Skip to content

Sync master to dev (fast-follow): audit fixes #1842/#1846/#1847#1849

Merged
jaylfc merged 4 commits into
masterfrom
sync/dev-to-master-2
Jul 16, 2026
Merged

Sync master to dev (fast-follow): audit fixes #1842/#1846/#1847#1849
jaylfc merged 4 commits into
masterfrom
sync/dev-to-master-2

Conversation

@jaylfc

@jaylfc jaylfc commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Fast-follow of #1848 bringing the three audit fixes that landed on dev after that sync branched. Clean conflict-free merge; each commit already passed full CI on its own PR. Leaves only #1844 (frontend gate + mermaid, still in CI) to follow.

Summary by CodeRabbit

  • Security

    • Prevented local admin session cookies from being forwarded to upstream account services.
    • Strengthened signature verification to ensure content is tied to its declared author.
  • Bug Fixes

    • Improved verification for multi-author content chains.
    • Prevented oversized or invalid canvas geometry from affecting saved elements and snapshots.
    • Moved snapshot rendering off the main event loop for improved responsiveness.
    • Improved installer rerun behavior and process cleanup.
  • Tests

    • Added coverage for cookie isolation, author verification, chain validation, and canvas size limits.

jaylfc added 4 commits July 16, 2026 09:43
…reaper (#1846)

- already_installed compared rev-parse HEAD (a SHA) to HAILO_OLLAMA_REF (a
  branch name like main), which never matched, so every re-run needlessly
  re-fetched and re-installed. Compare resolved commits on both sides.
- The unit's ExecStartPre reaped with pkill -9 -f 'hailo-ollama', which kills
  any process whose command line merely contains that string (an editor, a
  tail). Match the exact server invocation (binary + serve + port) instead.

Note: the default upstream repo (hailo-ai/hailo-ollama) is not reachable via
git ls-remote, so a commit-SHA pin cannot be added here; that is tracked
separately under the Hailo backend work (#1771).
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@github-actions

Copy link
Copy Markdown

👋 Thanks for the PR! This one targets master, which is our
stable branch (it's what live installs track). Please retarget it to
dev — click Edit next to the PR title and change the base
branch dropdown from master to dev. Your commits and any review
carry over, nothing is lost.

See CONTRIBUTING.md for the branch model.

@jaylfc
jaylfc merged commit 4c66986 into master Jul 16, 2026
10 of 11 checks passed
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b4687f78-4230-4f77-a5b6-0eec9284f504

📥 Commits

Reviewing files that changed from the base of the PR and between 40b168e and 8e3b2c9.

📒 Files selected for processing (11)
  • scripts/install-hailo.sh
  • tests/test_hub_posts.py
  • tests/test_hub_store.py
  • tests/test_routes_account_proxy.py
  • tests/test_routes_account_proxy_hub_slice3.py
  • tests/test_routes_project_canvas.py
  • tinyagentos/hub/posts.py
  • tinyagentos/hub/store.py
  • tinyagentos/projects/canvas/render.py
  • tinyagentos/routes/account_proxy.py
  • tinyagentos/routes/project_canvas.py

📝 Walkthrough

Walkthrough

The changes bind hub signatures to declared authors, strip local session cookies from account proxy requests, clamp canvas geometry and snapshot dimensions, move PNG rendering off the event loop, and correct Hailo installer process cleanup and ref comparison.

Changes

Author-bound verification

Layer / File(s) Summary
Bind objects to declared authors
tinyagentos/hub/store.py, tests/test_hub_store.py
verify_object now requires the declared author fingerprint to match the signing public key, with matching and impersonation tests.
Resolve authors during chain verification
tinyagentos/hub/posts.py, tests/test_hub_posts.py
Chain verification resolves each entry’s author signing key and validates intact, tampered, broken-link, and deleted-content scenarios.

Proxy cookie sanitization

Layer / File(s) Summary
Sanitize upstream account requests
tinyagentos/routes/account_proxy.py, tests/test_routes_account_proxy.py, tests/test_routes_account_proxy_hub_slice3.py
The proxy removes taos_session before forwarding while preserving other cookies and omitting the header when none remain.

Canvas hardening

Layer / File(s) Summary
Clamp canvas geometry and snapshots
tinyagentos/routes/project_canvas.py, tinyagentos/projects/canvas/render.py, tests/test_routes_project_canvas.py
Element coordinates and sizes are bounded, snapshot dimensions are capped at 8192, and PNG rendering is moved to a worker thread.

