@sanctuary-framework/mcp-server 0.10.1 → 0.10.2

package/dist/index.d.cts

@@ -2871,6 +2871,24 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private rateLimits;
     /** Whether the dashboard is running in standalone mode (no MCP server) */
     private _standaloneMode;
+    /**
+     * v0.10.2: when set, requests from loopback addresses (127.0.0.1 / ::1)
+     * are treated as authenticated without requiring a Bearer token or
+     * dashboard session cookie. Only the `startStandaloneDashboard` boot
+     * path enables this, and ONLY after the supplied passphrase successfully
+     * decrypts at least one stored identity — proving the caller already
+     * holds the primary secret that protects every piece of Sanctuary state.
+     *
+     * Rationale: the dashboard auth token is a dashboard-access credential
+     * layered on top of the master-key unlock. Once the operator has already
+     * presented the passphrase on the command line (terminal-side auth), a
+     * second login prompt in the auto-opened browser just trains users to
+     * paste secrets into web forms — the exact habit Sanctuary exists to
+     * discourage. Remote (non-loopback) callers still require the bearer
+     * token, so this is a localhost-only ergonomics unlock, not a network
+     * policy change.
+     */
+    private _autoAuthLocalhost;
     constructor(config: DashboardConfig);
     /**
      * Inject dependencies after construction.
@@ -2892,6 +2910,21 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Exposed via /api/status so the frontend can show an appropriate banner.
      */
     setStandaloneMode(standalone: boolean): void;
+    /**
+     * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
+     * {@link _autoAuthLocalhost} for the rationale and threat model. Callers
+     * should gate this on both (a) the dashboard host being a loopback
+     * interface and (b) the master-key unlock having succeeded against
+     * on-disk state.
+     */
+    setAutoAuthLocalhost(enabled: boolean): void;
+    /**
+     * v0.10.2: is this request from a loopback interface? We treat the
+     * standard IPv4/IPv6 loopback addresses plus the IPv4-mapped IPv6 form
+     * as loopback so LAN clients never accidentally hit the unauthenticated
+     * fast path even on hosts where the HTTP server binds 0.0.0.0.
+     */
+    private isLoopbackRequest;
     /**
      * Start the HTTP(S) server for the dashboard.
      */

package/dist/index.d.ts

@@ -2871,6 +2871,24 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private rateLimits;
     /** Whether the dashboard is running in standalone mode (no MCP server) */
     private _standaloneMode;
+    /**
+     * v0.10.2: when set, requests from loopback addresses (127.0.0.1 / ::1)
+     * are treated as authenticated without requiring a Bearer token or
+     * dashboard session cookie. Only the `startStandaloneDashboard` boot
+     * path enables this, and ONLY after the supplied passphrase successfully
+     * decrypts at least one stored identity — proving the caller already
+     * holds the primary secret that protects every piece of Sanctuary state.
+     *
+     * Rationale: the dashboard auth token is a dashboard-access credential
+     * layered on top of the master-key unlock. Once the operator has already
+     * presented the passphrase on the command line (terminal-side auth), a
+     * second login prompt in the auto-opened browser just trains users to
+     * paste secrets into web forms — the exact habit Sanctuary exists to
+     * discourage. Remote (non-loopback) callers still require the bearer
+     * token, so this is a localhost-only ergonomics unlock, not a network
+     * policy change.
+     */
+    private _autoAuthLocalhost;
     constructor(config: DashboardConfig);
     /**
      * Inject dependencies after construction.
@@ -2892,6 +2910,21 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Exposed via /api/status so the frontend can show an appropriate banner.
      */
     setStandaloneMode(standalone: boolean): void;
+    /**
+     * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
+     * {@link _autoAuthLocalhost} for the rationale and threat model. Callers
+     * should gate this on both (a) the dashboard host being a loopback
+     * interface and (b) the master-key unlock having succeeded against
+     * on-disk state.
+     */
+    setAutoAuthLocalhost(enabled: boolean): void;
+    /**
+     * v0.10.2: is this request from a loopback interface? We treat the
+     * standard IPv4/IPv6 loopback addresses plus the IPv4-mapped IPv6 form
+     * as loopback so LAN clients never accidentally hit the unauthenticated
+     * fast path even on hosts where the HTTP server binds 0.0.0.0.
+     */
+    private isLoopbackRequest;
     /**
      * Start the HTTP(S) server for the dashboard.
      */

package/dist/index.js

@@ -8700,6 +8700,24 @@ var DashboardApprovalChannel = class {
   rateLimits = /* @__PURE__ */ new Map();
   /** Whether the dashboard is running in standalone mode (no MCP server) */
   _standaloneMode = false;
+  /**
+   * v0.10.2: when set, requests from loopback addresses (127.0.0.1 / ::1)
+   * are treated as authenticated without requiring a Bearer token or
+   * dashboard session cookie. Only the `startStandaloneDashboard` boot
+   * path enables this, and ONLY after the supplied passphrase successfully
+   * decrypts at least one stored identity — proving the caller already
+   * holds the primary secret that protects every piece of Sanctuary state.
+   *
+   * Rationale: the dashboard auth token is a dashboard-access credential
+   * layered on top of the master-key unlock. Once the operator has already
+   * presented the passphrase on the command line (terminal-side auth), a
+   * second login prompt in the auto-opened browser just trains users to
+   * paste secrets into web forms — the exact habit Sanctuary exists to
+   * discourage. Remote (non-loopback) callers still require the bearer
+   * token, so this is a localhost-only ergonomics unlock, not a network
+   * policy change.
+   */
+  _autoAuthLocalhost = false;
   constructor(config) {
     this.config = config;
     this.authToken = config.auth_token;
@@ -8735,6 +8753,26 @@ var DashboardApprovalChannel = class {
   setStandaloneMode(standalone) {
     this._standaloneMode = standalone;
   }
+  /**
+   * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
+   * {@link _autoAuthLocalhost} for the rationale and threat model. Callers
+   * should gate this on both (a) the dashboard host being a loopback
+   * interface and (b) the master-key unlock having succeeded against
+   * on-disk state.
+   */
+  setAutoAuthLocalhost(enabled) {
+    this._autoAuthLocalhost = enabled;
+  }
+  /**
+   * v0.10.2: is this request from a loopback interface? We treat the
+   * standard IPv4/IPv6 loopback addresses plus the IPv4-mapped IPv6 form
+   * as loopback so LAN clients never accidentally hit the unauthenticated
+   * fast path even on hosts where the HTTP server binds 0.0.0.0.
+   */
+  isLoopbackRequest(req) {
+    const addr = this.getRemoteAddr(req);
+    return addr === "127.0.0.1" || addr === "::1" || addr === "localhost";
+  }
   /**
    * Start the HTTP(S) server for the dashboard.
    */
@@ -8884,6 +8922,9 @@ var DashboardApprovalChannel = class {
    */
   checkAuth(req, url, res) {
     if (!this.authToken) return true;
+    if (this._autoAuthLocalhost && this.isLoopbackRequest(req)) {
+      return true;
+    }
     const authHeader = req.headers.authorization;
     if (authHeader) {
       const parts = authHeader.split(" ");
@@ -8909,6 +8950,9 @@ var DashboardApprovalChannel = class {
    */
   isAuthenticated(req, url) {
     if (!this.authToken) return true;
+    if (this._autoAuthLocalhost && this.isLoopbackRequest(req)) {
+      return true;
+    }
     const authHeader = req.headers.authorization;
     if (authHeader) {
       const parts = authHeader.split(" ");