Skip to content

[AUTOMATION] fix(clawpatch): restrict guard daemon to loopback#245

Open
michiosw wants to merge 1 commit into
mainfrom
clawpatch-daily-guard-loopback
Open

[AUTOMATION] fix(clawpatch): restrict guard daemon to loopback#245
michiosw wants to merge 1 commit into
mainfrom
clawpatch-daily-guard-loopback

Conversation

@michiosw

@michiosw michiosw commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Where We Are

Guard accepts any --addr or KONTEXT_ADDR value today. If someone starts it on 0.0.0.0:4765, the unauthenticated dashboard and API become reachable off-machine.

Where We Want To Go

Guard should stay local-only by default. The daemon must reject non-loopback bind addresses before it starts listening.

How do we get there

Add loopback-only address validation in runDaemon and cover accepted and rejected addresses with focused CLI tests. Verified with go test ./..., go vet ./..., npm exec --yes --package pnpm@10.0.0 -- pnpm install --frozen-lockfile, npm exec --yes --package pnpm@10.0.0 -- pnpm --dir web/guard-dashboard typecheck, and git diff --check.

@michiosw Graphite App

michiosw commented Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@greptile-apps

greptile-apps Bot commented Jun 3, 2026

Copy link
Copy Markdown

Greptile Summary

This PR restricts the Guard daemon bind address to local-only values. The main changes are:

  • Adds daemon address validation after CLI flag parsing.
  • Allows localhost and loopback IP bind addresses.
  • Rejects wildcard, non-loopback, hostless, and malformed daemon addresses.
  • Adds focused unit tests for accepted and rejected address values.

Confidence Score: 4/5

This is close, but the localhost validation gap should be fixed before merging.

  • The new guard blocks direct wildcard and non-loopback literals.

  • localhost still passes without proving it resolves only to loopback addresses.

  • That can leave the unauthenticated daemon reachable off-machine on systems with unusual resolver configuration.

  • internal/guard/cli/cli.go

Security Review
  • Loopback validation bypass in internal/guard/cli.validateDaemonAddr: localhost is accepted without resolving or normalizing before the daemon binds.

Important Files Changed

Filename Overview
internal/guard/cli/cli.go Adds daemon bind-address validation before startup continues.
internal/guard/cli/cli_test.go Adds unit coverage for accepted loopback and rejected non-loopback daemon addresses.

Reviews (1): Last reviewed commit: "fix(clawpatch): restrict guard daemon to..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread internal/guard/cli/cli.go
Comment on lines +774 to +775
if strings.EqualFold(host, "localhost") {
return nil

@greptile-apps greptile-apps Bot Jun 3, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 security Resolve localhost before accepting

This branch accepts localhost without checking what address it resolves to, then runDaemon passes the original host string to ListenAndServe. If a local resolver or hosts file maps localhost to a non-loopback interface, kontext guard start --addr localhost:4765 passes this guard and can still expose the unauthenticated dashboard/API off-machine. Resolve localhost and verify the resolved bind addresses are loopback, or normalize it to a known loopback literal before listening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@michiosw