Public-flip audit: generalize internal hosts/paths + drop Sulkta-internal refs
URLs, mount paths, and LAN host bindings parameterized via env or relative paths
so the repo stands up from a clean clone anywhere. Drop cross-codebase refs
("mirrors clawdforge's pattern"), Sulkta-Coop client/merchant test fixtures,
and audit-changelog scaffolding from comments. README terser, technical content
preserved.
This commit is contained in:
parent
8b1774130b
commit
b335405c02
23 changed files with 238 additions and 266 deletions
|
|
@ -1,6 +1,5 @@
|
|||
"""Bearer + IP allowlist authentication.
|
||||
|
||||
Mirrors clawdforge's pattern:
|
||||
- Bearer tokens hashed at rest (SHA-256). No plaintext stored.
|
||||
- Per-token IP allowlist (CIDR list). NULL means "any RFC1918 + loopback"
|
||||
via the global LAN allowlist.
|
||||
|
|
@ -9,8 +8,7 @@ Mirrors clawdforge's pattern:
|
|||
- Loopback always allowed (test client uses 127.0.0.1; FastAPI's
|
||||
`request.client.host` returns 'testclient' under TestClient and we patch
|
||||
that in tests).
|
||||
- Bearer tokens NEVER appear in error messages or log lines. Same hygiene
|
||||
as clawdforge.
|
||||
- Bearer tokens NEVER appear in error messages or log lines.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue