fix(proxy): egress opt-in hardening + notification offload + audit backend close#174
Conversation
… backend Three findings from the #173 review, fixed before cutting the v0.45.1 release: - _egress_guard: allow_private bypassed the whole block set, so opting into private upstream hosts also re-opened 0.0.0.0, multicast, and reserved ranges. The never-routable classes (metadata, unspecified, reserved, multicast) are now always refused; only loopback/link-local/private are gated by the opt-in. Adds a regression test asserting the opt-in still refuses those classes. - mcp_proxy HTTP transport: the JSON-RPC notification branch still called _handle_client_notification inline, so a slow upstream notify() could park the event loop the request-path fix just freed. Offloaded to a worker thread on the same copied context. - cli: the three SQLiteAuditBackend call sites (compliance dashboard, assess, trail receipt) never closed the backend, leaking the connection and locking the DB file under in-process invocation. Context-managed. 1072 passed, ruff clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 31 minutes and 33 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (6)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Egress opt-in narrowed to the private classes, HTTP notification path offloaded, and the SQLiteAuditBackend leak in the three CLI trail readers, all under the existing 0.45.1 security theme. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
server-vaara-server.json was left at 0.45.0 in the release bump; both registry slots must carry 0.45.1 for mcp-publisher to land the right version. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 participant
Three #173-review findings fixed before cutting v0.45.1: egress allow_private no longer re-opens 0.0.0.0/multicast/reserved (only loopback/link-local/private are gated); HTTP notification branch offloaded to a worker thread; SQLiteAuditBackend context-managed at all three CLI call sites. 1072 passed, ruff clean.