The target was defined twice — an older version without the COMMITLINT_ENFORCED toggle and the newer toggleable version. Remove the old definition and co-locate all commitlint-only variables with the surviving target, following the Makefile's convention of defining variables near the targets that use them. Signed-off-by: Jonathan Springer <jps@s390x.com>
tests/e2e/test_entra_id_integration.py requires external Entra ID configuration and is not suitable for the default `make test` and `make test-altk` runs. Signed-off-by: Jonathan Springer <jps@s390x.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vishu-bh
pushed a commit
that referenced
this pull request
Feb 25, 2026
* fix: low-batch hardening and behavior consistency - L-01: proxy-auth trust now requires explicit dangerous acknowledgement when client auth is disabled - L-02: unauthenticated admin behavior is explicit and warning-backed when AUTH_REQUIRED is disabled - L-03: OAuth state handling and gateway lookup behavior are aligned for consistent responses - L-05: OAuth state validation flow is tightened before downstream processing - L-07: docs/auth token validation paths are consistent with revocation and user-state checks - L-08: SSO admin preservation behavior is aligned with configured policy and role-sync rules - L-09: SSO issuer allowlist enforcement is active and normalized for comparisons - L-10: crypto/security documentation is aligned with runtime implementation behavior - L-11: SSO nonce-protection documentation is aligned with actual behavior - L-12: SSO team mapping is applied during login flows with regression coverage - L-15: tool cache auth-sensitive hydration is type-safe and avoids unsafe payload assumptions - L-16: token usage-limit enforcement path is active with deny-path coverage - L-17: debug console logging cleanup and frontend test alignment for admin UI scripts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: address code review findings from low-batch hardening - Rate-limit proxy auth trust warning to log once per process - Replace unnecessary db.commit() with db.rollback() in read-only _check_usage_limits path - Use HTTPException directly for SSO preserve-admin enforcement instead of ValueError control flow; re-raise HTTPException before generic handler so 401 is no longer swallowed into 500 - Document TRUST_PROXY_AUTH_DANGEROUSLY and ALLOW_UNAUTHENTICATED_ADMIN in .env.example with DANGER warnings - Warn when blank issuer bypasses SSO_ISSUERS allowlist - Preserve original console.log/debug on window before override - Add plugin_context_table/plugin_global_context to anonymous context Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix locust test auth Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Disable OBS Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: remove duplicate linting-workflow-commitlint target from Makefile The target was defined twice — an older version without the COMMITLINT_ENFORCED toggle and the newer toggleable version. Remove the old definition and co-locate all commitlint-only variables with the surviving target, following the Makefile's convention of defining variables near the targets that use them. Signed-off-by: Jonathan Springer <jps@s390x.com> * chore: exclude Entra ID e2e tests from default test targets tests/e2e/test_entra_id_integration.py requires external Entra ID configuration and is not suitable for the default `make test` and `make test-altk` runs. Signed-off-by: Jonathan Springer <jps@s390x.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - fix ui Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * linter updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Jonathan Springer <jps@s390x.com> Co-authored-by: Jonathan Springer <jps@s390x.com>
vishu-bh
pushed a commit
that referenced
this pull request
Feb 25, 2026
* fix: low-batch hardening and behavior consistency - L-01: proxy-auth trust now requires explicit dangerous acknowledgement when client auth is disabled - L-02: unauthenticated admin behavior is explicit and warning-backed when AUTH_REQUIRED is disabled - L-03: OAuth state handling and gateway lookup behavior are aligned for consistent responses - L-05: OAuth state validation flow is tightened before downstream processing - L-07: docs/auth token validation paths are consistent with revocation and user-state checks - L-08: SSO admin preservation behavior is aligned with configured policy and role-sync rules - L-09: SSO issuer allowlist enforcement is active and normalized for comparisons - L-10: crypto/security documentation is aligned with runtime implementation behavior - L-11: SSO nonce-protection documentation is aligned with actual behavior - L-12: SSO team mapping is applied during login flows with regression coverage - L-15: tool cache auth-sensitive hydration is type-safe and avoids unsafe payload assumptions - L-16: token usage-limit enforcement path is active with deny-path coverage - L-17: debug console logging cleanup and frontend test alignment for admin UI scripts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: address code review findings