Skip to content
Tests

fix: send terminal auth via first WebSocket message instead of URL query param #732

Sign in to view logs

fix: send terminal auth via first WebSocket message instead of URL query param

fix: send terminal auth via first WebSocket message instead of URL query param #732

Triggered via pull request February 16, 2026 22:57
@grichagricha
synchronize #170
fix/terminal-websocket-auth
Status Success
Total duration 5m 46s
Artifacts 5

test.yml

on: pull_request
build
36s
build
docker
1m 23s
docker
lint
23s
lint
binary
13s
binary
test-unit
15s
test-unit
e2e
3m 23s
e2e
Matrix: test
Fit to window
Zoom out
Zoom in

Annotations

1 error and 1 warning
Authentication bypass allows unauthenticated terminal WebSocket connections: src/agent/run.ts#L154
WebSocket upgrade occurs regardless of authentication status. The auth check result is passed as a flag but the connection is established before validation. This allows attackers to open terminal sessions (with shell access) without valid credentials. The checkAuth result should block the upgrade immediately, not defer it.
e2e
No files were found with the provided path: playwright-report/. No artifacts will be uploaded.

Artifacts

Produced during runtime
Name Size Digest
dist Expired
39.4 MB
sha256:d370d2d957fe59c24a76400f2e85a0919e92bbb9831c43c13c45f5d628c00476
docker-image Expired
1.09 GB
sha256:681dcc9e2a13e6433f0e492bd4e02c4c28c26667b60b7611f7f54669a64dcc03
gricha~perry~M2ACK1.dockerbuild
71.4 KB
sha256:24ec60e831565a858cd8bac9bf279f0358e1e85ccbb7aba56a9fa9f2461ae108
gricha~perry~YDG3O7.dockerbuild
37.8 KB
sha256:8fa3cd8a5fc4b76f72972233dc0c7023c526640ae2f05d24811450eceaf0c3fd
playwright-report Expired
196 KB
sha256:ff3afefafed2f71396f6d909127ef9863e9e9cf0f91fb8c9059ca55fe63a47fa