Skip to content

Releases: plwp/fable-meat-proxy

v0.2.0 — security hardening

Choose a tag to compare

@plwp plwp released this 29 Jun 00:58
b1503cb

Security-hardening release following a two-pass Codex red-team (#1). On PyPI via Trusted Publishing.

Highlights

  • Reply authentication — each Fable request carries an unguessable 144-bit token (in the email body and Message-ID); a reply is accepted only if it echoes the token, so a forged From: header no longer injects a response.
  • Exact model routingFABLE_MODELS allowlist (default claude-fable-5) replaces substring matching, so not-fable/…-fable-debug can't divert prompts to the human. (behavior change)
  • No Fable bypassstream, with_raw_response/with_streaming_response, count_tokens, and the beta messages surface all reject Fable instead of hitting the real API.
  • Secretstoken.json created 0600, symlink-safe (O_NOFOLLOW + fchmod); loose-perm tokens tightened before use.
  • Parsing — attachments skipped; HTML fallback drops comments and hidden text.
  • Prompt-injection note in the outgoing email; FABLE_POLL_INTERVAL floor.

74 offline tests; CI green on Python 3.11–3.13.

Full notes: CHANGELOG · compare v0.1.0...v0.2.0