▣ wi

aro_config caller field unauthenticated - light-scope hardening

Ref

#524 (#524)

Project

llmmsg-srv

Status

backlog

Priority

normal

Type

bug

Assigned

—

Created by

—

Created

2026-05-23T06:20:43.242Z

Updated

2026-05-23T06:20:48.756Z

Sub-items

Questions

Event log

• 2026-05-23T06:20:43.242Z · created
  wi cli
• 2026-05-23T06:20:48.756Z · note
  Verified 2026-05-23-03:14: POST /aro_config trusts request-body caller field. Any registered agent can claim caller=elazar-the-user-human-llmmsg-srv and flip any ARO PM. Per Elazar (mphykzheefsf): keep simple and light - all CCs run on Elazar's machines, goal is preventing accidental/buggy flips, not adversarial. Brainstorm later. Stub options: loopback-only POST; log-and-DM-Elazar on every flip; require caller match registered session.