bench: API auth / middleware / git route

[antfleet-ops]

Manual file pick from rennf93/roboco — FastAPI app, middleware, role-based deps, KB authz, git operations route (6 files, ~74KB).

Two-model security review (Claude Opus 4.7 + GPT-5).

Methodology: https://github.com/AntFleet/bench-roboco

[antfleet]

AntFleet · 2 findings

Both reviewers flagged the items below on the changed files. AntFleet posts only what two independent frontier models agree on.

---

Security · High — v1 role guards trust the role header without authenticating the agent token
roboco/api/deps.py:199-237

The main auth dependency implements HMAC enforcement when ROBOCO_AGENT_AUTH_REQUIRED is enabled, but the v1 role guard only reads X-Agent-Role and compares it to an allowed set. If a v1 router relies on these guards for access control, a caller can select an allowed role by setting a header without presenting a valid X-Agent-Token or proving that the role belongs to the stated agent. The comments in _role_dep explicitly describe these as the router-level role assertions, so this is an authoriza…

Fix: Make _require_roles accept CurrentAgentContext/get_agent_context instead of the raw role header, then compare the authenticated context role to the allowed roles. Keep the HMAC token requirement and DB identity/role resolution centralized in roboco.api.deps.

Proposed patch (model: claude-opus-4-7)

        ctx: CurrentAgentContext = Depends(get_agent_context),
        if ctx.role not in allowed:

---

Security · Medium — request_validation_handler echoes raw rejected body to logs, may include secrets
roboco/api/middleware.py:290-318

The rejected request body is logged in full, and also returned in the 422 response under content['body']. If a client POSTs JSON containing a token, password, or HMAC and a validation error occurs, the body is persisted to logs and returned to the caller. For an internal API with agent tokens passed as headers this is lower risk, but bodies may still contain sensitive fields.

Fix: Redact known sensitive keys before logging; or log only field names and types, not values.

Proposed patch (model: claude-opus-4-7)

            import json as _json
            _SENSITIVE = {"password", "token", "secret", "hmac", "api_key", "apikey", "authorization"}
            def _redact(obj):
                if isinstance(obj, dict):
                    return {k: ("[REDACTED]" if k.lower() in _SENSITIVE else _redact(v)) for k, v in obj.items()}
                if isinstance(obj, list):
                    return [_redact(x) for x in obj]
                return obj
            body_repr = _json.dumps(_redact(_json.loads(body.decode("utf-8"))))
            body_repr = "[unparseable body redacted]"
        return JSONResponse(status_code=422, content={"detail": e.errors(), "body": body_repr})

—

_{Review f9650e85 · claude-opus-4-7 + gpt-5.5 (unanimous) · 111s · ~$0.40}