b4fbd6fe9f
Deploy Site / deploy-vercel (push) Has been skipped
Deploy Site / deploy-docs (push) Has been skipped
Build Skills Index / build-index (push) Has been skipped
CI / Deny unrelated histories (push) Has been skipped
CI / Detect affected areas (push) Successful in 27m35s
CI / OSV scan (push) Failing after 4s
CI / Build&Test Docker image (push) Successful in 9s
CI / Supply-chain scan (push) Has been skipped
CI / Lint Docker scripts (push) Failing after 5m13s
CI / Check contributors (push) Failing after 12m8s
CI / Docs Site (push) Failing after 12m8s
CI / TypeScript (push) Failing after 12m8s
CI / Python lints (push) Failing after 12m9s
CI / Python tests (push) Failing after 12m9s
CI / Check uv.lock (push) Failing after 23m22s
CI / CI timing report (push) Has been cancelled
Build Skills Index / trigger-deploy (push) Has been cancelled
CI / All required checks pass (push) Has been cancelled
56 lines
2.6 KiB
Python
56 lines
2.6 KiB
Python
"""Shared allowlist of ``/api/*`` paths that bypass dashboard auth.
|
|
|
|
Two middlewares enforce dashboard auth and previously kept independent
|
|
copies of this list:
|
|
|
|
* ``hermes_cli.web_server.auth_middleware`` — loopback / ``--insecure``
|
|
mode, gates on the ephemeral ``_SESSION_TOKEN``.
|
|
* ``hermes_cli.dashboard_auth.middleware.gated_auth_middleware`` —
|
|
non-loopback mode, gates on the OAuth session cookie.
|
|
|
|
When the lists drifted, ``/api/status`` ended up public under the legacy
|
|
gate but 401'd under the OAuth gate. That broke the portal's wildcard
|
|
liveness probe (``nous-account-service`` ``fly-provider.ts``
|
|
``getInstanceRuntimeStatus``), which fetches ``/api/status`` without a
|
|
cookie as its sole signal of "agent dashboard is alive": every healthy
|
|
wildcard-subdomain agent surfaced as STARTING/down in the portal UI even
|
|
though the dashboard was serving correctly.
|
|
|
|
Centralising the allowlist here so both middlewares import the same
|
|
frozenset prevents the next drift. Keep this list minimal — only truly
|
|
non-sensitive, read-only endpoints belong here. As a sanity check, every
|
|
entry should be safe to expose to:
|
|
|
|
* external uptime probes (Pingdom, Better Stack, NAS),
|
|
* the dashboard SPA before the user has logged in,
|
|
* anyone who happens to ``curl`` the hostname.
|
|
|
|
If a new endpoint doesn't pass all three tests, it should be gated and
|
|
the SPA should bootstrap it after login instead.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
PUBLIC_API_PATHS: frozenset[str] = frozenset({
|
|
# Liveness probe target. Returns version, gateway state, active
|
|
# session count, and the dashboard auth-gate shape. No bodies, no
|
|
# session content, no secrets. Documented as the portal's wildcard
|
|
# liveness probe in
|
|
# ``docs/agent-dashboard-public-url-contract.md`` (NAS side).
|
|
"/api/status",
|
|
# Read-only config-defaults / schema feeds for the SPA's Config page.
|
|
"/api/config/defaults",
|
|
"/api/config/schema",
|
|
# Read-only model metadata (context windows, etc.) — same shape as
|
|
# provider catalogs already exposed on the public internet.
|
|
"/api/model/info",
|
|
# Read-only theme + plugin manifests for the dashboard skin engine.
|
|
"/api/dashboard/themes",
|
|
"/api/dashboard/plugins",
|
|
# Chronos managed-cron fire webhook (NAS -> agent). NOT cookie-gated: it
|
|
# carries its own short-lived NAS-minted JWT (purpose=cron_fire), which the
|
|
# handler verifies as the real auth. Must bypass the dashboard auth gate so
|
|
# the NAS relay's bearer-only callback reaches the verifier instead of a
|
|
# 401 no_cookie. The JWT — not this allowlist — is the security boundary.
|
|
"/api/cron/fire",
|
|
})
|