Skip to content

fix: harden imported registry source and remote-only execution boundaries #50

Description

@rodaddy

Found during the Herdr landed-PR review swarm for PR #41.

Problem

Imported registry entries can currently preserve local-capable execution state,
and explicit remote-only service selection can still fall through to a local
daemon path when no remote URL is configured.

Evidence from the reviewed head:

  • src/config/loader.ts:322 preserves importedService.source.
  • src/config/schema.ts:38 permits local/stdio-capable service source values.
  • tests/config/loader.test.ts:537 codifies preservation of imported source.
  • src/process/client.ts:417 routes locally when source === "local" || !remote.

This is a trust-boundary bug. Imported registries should not be able to make a
client execute local commands, and source: "remote" should fail closed when no
remote endpoint is available.

Related but not sufficient coverage: #47 covers a narrower Open Brain
remote-local auth fallback case. This issue covers imported registry source
hardening and explicit remote-only routing.

Acceptance criteria

  • Imported registry services are forced to remote-safe source semantics, or
    local-capable imported backends/fallbacks are rejected.
  • Explicit source: "remote" fails closed when no remote configuration exists.
  • Regression tests cover imported registry source override/rejection.
  • Regression tests cover remote-only service configuration with no remote URL.
  • Relevant typecheck/test command is run and recorded in the fixing PR.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions