Skip to content

[Amber] Fix: security(runner): reject direct AG-UI connections that bypass backend proxy#756

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
amber/issue-754-security-runner-reject-direct-ag-ui-connections-th
Draft

[Amber] Fix: security(runner): reject direct AG-UI connections that bypass backend proxy#756
github-actions[bot] wants to merge 1 commit intomainfrom
amber/issue-754-security-runner-reject-direct-ag-ui-connections-th

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 1, 2026

Automated Fix by Amber Agent

This PR addresses issue #754 using the Amber background agent.

Changes Summary

  • Action Type: auto-fix
  • Commit: 2869df3
  • Triggered by: Issue label/command

Pre-merge Checklist

  • All linters pass
  • All tests pass
  • Changes follow project conventions (CLAUDE.md)
  • No scope creep beyond issue description

Reviewer Notes

This PR was automatically generated. Please review:

  1. Code quality and adherence to standards
  2. Test coverage for changes
  3. No unintended side effects

🤖 Generated with Amber Background Agent

Closes #754

@claude
security(runner): reject direct AG-UI connections that bypass backend…
2869df3 
… proxy

Adds a shared proxy secret (RUNNER_PROXY_SECRET) that the backend sends as
Authorization: Bearer when forwarding requests to runner pods. The runner
validates this header on all write endpoints, returning 403 for requests
that lack a valid token. Middleware is a no-op when RUNNER_PROXY_SECRET is
unset (dev/test environments).

- operator: generates a static proxy-secret UUID in the runner token secret
  at session creation; injects RUNNER_PROXY_SECRET env var into runner pods
- backend: reads proxy-secret from K8s secret and sets Authorization header
  on all proxied calls (run, interrupt, feedback, capabilities, mcp/status)
- runner: ProxyAuthMiddleware validates Authorization: Bearer on POST/PUT/
  PATCH/DELETE endpoints; /health is always public for liveness probes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added amber-generated PR created by Amber background agent auto-fix labels Mar 1, 2026
@github-actions github-actions bot mentioned this pull request Mar 1, 2026
Open
@jeremyeder jeremyeder marked this pull request as draft March 1, 2026 22:19
@jeremyeder
Copy link
Collaborator

jeremyeder commented Mar 1, 2026

This needs discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

amber-generated PR created by Amber background agent auto-fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

security(runner): reject direct AG-UI connections that bypass backend proxy

1 participant

@jeremyeder