[Feature]: Authenticate local daemon and add per-adapter permissions #268
Description
Feature Description
Feature Description:
The local daemon on port 19825 currently accepts
connections from any process on the machine
without authentication. Since it bridges to
authenticated browser sessions, this means any
local process (including malware or rogue AI
agents) can access all logged-in sites.
Suggested improvements:
- Daemon authentication: require a shared
secret or token handshake so only authorized
clients can connect - Per-adapter permissions: let users
whitelist which site adapters are accessible,
instead of all or nothing - Audit log: log every command that touches
an authenticated session (timestamp, caller,
action)
Use Case
As a user running OpenCLI alongside AI agents, I
want the daemon to require authentication and
support per-adapter permissions, so that I can
control which sessions are exposed and ensure no
unauthorized process can silently access my
logged-in accounts.
Proposed Solution
● Proposed Solution:
-
Daemon auth: Generate a random token on
first run, store it in~/.opencli/token. The CLI
and Chrome extension read it automatically.
Daemon rejects any WebSocket connection that
doesn't present the token in the handshake. -
Per-adapter permissions: Add an
allowed_adapterslist in
~/.opencli/config.yaml. Default to empty
(nothing exposed). Users explicitly opt in per
site:allowed_adapters: [twitter, youtube]. -
Audit log: Write to
~/.opencli/audit.log
one line per request with timestamp, adapter
name, command, and caller. Rotate at 5MB.
Alternatives Considered
No response