from low-batch hardening - Rate-limit proxy auth trust warning to log once per process - Replace unnecessary db.commit() with db.rollback() in read-only _check_usage_limits path - Use HTTPException directly for SSO preserve-admin enforcement instead of ValueError control flow; re-raise HTTPException before generic handler so 401 is no longer swallowed into 500 - Document TRUST_PROXY_AUTH_DANGEROUSLY and ALLOW_UNAUTHENTICATED_ADMIN in .env.example with DANGER warnings - Warn when blank issuer bypasses SSO_ISSUERS allowlist - Preserve original console.log/debug on window before override - Add plugin_context_table/plugin_global_context to anonymous context Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix locust test auth Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Disable OBS Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: remove duplicate linting-workflow-commitlint target from Makefile The target was defined twice — an older version without the COMMITLINT_ENFORCED toggle and the newer toggleable version. Remove the old definition and co-locate all commitlint-only variables with the surviving target, following the Makefile's convention of defining variables near the targets that use them. Signed-off-by: Jonathan Springer <jps@s390x.com> * chore: exclude Entra ID e2e tests from default test targets tests/e2e/test_entra_id_integration.py requires external Entra ID configuration and is not suitable for the default `make test` and `make test-altk` runs. Signed-off-by: Jonathan Springer <jps@s390x.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - fix ui Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * linter updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Jonathan Springer <jps@s390x.com> Co-authored-by: Jonathan Springer <jps@s390x.com>
MohanLaksh
pushed a commit
that referenced
this pull request
Mar 12, 2026
* fix: low-batch hardening and behavior consistency - L-01: proxy-auth trust now requires explicit dangerous acknowledgement when client auth is disabled - L-02: unauthenticated admin behavior is explicit and warning-backed when AUTH_REQUIRED is disabled - L-03: OAuth state handling and gateway lookup behavior are aligned for consistent responses - L-05: OAuth state validation flow is tightened before downstream processing - L-07: docs/auth token validation paths are consistent with revocation and user-state checks - L-08: SSO admin preservation behavior is aligned with configured policy and role-sync rules - L-09: SSO issuer allowlist enforcement is active and normalized for comparisons - L-10: crypto/security documentation is aligned with runtime implementation behavior - L-11: SSO nonce-protection documentation is aligned with actual behavior - L-12: SSO team mapping is applied during login flows with regression coverage - L-15: tool cache auth-sensitive hydration is type-safe and avoids unsafe payload assumptions - L-16: token usage-limit enforcement path is active with deny-path coverage - L-17: debug console logging cleanup and frontend test alignment for admin UI scripts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: address code review findings from low-batch hardening - Rate-limit proxy auth trust warning to log once per process - Replace unnecessary db.commit() with db.rollback() in read-only _check_usage_limits path - Use HTTPException directly for SSO preserve-admin enforcement instead of ValueError control flow; re-raise HTTPException before generic handler so 401 is no longer swallowed into 500 - Document TRUST_PROXY_AUTH_DANGEROUSLY and ALLOW_UNAUTHENTICATED_ADMIN in .env.example with DANGER warnings - Warn when blank issuer bypasses SSO_ISSUERS allowlist - Preserve original console.log/debug on window before override - Add plugin_context_table/plugin_global_context to anonymous context Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix locust test auth Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Disable OBS Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: remove duplicate linting-workflow-commitlint target from Makefile The target was defined twice — an older version without the COMMITLINT_ENFORCED toggle and the newer toggleable version. Remove the old definition and co-locate all commitlint-only variables with the surviving target, following the Makefile's convention of defining variables near the targets that use them. Signed-off-by: Jonathan Springer <jps@s390x.com> * chore: exclude Entra ID e2e tests from default test targets tests/e2e/test_entra_id_integration.py requires external Entra ID configuration and is not suitable for the default `make test` and `make test-altk` runs. Signed-off-by: Jonathan Springer <jps@s390x.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * MCP_REQUIRE_AUTH now inherits AUTH_REQUIRED when unset - fix ui Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * linter updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: Jonathan Springer <jps@s390x.com> Co-authored-by: Jonathan Springer <jps@s390x.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix: low-batch hardening and behavior consistency