Pulse/cmd
rcourtman 734cebb4dc feat(security): Implement GID authorization enforcement
Fixes bug where allowed_peer_gids was populated from config but never
checked during authorization, creating false sense of security.

Changes:
- authorizePeer() now checks GIDs in addition to UIDs
- Peer authorized if UID OR GID matches allowlist
- Debug logging shows which rule granted access (UID vs GID)
- Full test coverage for GID-based authorization

Security benefit: GID-based policies now actually enforced as
administrators expect.

Related to security audit 2025-11-07.

Co-authored-by: Codex <codex@openai.com>
2025-11-07 17:09:16 +00:00
..
hashpw Add hashpw utility for generating password hashes 2025-11-06 16:46:56 +00:00
pulse Improve bootstrap token UX for easier discovery 2025-11-06 17:29:49 +00:00
pulse-docker-agent Improve Alpine Linux support and agent startup validation 2025-11-05 19:01:09 +00:00
pulse-host-agent Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
pulse-sensor-proxy feat(security): Implement GID authorization enforcement 2025-11-07 17:09:16 +00:00