Hailo installer corrections

Layer / File(s) Summary
Tighten process cleanup and ref checks
scripts/install-hailo.sh
Systemd cleanup targets the configured serve command, and idempotency compares resolved commit SHAs.

Estimated code review effort: 3 (Moderate) | ~30 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant AccountProxy
  participant TaosMy
  Client->>AccountProxy: Send cookies
  AccountProxy->>AccountProxy: Remove taos_session
  AccountProxy->>TaosMy: Forward remaining cookies
Loading

Possibly related PRs

  • jaylfc/taOS#1803: Also changes Hailo installer process cleanup and pinned-ref idempotency behavior.
  • jaylfc/taOS#1842: Implements overlapping canvas geometry, snapshot dimension, and threaded rendering hardening.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch sync/dev-to-master-2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gitar-bot

gitar-bot Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

You are using the Gitar free plan. Upgrade to unlock code review, CI analysis, auto-apply, custom automations, and more.

Gitar

Comment thread tinyagentos/hub/store.py
expected_author = identity.fingerprint(signing_pubkey_hex)
if not isinstance(author, str) or author != expected_author:
return False
return identity.verify_signature(signing_pubkey_hex, canonical_bytes(obj), sig)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: verify_object does not check whether the resolved signing_pubkey_hex itself is a valid hex string before identity.fingerprint/verify_signature parse it.

identity.fingerprint does bytes.fromhex(signing_pubkey_hex) and verify_signature later does the same. A non-hex signing_pubkey_hex raises ValueError inside fingerprint. Although the callers here pass keys from hub_authors, verify_object is a public, documented "never raises" API used for "arbitrary peer objects". A malformed stored signing_pubkey would turn this into an uncaught exception rather than returning False. Wrap the fingerprint computation so a bad key degrades to False like every other malformed-input path in this function.

Suggested change
return identity.verify_signature(signing_pubkey_hex, canonical_bytes(obj), sig)
sig = obj.get("sig")
if not isinstance(sig, str) or not sig:
return False
author = obj.get("author")
try:
expected_author = identity.fingerprint(signing_pubkey_hex)
except (ValueError, TypeError):
return False
if not isinstance(author, str) or author != expected_author:
return False
return identity.verify_signature(signing_pubkey_hex, canonical_bytes(obj), sig)

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread tinyagentos/hub/posts.py
resolved = await store.get_author(entry["author"])
if resolved is None or not resolved.get("signing_pubkey"):
return False, f"seq {entry['seq']}: unknown author {entry['author']!r}"
if not hub_store.verify_object(obj, resolved["signing_pubkey"]):

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: verify_chain now requires an author row to exist in hub_authors for every chain entry (via get_author).

Previously the chain was verified with the single node identity (identity.public_identity()), so verification always had a key. Now if any entry's author was never registered in hub_authors (e.g. posts created before author registration existed, posts authored by a peer whose upsert_author call was missed, or a tombstone whose referenced author row was pruned), the whole chain fails verification with unknown author. Until peer ingest lands this is largely the local author, but upsert_author is only called in selected flows (e.g. identity register). Confirm that append_post/delete_post reliably persist the author row, or self-chains will report as broken/tampered after this change.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

width = max(_MIN_WIDTH, int(max_x - min_x) + 2 * _PADDING)
height = max(_MIN_HEIGHT, int(max_y - min_y) + 2 * _PADDING)
width = min(width, _MAX_RENDER_DIM)
height = min(height, _MAX_RENDER_DIM)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Clamping render dimensions to _MAX_RENDER_DIM can discard content when max_x - min_x or max_y - min_y exceeds 8192.

_bounds spans from the minimum coordinate to the maximum, so two far-apart elements (e.g. x=0 and x=1_000_000 after clamping is bounded, but x=-100_000 and x=100_000 = 200_000 span) can exceed 8192, while the clamp only shrinks the canvas to 8192px and the draw.rectangle calls render at x - min_x + _PADDING. Elements far outside the 8192 viewport are still drawn (off-canvas) but anything beyond the right/bottom edge is simply cut off with no warning to the caller. This is acceptable as a DoS guard, but note the snapshot can silently omit elements and may be misleading. Consider logging/skipping out-of-range elements or documenting the truncation behavior.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.


