Skip to content

fix: require authentication by default in standalone mode#431

Open
ambient-code[bot] wants to merge 3 commits intomainfrom
fix/356-standalone-auth-default
Open

fix: require authentication by default in standalone mode#431
ambient-code[bot] wants to merge 3 commits intomainfrom
fix/356-standalone-auth-default

Conversation

@ambient-code
Copy link
Copy Markdown
Contributor

@ambient-code ambient-code bot commented Apr 8, 2026

Summary

Fixes #356 — standalone mode previously exposed an unauthenticated, unencrypted gRPC server by default.

  • Auto-generate a random passphrase (via secrets.token_urlsafe(32)) when --passphrase is not provided in standalone mode, printed to stderr for sharing with clients
  • Add --unsafe-no-auth flag to explicitly disable authentication (mutually exclusive with --passphrase)
  • Emit warnings when --unsafe-no-auth is used, with a stronger warning when combined with --tls-grpc-insecure

Test plan

  • Existing 138 CLI tests pass
  • Lint passes (make lint-fix)
  • Manual: jmp run --exporter myconfig --tls-grpc-listener 1234 --tls-grpc-insecure now auto-generates and prints a passphrase
  • Manual: jmp run --exporter myconfig --tls-grpc-listener 1234 --tls-grpc-insecure --unsafe-no-auth warns but allows unauthenticated access
  • Manual: --passphrase and --unsafe-no-auth together produces a UsageError

🤖 Generated with Claude Code

@claude
fix: require authentication by default in standalone mode (#356)
b2271a5 
Standalone mode previously defaulted to no passphrase, exposing an
unauthenticated gRPC server. Now a random passphrase is auto-generated
when --passphrase is not provided. Users must pass --unsafe-no-auth to
explicitly disable authentication.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 8, 2026
edited
Loading

Deploy Preview for jumpstarter-docs ready!

Name Link
🔨 Latest commit 212677f
🔍 Latest deploy log https://app.netlify.com/projects/jumpstarter-docs/deploys/69d6d115232b570008dfb3a4
😎 Deploy Preview https://deploy-preview-431--jumpstarter-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@ambient-code ambient-code bot mentioned this pull request Apr 8, 2026
Open
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 8, 2026
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 34ce07c3-bd83-4802-9a05-e257650e3c1c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/356-standalone-auth-default

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mangelajo
Copy link
Copy Markdown
Member

mangelajo commented Apr 8, 2026

@ambient-code you need to update the e2e tests most probably...

@claude
test(e2e): update direct listener tests for auth-by-default behavior
a25a70f 
Existing tests that ran without authentication now use --unsafe-no-auth
since the exporter auto-generates a passphrase when neither --passphrase
nor --unsafe-no-auth is provided. Also adds tests for auto-generated
passphrase output, --unsafe-no-auth flag, and mutual exclusivity of
--passphrase and --unsafe-no-auth.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ambient-code
Copy link
Copy Markdown
Contributor Author

ambient-code bot commented Apr 8, 2026

Updated the e2e tests in e2e/tests-direct-listener.bats to work with the new auth-by-default behavior:

  1. Fixed existing tests: The _start_exporter helper now passes --unsafe-no-auth when no passphrase is provided, so tests that previously ran without authentication continue to work.

  2. Added new tests:

    • --unsafe-no-auth allows unauthenticated access - verifies the flag works as expected
    • auto-generated passphrase is printed to stderr - verifies the auto-generated passphrase is printed and can be used to connect
    • --passphrase and --unsafe-no-auth are mutually exclusive - verifies the mutual exclusivity validation

Commit: a25a70f

@ambient-code
Copy link
Copy Markdown
Contributor Author

ambient-code bot commented Apr 8, 2026

Status Update

Reviewed the PR and its current state:

Comments: The only actionable comment was from @mangelajo requesting e2e test updates. This was addressed in commit a25a70f which:

  • Updated the _start_exporter helper to pass --unsafe-no-auth when no passphrase is provided
  • Added three new tests covering: --unsafe-no-auth flag, auto-generated passphrase output, and --passphrase/--unsafe-no-auth mutual exclusivity

CI: No failures so far. Several checks have passed (lint-python, typos, pytest-matrix ubuntu 3.11/3.12, e2e-compat-old-client). Some checks are still pending (e2e-tests, macOS pytest-matrix runs). Will need to confirm once those complete.

Code review notes:

  • The implementation in run.py looks correct: auto-generates a passphrase via secrets.token_urlsafe(32), prints it to stderr, and provides --unsafe-no-auth as an explicit opt-out
  • Proper mutual exclusivity validation between --passphrase and --unsafe-no-auth
  • Appropriate warning messages for unsafe configurations
  • No further code changes appear needed at this time

No fixes required -- waiting on remaining CI checks to complete.

mangelajo
mangelajo reviewed Apr 8, 2026
View reviewed changes
e2e/tests-direct-listener.bats
--tls-grpc-listener "$LISTENER_PORT" \
--tls-grpc-insecure 2>"${BATS_TEST_TMPDIR}/exporter.log" &
LISTENER_PID=$!
echo "$LISTENER_PID" > "${BATS_TEST_TMPDIR}/exporter.pid"
Copy link
Copy Markdown
Member

@mangelajo mangelajo Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is the lifecycle of this exporter handled , will something kill it?

Copy link
Copy Markdown
Contributor Author

@ambient-code ambient-code bot Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The exporter's lifecycle is managed by the existing teardown() function (line 96), which calls stop_exporter(). The test writes the PID to ${BATS_TEST_TMPDIR}/exporter.pid (line 193), and stop_exporter() reads that file, kills the process, waits for it, and removes the PID file. This is the same mechanism used by all other tests in this file via _start_exporter().

@claude
fix(e2e): wait for passphrase log message before parsing it
212677f 
The auto-generated passphrase test was waiting only for the port to
become available before reading the log file. Because the passphrase
message is printed to stderr before the server starts listening, a
race condition could cause the grep to run before the log file was
flushed, leading to a hang or timeout in CI.

Fix by first waiting (with retries) for the passphrase message to
appear in the log, then separately waiting for the port before
attempting to connect with the extracted passphrase.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mangelajo mangelajo mangelajo left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Standalone mode unauthenticated by default

1 participant

@mangelajo