fix: harden relay public surfaces #62

Merged

gofix merged 1 commit from codex/issues-hardening into master

2026-05-03 18:52:09 +00:00

gofix commented

2026-05-03 18:51:21 +00:00

Owner

Summary

require lease-token authorization and nonce replay protection for /v1/sign
add HTTP request read timeout/body caps, queue reservation for /sdk/connect, stream claim timeout/close wakeups, and stale ready cleanup
cap lease/hop TTLs and registry/UDP-flow sizes; enforce admin policy on hop route lookup/token exposure
escape SSR JSON, validate canonical Host, reduce selected public internal-error leakage
atomic/private writes for relay identity and generated TLS private material
add admin auth rate limiting, session cap, audit logs, and Origin/Referer checks for state-changing admin requests

Verification

cargo test --locked
cargo clippy --locked --all-targets -- -D warnings

Issues

Addresses #20, #21, #22, #23, #24, #25, #26, #27, #28, #29, #30, #31, #32, #33.

## Summary - require lease-token authorization and nonce replay protection for `/v1/sign` - add HTTP request read timeout/body caps, queue reservation for `/sdk/connect`, stream claim timeout/close wakeups, and stale ready cleanup - cap lease/hop TTLs and registry/UDP-flow sizes; enforce admin policy on hop route lookup/token exposure - escape SSR JSON, validate canonical Host, reduce selected public internal-error leakage - atomic/private writes for relay identity and generated TLS private material - add admin auth rate limiting, session cap, audit logs, and Origin/Referer checks for state-changing admin requests ## Verification - `cargo test --locked` - `cargo clippy --locked --all-targets -- -D warnings` ## Issues Addresses #20, #21, #22, #23, #24, #25, #26, #27, #28, #29, #30, #31, #32, #33.

gofix added 1 commit

2026-05-03 18:51:21 +00:00