Skip to content

Audit/f 001 disable production dev auth bypass#16

Merged
MerverliPy merged 8 commits into
mainfrom
audit/F-001-disable-production-dev-auth-bypass
Jun 20, 2026
Merged

Audit/f 001 disable production dev auth bypass#16
MerverliPy merged 8 commits into
mainfrom
audit/F-001-disable-production-dev-auth-bypass

Conversation

@MerverliPy

Copy link
Copy Markdown
Owner

No description provided.

Reject explicit development-auth bypass requests in production, use the real OIDC client by default, and add focused regression coverage for all supported application modes.

Remediates audit finding F-001.
)

* security: prevent production development-auth bypass (#8)

* security: prevent production development-auth bypass

Reject explicit development-auth bypass requests in production, use the real OIDC client by default, and add focused regression coverage for all supported application modes.

Remediates audit finding F-001.

* style: format F-001 remediation

* docs: document development auth bypass opt-in

* docs: keep development auth bypass opt-in

* security: require production oidc settings

* security: fail closed when upload scanning is unavailable (#9)

* security: fail closed when upload scanning is unavailable

* docs: anonymize F-002 run record

* security: enforce default-branch governance (#10)

* security: enforce default-branch governance

* docs: namespace repository audit finding record

* docs: disambiguate repository audit finding ID

* fix(audit): consolidate OpenCode project configuration (#11)
@MerverliPy MerverliPy merged commit 6fcb8b7 into main Jun 20, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant