Pulse/cmd
rcourtman 848860a9a3 Address Codex security review feedback
Changes based on independent Codex review:

1. Elevated log level from Debug to Warn for permissive mode fallback
   - Operators now see "SECURITY: Cluster validation unavailable" in
     journalctl at default log level
   - Added similar warning on startup when running in permissive mode
   - Makes it obvious when node validation is bypassed

2. Added runtime fallback for AF_NETLINK restrictions
   - New discoverLocalHostAddressesFallback() shells out to 'ip addr'
   - Triggered when net.Interfaces() fails with netlinkrib error
   - Ensures existing installations work even without systemd unit update
   - Logs recommendation to update systemd unit for better performance

3. Improved security awareness
   - Changed message to explicitly state "allowing all nodes"
   - Recommends configuring allowed_nodes for security
   - Makes permissive fallback behavior transparent to operators

Related to #571 - temperature monitoring on standalone nodes

These changes ensure the fix works for existing installations that
haven't updated their systemd units, while clearly communicating when
the proxy is running in an insecure permissive mode.
2025-11-13 13:55:26 +00:00
..
hashpw Add hashpw utility for generating password hashes 2025-11-06 16:46:56 +00:00
pulse Fix bootstrap-token command to use correct env var and default path 2025-11-09 23:46:41 +00:00
pulse-docker-agent Add OCI labels to Docker images and --version flag to docker-agent 2025-11-11 11:52:20 +00:00
pulse-host-agent Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
pulse-sensor-proxy Address Codex security review feedback 2025-11-13 13:55:26 +00:00