463908b18e
Two HIGH findings from automated review on the generator, both fixed:
1. Cross-tenant inbox access: per-license users were granted _INBOX.>,
letting license A subscribe to license B's request-reply responses.
Now scoped to corrosion.{license}.> ONLY; replies must ride the
license namespace (corrosion.{license}.reply.<id>) — documented in
PROTOCOL.md. Agent unchanged (responds to msg.reply); constraint is
on the requester (internal user has full >).
2. Default-open auth bypass: generator defaulted to stage=open with a
full-access anonymous user — a stale regen left the broker wide open.
Now defaults to enforce (secure by default); the explicit 'open'
migration stage maps anonymous to a harmless corrosion.unclaimed.>
namespace, never real tenant subjects. Committed bootstrap default
hardened the same way.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
17 lines
812 B
Plaintext
17 lines
812 B
Plaintext
# BOOTSTRAP DEFAULT — no secrets, safe to commit.
|
|
#
|
|
# Anonymous is mapped to a HARMLESS namespace (corrosion.unclaimed.>), never to
|
|
# real tenant subjects (corrosion.{uuid}.>) — so a fresh/stale deploy running
|
|
# this default cannot read or forge any tenant's traffic. The REST API still
|
|
# works; agent telemetry just won't flow until the real config is generated.
|
|
#
|
|
# On every real deploy, scripts/generate-nats-auth.mjs OVERWRITES this file
|
|
# (on the host, not in git) with the privileged internal user + per-license
|
|
# scoped users. NATS_AUTH_STAGE defaults to "enforce" (anonymous rejected).
|
|
authorization {
|
|
users: [
|
|
{ user: "anonymous", password: "", permissions: { publish: { allow: ["corrosion.unclaimed.>"] }, subscribe: { allow: ["corrosion.unclaimed.>"] } } }
|
|
]
|
|
no_auth_user: "anonymous"
|
|
}
|