fastapi-gsap

SHA256

History

Tyler J King 782f5654ac fix: shared bearer auth, delegation depth, SQLite permissions C-4: MCP endpoint requires verified bearer token. Unauthenticated requests rejected. _extract_principal() replaced by verified AuthResult from middleware. C-8: All delegation endpoints require verified bearer token. X-Delegator-DID header removed — identity from token only. delegator_ac_id validated to belong to authenticated principal. Only delegators can revoke. Only delegator/delegate can view. H-6: SQLite file permissions restricted to 0o600 (owner-only). Umask set before creation. WAL/SHM files also restricted. H-7: Delegation depth tracked and enforced against max_delegation_depth. Sub-delegations increment depth. Exceeded depth → 403. Shared TokenAuthenticator auto-detects identity driver from JWT issuer claim (Keycloak or Entra). verify_bearer FastAPI dependency for all protected endpoints. Health endpoint remains public. ALL 10 critical findings CLOSED. ALL 10 high findings CLOSED. Signed-off-by: Tyler King <tking@guildhouse.dev>	2026-04-14 17:31:46 -04:00
..
__init__.py	fix: shared bearer auth, delegation depth, SQLite permissions	2026-04-14 17:31:46 -04:00
middleware.py	fix: shared bearer auth, delegation depth, SQLite permissions	2026-04-14 17:31:46 -04:00

Tyler J King 782f5654ac fix: shared bearer auth, delegation depth, SQLite permissions

C-4: MCP endpoint requires verified bearer token. Unauthenticated
     requests rejected. _extract_principal() replaced by verified
     AuthResult from middleware.
C-8: All delegation endpoints require verified bearer token.
     X-Delegator-DID header removed — identity from token only.
     delegator_ac_id validated to belong to authenticated principal.
     Only delegators can revoke. Only delegator/delegate can view.
H-6: SQLite file permissions restricted to 0o600 (owner-only).
     Umask set before creation. WAL/SHM files also restricted.
H-7: Delegation depth tracked and enforced against max_delegation_depth.
     Sub-delegations increment depth. Exceeded depth → 403.

Shared TokenAuthenticator auto-detects identity driver from JWT
issuer claim (Keycloak or Entra). verify_bearer FastAPI dependency
for all protected endpoints. Health endpoint remains public.

ALL 10 critical findings CLOSED. ALL 10 high findings CLOSED.

Signed-off-by: Tyler King <tking@guildhouse.dev>

2026-04-14 17:31:46 -04:00

__init__.py

fix: shared bearer auth, delegation depth, SQLite permissions

2026-04-14 17:31:46 -04:00

middleware.py

fix: shared bearer auth, delegation depth, SQLite permissions

2026-04-14 17:31:46 -04:00