Retain GITNEXUS_AUTH_TOKEN. Loopback may run without a token; non-loopback startup must refuse unless a token exists. Validate Authorization: Bearer, compare safely, return 401, and redact credentials from logs and errors.
Acceptance: no non-loopback unauthenticated start, health/tool routes follow the documented auth contract, wrong or missing tokens fail, and logs contain no token material.
Validation: subprocess bind/auth tests including IPv4 and IPv6 loopback classification.
Parent epic: #39
Tracking ID: R13
Retain
GITNEXUS_AUTH_TOKEN. Loopback may run without a token; non-loopback startup must refuse unless a token exists. ValidateAuthorization: Bearer, compare safely, return 401, and redact credentials from logs and errors.Acceptance: no non-loopback unauthenticated start, health/tool routes follow the documented auth contract, wrong or missing tokens fail, and logs contain no token material.
Validation: subprocess bind/auth tests including IPv4 and IPv6 loopback classification.
Parent epic: #39
Tracking ID:
R13