Skip to content

v0.5.16 — dashboard hardening + audit journal

Choose a tag to compare

@zzallirog zzallirog released this 19 May 19:44

Security hardening release. Pure additive: no behaviour regressions,
no breaking API changes.

Added

  • Dashboard hardening middleware (coolstep/dashboard/security.py)
    — validates the HTTP Host header on every request and the Origin
    / Sec-Fetch-Site headers on mutating endpoints. Non-browser clients
    (curl, systemd timers, internal CLI) are unaffected.
  • coolstep-dashboard --allow-public bind guard. Non-loopback
    --host now requires the explicit flag. --allow-host <fqdn>
    extends the Host allowlist for reverse-proxy deployments.
  • Mode-switch audit journal/api/mode/{cool,quiet,off} append
    to actuator-journal.jsonl with prior mode + peer + X-Forwarded-For.
    Surfaced by /api/actuator-journal and coolstep inspect.
  • SECURITY.md + docs/security.md — single-user trust model + how
    to plug an authentication layer upstream.
  • docs/headless-deployment.md — SSH-tunnel, reverse-proxy-with-auth,
    and WireGuard deployment patterns.
  • README § 08 — short pointer to the security model.

Trust model

coolstep is a single-user local daemon. The dashboard binds
127.0.0.1:18889 by default; loopback is the gate. Authentication for
remote exposure is the operator's choice — the daemon stays small-scope
and pluggable. See docs/security.md for the
recommended patterns.

Tests

19 new cases in tests/dashboard/test_security.py covering middleware
behaviour, bind guard, and audit journal. 908/908 green.

Diff

12 files, +808 / −18 LOC vs v0.5.15. No data/ or internal files.