Skip to content

R13: Secure eval-server non-loopback binding #52

Description

@100yenadmin

Retain GITNEXUS_AUTH_TOKEN. Loopback may run without a token; non-loopback startup must refuse unless a token exists. Validate Authorization: Bearer, compare safely, return 401, and redact credentials from logs and errors.

Acceptance: no non-loopback unauthenticated start, health/tool routes follow the documented auth contract, wrong or missing tokens fail, and logs contain no token material.

Validation: subprocess bind/auth tests including IPv4 and IPv6 loopback classification.

Parent epic: #39

Tracking ID: R13

Metadata

Metadata

Assignees

No one assigned

    Labels

    P0Release-blocking priority zero workevidence-gateMust close with retained validation evidencereconciliationUpstream reconciliation programrelease-blockerBlocks promotion or release readinessupstream-candidateGeneric change eligible for sanitized upstream contribution after fork proof

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions