Context
As part of getting this running in my environment, I did a security review of the codebase. I found a number of authentication and authorization issues that I think should be addressed before wider production adoption. I'm flagging the categories here without full details, and I'd like to share the complete findings through a private channel.
Request: Please enable Private Vulnerability Reporting on this repository so I can submit the detailed findings securely. Alternatively, if there's a security contact email, I'm happy to use that.
Summary of Findings
These are the categories of issues identified — not an exhaustive list, but representative:
Transport Layer
- Several transport API endpoints accept authentication parameters but do not validate them server-side
- Agent identity (source_id) is not verified against authenticated sessions on any transport, enabling message spoofing
- Default transport configurations favor connectivity over security (e.g., insecure channels by default)
Workspace Backend
- Multiple workspace management endpoints are missing authorization checks entirely, including destructive operations
- Workspace enumeration is possible without authentication
- File serving configuration creates cross-site scripting vectors for certain content types
Authentication Infrastructure
- Token/secret comparison uses patterns vulnerable to timing attacks
- Token revocation checks are explicitly disabled in the Firebase integration
- CORS is configured with wildcard origins by default across multiple components
General
- No rate limiting on any endpoint
- Subprocess execution patterns in the CLI use potentially unsafe shell invocation
- Environment variables (including secrets) are passed without filtering to child processes
What I'm Not Doing
I'm not publishing exploit details, PoCs, or specific file/line references in a public issue. That's what the private advisory is for.
Happy to discuss further once there's a private channel available.
Context
As part of getting this running in my environment, I did a security review of the codebase. I found a number of authentication and authorization issues that I think should be addressed before wider production adoption. I'm flagging the categories here without full details, and I'd like to share the complete findings through a private channel.
Request: Please enable Private Vulnerability Reporting on this repository so I can submit the detailed findings securely. Alternatively, if there's a security contact email, I'm happy to use that.
Summary of Findings
These are the categories of issues identified — not an exhaustive list, but representative:
Transport Layer
Workspace Backend
Authentication Infrastructure
General
What I'm Not Doing
I'm not publishing exploit details, PoCs, or specific file/line references in a public issue. That's what the private advisory is for.
Happy to discuss further once there's a private channel available.