Context
While building examples/web-capture (#631) — and as already true for examples/speech-gateway — both gateways are forced to use an admin-role token, even though they're trusted intermediaries that build a small set of fixed pipelines.
The reason: the built-in user role's allowed_nodes (see apps/skit/src/permissions.rs, Permissions::user) includes transport::moq::* but not transport::http::*, and excludes streamkit::* entirely. So a pipeline that uses transport::http::mse (live cast) or streamkit::http_input/streamkit::http_output (oneshot) is rejected for any non-admin role.
Problem
There's no least-privilege path for an HTTP-transport gateway. Using admin grants far more than needed (load/delete plugins, access all sessions, all nodes/plugins/assets), which is the wrong default for a token that's written to an env file on a public-facing box.
Proposal (one or both)
- Broaden the default
user role to allow the sink/IO HTTP nodes that aren't SSRF vectors — transport::http::mse, streamkit::http_input, streamkit::http_output — while keeping any HTTP fetcher node denied (the existing reason transport::http::* was excluded). The distinction is fetch-from-arbitrary-URL (risky) vs. serve/receive over the request the client already made (safe).
- And/or make a least-privilege custom role for gateways easy to express + document (e.g. a
gateway example role in the default config / docs).
Acceptance
A gateway like web-capture can run with a non-admin token that may create/destroy sessions and use plugin::native::servo + transport::http::mse (and the oneshot streamkit::http_* nodes) — without admin.
Refs: apps/skit/src/permissions.rs (user() allowed_nodes), examples/web-capture, examples/speech-gateway, #631.
Context
While building
examples/web-capture(#631) — and as already true forexamples/speech-gateway— both gateways are forced to use an admin-role token, even though they're trusted intermediaries that build a small set of fixed pipelines.The reason: the built-in
userrole'sallowed_nodes(seeapps/skit/src/permissions.rs,Permissions::user) includestransport::moq::*but nottransport::http::*, and excludesstreamkit::*entirely. So a pipeline that usestransport::http::mse(live cast) orstreamkit::http_input/streamkit::http_output(oneshot) is rejected for any non-admin role.Problem
There's no least-privilege path for an HTTP-transport gateway. Using
admingrants far more than needed (load/delete plugins, access all sessions, all nodes/plugins/assets), which is the wrong default for a token that's written to an env file on a public-facing box.Proposal (one or both)
userrole to allow the sink/IO HTTP nodes that aren't SSRF vectors —transport::http::mse,streamkit::http_input,streamkit::http_output— while keeping any HTTP fetcher node denied (the existing reasontransport::http::*was excluded). The distinction is fetch-from-arbitrary-URL (risky) vs. serve/receive over the request the client already made (safe).gatewayexample role in the default config / docs).Acceptance
A gateway like
web-capturecan run with a non-admin token that may create/destroy sessions and useplugin::native::servo+transport::http::mse(and the oneshotstreamkit::http_*nodes) — withoutadmin.Refs:
apps/skit/src/permissions.rs(user()allowed_nodes),examples/web-capture,examples/speech-gateway, #631.