def _clamp_element_geometry(element: dict) -> dict:
if "x" in element:
element["x"] = max(-_CANVAS_ELEMENT_RANGE, min(_CANVAS_ELEMENT_RANGE, element["x"]))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: _clamp_element_geometry uses min/max which will throw TypeError if a coordinate is supplied as a non-numeric type (e.g. a JSON string "1000" or null that slips past the Pydantic model, or a value with None). CreateElementIn/PatchElementIn declare float | None, but if a future model loosens typing, the arithmetic max(-RANGE, min(RANGE, element["x"])) raises instead of rejecting. Consider guarding with isinstance(element[k], (int, float)) so a malformed value produces a clean 400/422 rather than a 500.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread scripts/install-hailo.sh
local _head _want
_head="$(run_as_user git -C "$HAILO_OLLAMA_DIR" rev-parse HEAD 2>/dev/null || true)"
_want="$(run_as_user git -C "$HAILO_OLLAMA_DIR" rev-parse "${HAILO_OLLAMA_REF}^{commit}" 2>/dev/null || true)"
[[ -n "$_head" && "$_head" == "$_want" ]] || return 1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: pkill -9 -f "$HAILO_OLLAMA_BIN serve --port $HAILO_OLLAMA_PORT" still matches by substring, not an exact process match.

-f matches the full command line against a regex pattern. The pattern hailo-ollama serve --port 12345 would also match bash -c "... hailo-ollama serve --port 12345 ..." or tail -f /var/log/hailo-ollama serve --port 12345 if such a log path contained the tokens. This is a strict improvement over the old pkill -9 -f 'hailo-ollama' (which matched any command containing hailo-ollama), but it is not a precise match. If HAILO_OLLAMA_BIN contains regex metacharacters they are also interpreted literally-free only by luck. Acceptable for the stated scope; just flagging the residual risk that a coincidental command line containing the exact serve --port N tokens could be killed.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread scripts/install-hailo.sh
# a branch/tag ("main"), so comparing it to rev-parse HEAD (a SHA) never
# matched and every re-run needlessly re-fetched and re-installed.
local _head _want
_head="$(run_as_user git -C "$HAILO_OLLAMA_DIR" rev-parse HEAD 2>/dev/null || true)"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: _want resolves ${HAILO_OLLAMA_REF}^{commit}. If HAILO_OLLAMA_REF is a branch name that the local clone has never fetched (the dir exists from a prior partial clone), rev-parse returns empty and _want is empty, so [[ -n "$_head" && "$_head" == "$_want" ]] is false and the function returns non-zero → triggers a needless re-fetch/re-install even when HEAD is correct. The default upstream being unreachable (noted in the commit) makes a fresh git fetch likely fail too, so this branch may always re-clone. Consider git fetch before resolving, or tolerating an unresolvable _want when _head is already a valid commit. Low impact since reinstall is idempotent, but worth noting.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jul 16, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 6 Issues Found | Recommendation: Address before merge

Note: This PR was already MERGED at review time; findings are advisory for follow-up.

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 5
Issue Details (click to expand)

WARNING

File Line Issue
tinyagentos/hub/posts.py 228 verify_chain now requires an author row in hub_authors for every chain entry; missing/pruned author rows make a valid chain fail verification as "unknown author".

SUGGESTION

File Line Issue
tinyagentos/hub/store.py 109 verify_object can raise ValueError from identity.fingerprint on a malformed signing_pubkey_hex, breaking its "never raises" contract.
tinyagentos/projects/canvas/render.py 83 Render dimension clamp silently truncates content when element span exceeds 8192; snapshot may omit elements.
tinyagentos/routes/project_canvas.py 89 _clamp_element_geometry arithmetic raises TypeError on non-numeric coordinates; no type guard.
scripts/install-hailo.sh 421 pkill -f still substring-matches; coincidental command lines containing the exact serve --port N tokens could be killed.
scripts/install-hailo.sh 419 _want resolution fails (empty) if HAILO_OLLAMA_REF was never fetched locally, causing needless re-install/re-clone.
Files Reviewed (11 files)
  • scripts/install-hailo.sh - 2 issues (SUGGESTION)
  • tests/test_hub_posts.py - reviewed (tests)
  • tests/test_hub_store.py - reviewed (tests)
  • tests/test_routes_account_proxy.py - reviewed (tests)
  • tests/test_routes_account_proxy_hub_slice3.py - reviewed (tests)
  • tests/test_routes_project_canvas.py - reviewed (tests)
  • tinyagentos/hub/posts.py - 1 issue (WARNING)
  • tinyagentos/hub/store.py - 1 issue (SUGGESTION)
  • tinyagentos/projects/canvas/render.py - 1 issue (SUGGESTION)
  • tinyagentos/routes/account_proxy.py - reviewed (no issues)
  • tinyagentos/routes/project_canvas.py - 1 issue (SUGGESTION)

Fix these issues in Kilo Cloud


Reviewed by hy3:free · Input: 75.1K · Output: 4.5K · Cached: 202.8K

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant