Skip to content

v0.3.0 - Security-First: Remove Mock Mode, Docker-Only Examples

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Feb 10:08
v0.3.0
d58a1cc

Release v0.3.0 - Security-First Major Release

🚨 BREAKING CHANGES

This is a major security-focused release with breaking changes to ensure safe-by-default operation.

Removed: Mock Mode

  • Mock mode has been completely removed
  • Authentication is now always required with no bypass option
  • Bridge will fail to start without JWT_SECRET

Changed: Example Deployment

  • All examples now run in Docker containers only
  • No more native mock mode execution
  • Examples provide isolated, secure testing environments

Changed: Default Bind Address

  • Default changed from 0.0.0.0 to 127.0.0.1 (localhost only)
  • Reduces accidental network exposure

🔒 Security Improvements

  • Mandatory authentication: No way to disable auth
  • Docker isolation: All examples run in containers
  • Simplified security model: JWT_SECRET always required
  • No ambiguous states: Clear security posture

🐳 Docker Examples

All examples now include docker-compose.yml:

# Set JWT secret (required)
export JWT_SECRET=$(openssl rand -base64 32)

# Run example in Docker
cd examples/quickstart
docker-compose up

Available examples:

  • examples/quickstart/ - Basic bridge with simulated robot
  • examples/fleet/ - Multi-robot fleet coordination
  • examples/arm/ - Robot arm control simulation

📚 Updated Documentation

  • README.md - Updated for Docker-only workflow
  • SECURITY.md - New security policy with mandatory auth
  • CHANGELOG.md - Detailed breaking changes

⚠️ Migration from v0.2.x

Before:

# No JWT required in mock mode
python demo/mock_bridge.py

After:

# JWT always required
export JWT_SECRET=$(openssl rand -base64 32)
docker-compose up

🎯 Why This Change?

Previous versions had a security ambiguity: JWT_SECRET was "required" but mock mode could bypass authentication. This created confusion and potential security risks.

v0.3.0 eliminates all ambiguity:

  • Auth is mandatory
  • No bypass mechanisms
  • Clear, consistent security model

📊 Stats

  • Version: v0.3.0
  • Breaking: Yes (major version bump)
  • Security: Hardened
  • Examples: Docker-only

🔗 Links

Security is not optional. JWT auth always required.

Assets 2
Loading