Commit 72bd6ec
committed
fix(security): gate POST /api/enrichment-proposals/{id}/decide behind the agent key
The broker write-back endpoint accepted unauthenticated decisions with a
self-asserted broker_pubkey (default "anon") that persisted to the global
log, broadcast to all clients, and triggered writeback/attribution -- a
Sybil/spoofing surface introduced with the broker loop (023c847).
Sole legitimate caller is the agentbox broker-bridge (service-to-service),
so the gate follows the established x-agent-key / VISIONCLAW_AGENT_KEY
pattern from image_gen_handler rather than the human-session RequireAuth
wraps. 401 before any decision is recorded. cargo check clean; 5/5
enrichment_proposals tests pass. The agentbox caller gains the matching
X-Agent-Key header in its own repo.
Ecosystem audit 2026-06-11.
Co-Authored-By: jjohare <github@thedreamlab.uk>1 parent 52bb7eb commit 72bd6ec
1 file changed
Lines changed: 37 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
| |||
116 | 116 | | |
117 | 117 | | |
118 | 118 | | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
119 | 146 | | |
120 | 147 | | |
121 | 148 | | |
| |||
176 | 203 | | |
177 | 204 | | |
178 | 205 | | |
| 206 | + | |
179 | 207 | | |
180 | 208 | | |
181 | 209 | | |
182 | 210 | | |
| 211 | + | |
| 212 | + | |
| 213 | + | |
| 214 | + | |
| 215 | + | |
| 216 | + | |
| 217 | + | |
| 218 | + | |
183 | 219 | | |
184 | 220 | | |
185 | 221 | | |
| |||
0 commit comments