mirror of
https://github.com/garrytan/gstack.git
synced 2026-07-18 21:47:20 +02:00
docs: bump tunnel allowlist count 17 -> 26 in CLAUDE.md and REMOTE_BROWSER_ACCESS.md
Both docs already named the 9 new commands as remote-accessible (the operator guide's per-command sections at lines 86-119 and 168, plus cli.ts:546-586's instruction blocks). The allowlist count was the only place the drift was visible. Also corrected REMOTE_BROWSER_ACCESS.md's denied-commands list: 'eval' is in the allowlist, not the denied list — prior doc was wrong. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -258,7 +258,7 @@ through `POST /pty-session` only.
|
||||
**Transport-layer security** (v1.6.0.0+). When `pair-agent` starts an ngrok tunnel,
|
||||
the daemon binds two HTTP listeners: a local listener (127.0.0.1, full command
|
||||
surface, never forwarded) and a tunnel listener (locked allowlist: `/connect`,
|
||||
`/command` with a scoped token + 17-command browser-driving allowlist,
|
||||
`/command` with a scoped token + 26-command browser-driving allowlist,
|
||||
`/sidebar-chat`). ngrok forwards only the tunnel port. Root tokens over the tunnel
|
||||
return 403. SSE endpoints use a 30-minute HttpOnly `gstack_sse` cookie minted via
|
||||
`POST /sse-session` (never valid against `/command`). Tunnel-surface rejections go
|
||||
|
||||
Reference in New Issue
Block a user