fix: M2 — harden the management API after adversarial review

Five confirmed findings from a 46-agent review panel: - Empty --mgmt-token no longer satisfies the non-loopback token gate (critical: 'Bearer ' with an empty token authenticated; parse_serve now bails on blank tokens and mgmt::run treats blank as none) - axum's built-in body rejections (400/415/422) now wear the documented ApiError envelope via an ApiJson extractor, and the spec documents them - GET /health carries security([{}]) in the spec, matching the server's auth exemption - unpairClient's description no longer claims revocation the TLS layer doesn't enforce yet (gamestream/tls.rs accepts any cert — known gap) - CLAUDE.md/README.md no longer reference the deleted web.rs Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 22:00:22 +00:00
parent a339a0466e
commit bd25f5e02f
5 changed files with 115 additions and 20 deletions
@@ -53,7 +53,7 @@
          "clients"
        ],
        "summary": "Unpair a client",
-        "description": "Removes the pinned certificate; the client must pair again to reconnect.",
+        "description": "Removes the client's certificate from the pairing store. Caveat: the nvhttp TLS layer\ndoes not yet reject unlisted certificates (`gamestream/tls.rs` accepts any well-formed\nclient cert — a planned hardening step), so until that lands this removes the client\nfrom the listing without severing its ability to reconnect.",
        "operationId": "unpairClient",
        "parameters": [
          {
@@ -122,7 +122,10 @@
              }
            }
          }
-        }
+        },
+        "security": [
+          {}
+        ]
      }
    },
    "/api/v1/host": {
@@ -211,7 +214,7 @@
            "description": "PIN delivered to the waiting handshake"
          },
          "400": {
-            "description": "Malformed PIN",
+            "description": "Malformed PIN or unparseable JSON body",
            "content": {
              "application/json": {
                "schema": {
@@ -239,6 +242,26 @@
                }
              }
            }
+          },
+          "415": {
+            "description": "Body is not application/json",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ApiError"
+                }
+              }
+            }
+          },
+          "422": {
+            "description": "JSON body does not match the schema",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ApiError"
+                }
+              }
+            }
          }
        }
      }