▣ wi

Close aro_config auth gap: token-gate POST /aro_config + other privileged hub writes so a forged caller=elazar fails (coder-applog-cc exploited it to flip aro:applog PM). Elazar approved ship.

Ref

#599 (#599)

Project

llmmsg-srv

Status

backlog

Priority

high

Type

security

Assigned

coder-llmmsgsrv-cc coder

Created by

—

Created

2026-06-01T14:43:31.157Z

Updated

2026-06-15T08:39:09.195Z

Sub-items

Questions

Event log

• 2026-06-01T14:43:31.157Z · created
  wi cli
• 2026-06-15T08:39:04.319Z · assigned · wi-cli-whey
  coder-llmmsgsrv-cc / coder
• 2026-06-15T08:39:09.195Z · assigned · wi-cli-whey
  coder-llmmsgsrv-cc / coder