aitbc
13ada12b49
Security fixes: wildcard CORS, JWT auth, zero-address fallback
Phase 1 security remediation from codebase analysis:
CORS fixes:
- Replace wildcard CORS with safe localhost defaults in agent-coordinator
- Replace wildcard CORS with safe localhost defaults in marketplace
- Fix 8 additional wildcard CORS instances in coordinator-api apps:
- hermes_enhanced_app.py
- api_gateway.py
- modality_optimization_app.py
- multimodal_app.py
- gpu_multimodal_app.py
- marketplace_enhanced_app.py
- advanced_ai_service.py
- adaptive_learning_app.py
- Add CORS configuration security tests
Blockchain-node auth fixes:
- JWT authentication now fails closed with clear error message
- X-Wallet-Address already gated behind TRUST_X_WALLET_ADDRESS env var
- Remove zero-address fallback from arbitration vote submission
- Add regression test for zero-address rejection in arbitration
Tests:
- Update dispute auth tests to reflect new JWT error message
- Add test_arbitration_vote_zero_address_rejected
- Add test_cors_configuration.py with 5 CORS validation tests
2026-05-24 19:31:26 +02:00
..
2026-05-24 19:31:26 +02:00
2026-05-19 12:46:59 +02:00
2026-05-12 17:01:57 +02:00
2026-05-09 12:03:26 +02:00
2026-05-12 17:01:57 +02:00
2026-05-20 08:30:51 +02:00
2026-05-20 08:23:30 +02:00
2026-05-12 17:01:57 +02:00
2026-05-09 12:25:14 +02:00
2026-04-25 08:24:34 +02:00
2026-05-24 19:31:26 +02:00
2026-05-12 17:01:57 +02:00
2026-05-24 19:31:26 +02:00
2026-04-30 11:57:09 +02:00
2026-05-12 17:01:57 +02:00
2026-05-13 09:32:53 +02:00
2026-05-19 12:46:59 +02:00
2026-05-19 12:46:59 +02:00
2026-05-12 17:01:57 +02:00
2026-05-24 19:31:26 +02:00
2026-05-19 12:49:26 +02:00
2026-05-08 19:54:02 +02:00
2026-05-09 12:03:26 +02:00
2026-05-12 17:01:57 +02:00
2026-05-19 12:46:59 +02:00
2026-05-19 18:23:14 +02:00
2026-05-12 17:01:57 +02:00
2026-05-19 12:46:59 +02:00
2026-05-19 12:46:59 +02:00
2026-05-11 13:46:42 +02:00
2026-03-08 11:26:18 +01:00