Skip to content

Security: kt0319/any-console

Security

SECURITY.md

Security Policy

What any-console is, security-wise

any-console gives a browser full shell access to the host it runs on. Terminals, job execution, Git operations, and file read/write all run as the OS user that owns the service. Treat access to any-console exactly like SSH access to that machine: anyone who holds the auth token (or a signed-in device) can run arbitrary commands on your host. There is no sandbox between the web UI and your shell — that is the product working as designed, which is why the deployment guidance below matters.

Intended deployment

any-console is designed to be reachable only from a private network you trust — a Tailscale tailnet, a LAN behind a firewall, or localhost.

  • Never expose it directly to the public internet — no router port forwarding, no Tailscale Funnel, no cloudflared / ngrok tunnels, no public reverse proxy. The single-token auth model is not designed to withstand internet-wide credential stuffing or token brute force.
  • The recommended setup is Tailscale Serve for HTTPS inside your tailnet, or plain HTTP on a trusted LAN.
  • Be careful with any other tunnel or proxy on the same host (ssh -L, nginx, cloudflared): they can make external requests appear to come from loopback. This is exactly why Tailscale header auto-auth is opt-in — see the security note in README > Authentication.

Authentication model

The model is intentionally simple (see docs/DECISIONS.md #3: single token, no user separation):

  • A random 32-character token is generated on first start and stored in data/auth.json. It is printed to the startup log once.
  • Signing in exchanges the token for a per-device cookie. Devices can be reviewed and revoked individually from Settings → Security, and the token itself can be rotated there.
  • There are no user accounts or roles. One token means full access.
  • Request rate limiting and security headers are enabled by default.
  • Tailscale header auto-auth (trust_tailscale_auth) is off by default and should stay off unless requests reach any-console exclusively via Tailscale Serve / tailnet peers.
  • auth_disabled removes authentication entirely. Only enable it on a network where every reachable peer is allowed to own the host.

If the token leaks

Assume full compromise of the OS user running any-console. Rotate the token from Settings → Security (or delete data/auth.json and restart to generate a new one), revoke all devices, and audit the host: shell history, tmux sessions, Git remotes/credentials, and ~/.ssh reachable by that user.

Reporting a vulnerability

Please report vulnerabilities privately via GitHub private vulnerability reporting rather than opening a public issue. Reports are handled on a best-effort basis — this is a single-maintainer project — but authentication bypasses and remote code execution reachable without a valid token are treated as top priority.

There aren't any published security advisories