Skip to content

(3/6) validate mount policy paths#40

Merged
philipnee merged 1 commit intomainfrom
hardening/03-mount-policy-validation
Apr 29, 2026
Merged

(3/6) validate mount policy paths#40
philipnee merged 1 commit intomainfrom
hardening/03-mount-policy-validation

Conversation

@philipnee
Copy link
Copy Markdown
Owner

@philipnee philipnee commented Apr 29, 2026

Why

Client permissions are a load-bearing security boundary. The schema accepted empty action grants, unsupported wildcard forms, and paths that did not point at any configured mount or proxy source. That made typoed policies easy to miss until runtime.

What changed

  • Require each permission entry to include at least one action.
  • Reject permission wildcards except the supported trailing /** subtree form.
  • Validate permission paths against configured mount paths and legacy proxy source roots.
  • Reject wildcard mount paths.
  • Normalize mount paths before duplicate-path detection.
  • Expand config tests for invalid policy paths, empty action lists, global grants, nested mount grants, and wildcard mount paths.

How

The config superRefine pass now builds known policy roots from mounts and proxy source ids, then checks every client permission against those roots. The global /** permission remains valid for all-source clients.

Changed files

  • src/config/schema.ts
  • tests/config.test.ts

Verification

  • npm test -- tests/config.test.ts
  • npm run verify

@philipnee philipnee merged commit a7ba6d5 into main Apr 29, 2026
7 checks passed
@philipnee philipnee deleted the hardening/03-mount-policy-validation branch April 29, 2026 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@philipnee