mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(mosaic): gateway token recovery review remediations #414

Merged
jason.woltje merged 1 commits from fix/gateway-token-recovery-review into main 2026-04-05 06:13:30 +00:00
Conversation 0 Commits 1 Files Changed 5 +90 -30

1 Commits

Author SHA1 Message Date
Jarvis
ca214ccc76 fix(mosaic): address code review findings for gateway token recovery (CU-03-08)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details 
- auth.ts: write session.json with mode 0o600 (was world-readable; cookie is a credential)
- login.ts: add promptSecret() using TTY raw mode so password is not echoed to terminal
- login.ts: export promptLine() so token-ops.ts can use it (keeps prompts mockable in tests)
- login.ts: fix password trimming — do not trim() passwords (may have intentional whitespace)
- token-ops.ts: use promptLine/promptSecret from login.ts (replaces inline readline)
- token-ops.ts: persistToken() warns when --gateway targets a different host than meta.json
- gateway.ts: mark --password flag [UNSAFE] in help; emit console.warn when it is used
- recover-token.spec.ts: update mock to include promptLine/promptSecret from ./login.js

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 01:03:53 -05:00