Five confirmed findings from a 46-agent review panel:
- Empty --mgmt-token no longer satisfies the non-loopback token gate
(critical: 'Bearer ' with an empty token authenticated; parse_serve now
bails on blank tokens and mgmt::run treats blank as none)
- axum's built-in body rejections (400/415/422) now wear the documented
ApiError envelope via an ApiJson extractor, and the spec documents them
- GET /health carries security([{}]) in the spec, matching the server's
auth exemption
- unpairClient's description no longer claims revocation the TLS layer
doesn't enforce yet (gamestream/tls.rs accepts any cert — known gap)
- CLAUDE.md/README.md no longer reference the deleted web.rs
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -145,7 +145,16 @@ fn parse_serve(args: &[String]) -> Result<mgmt::Options> {
|
||||
.parse()
|
||||
.map_err(|_| anyhow::anyhow!("bad --mgmt-bind (want IP:PORT)"))?
|
||||
}
|
||||
"--mgmt-token" => opts.token = Some(next()?),
|
||||
"--mgmt-token" => {
|
||||
let token = next()?;
|
||||
// An empty token would satisfy the non-loopback "token required" guard
|
||||
// while authenticating nobody (or, worse, everybody) — refuse it loudly
|
||||
// rather than letting `--mgmt-token "$UNSET_VAR"` ship a dead credential.
|
||||
if token.trim().is_empty() {
|
||||
bail!("--mgmt-token must not be empty");
|
||||
}
|
||||
opts.token = Some(token);
|
||||
}
|
||||
"-h" | "--help" => {
|
||||
print_usage();
|
||||
std::process::exit(0);
|
||||
|
||||
Reference in New Issue
Block a user