fix(mosaic): gateway token recovery review remediations (#414)

2026-04-05 06:13:29 +00:00
parent 3abd63ea5c
commit 119ff0eb1b
5 changed files with 90 additions and 30 deletions
--- a/packages/mosaic/src/auth.ts
+++ b/packages/mosaic/src/auth.ts
@@ -74,7 +74,8 @@ export function saveSession(gatewayUrl: string, auth: AuthResult): void {
    expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(), // 7 days
  };

-  writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2), 'utf-8');
+  // 0o600: owner read/write only — the session cookie is a credential
+  writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2), { encoding: 'utf-8', mode: 0o600 });
 }

 /**