fix(harden): secure worker hub auth boundary and enforce validation#285
Conversation
Harden the Backend-Worker Hub system by securing unauthenticated privileged endpoints and enforcing strict validation boundaries. - Removed /hub/state from publicRoutes in authMiddleware to secure clan data. - Annotated WorkerHubController static state with // EPHEMERAL for lifecycle clarity. - Replaced 'any' types with 'unknown' and HubState matrix with unknown[][]. - Implemented HubErrorSchema and FsErrorSchema for strict error validation via Valibot at boundary catch blocks. - Eliminated manual 'typeof' and 'in' checks in favor of schema validation. Generated by: .github/prompts/hardening.md Target B [1, 2, 4], Target A [1, 2]
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
github-actions
bot
deleted the
fix/harden-worker-hub-security-and-integrity-10562624201307295141
branch
Generated by:
.github/prompts/hardening.mdReasoning:
[Threat Statement]: If
/hub/stateremains unauthenticated, then internal clan data is exposed to unauthorized external callers. If module-level state is not documented, then future agents may assume persistence where none exists. If caught errors are processed asany, then malformed error objects could cause secondary runtime crashes.[Blast Radius]:
Backend-WorkerAPI,WorkerHubController, and PWA data ingestion.[Rationale]: Secure the Auth Boundary by moving sensitive routes behind the secret check. Enforce "OCD Clean Stack" standards by replacing manual type checks and
anytypes with Valibot schemas (HubErrorSchema,FsErrorSchema) andunknowntypes. Document process-restart behavior via mandatory annotations.Changes:
/hub/statefrom the public routes whitelist. Refactored error handling to useHubErrorSchema.// EPHEMERALannotations to static state. Refactored catch blocks for safeunknownerror processing.loadStateandsaveStateto use Valibot for error and filesystem checks.HubErrorSchemaandFsErrorSchema.HubStatedata structure withunknown[][].Verification:
pnpm testinBackend-Worker. All 52 tests passed./hub/statenow requiresREMOTE_WORKER_SECRETin the Authorization header.Log Updates:
.github/nightly-logs/hardening-coverage.log(Internal recording)PR created automatically by Jules for task 10562624201307295141 started by @AlbiDR