@wipcomputer/wip-ldm-os 0.4.84 → 0.4.85-alpha.10

package/src/hosted-mcp/nginx/wip.computer.conf

@@ -4,106 +4,104 @@ server {
     root /var/www/wip.computer/public_html;
     index index.html index.htm;
 
-    access_log /var/log/nginx/wip.computer.access.log;
+    # Log redaction: F-007 in the VPS hosted-mcp audit.
+    # The "redacted" format is defined in /etc/nginx/conf.d/redact-logs.conf
+    # (source: src/hosted-mcp/nginx/conf.d/redact-logs.conf). It masks
+    # token=, ticket=, api_key=, access_token=, and ck- values in the
+    # request line and Referer before the line is written.
+    access_log /var/log/nginx/wip.computer.access.log redacted;
     error_log /var/log/nginx/wip.computer.error.log;
 
-    location / {
-        autoindex off;
-        try_files $uri $uri/ /index.html;
+    # Docs redirect to docs.wip.computer
+    location = /doc {
+        return 301 https://docs.wip.computer;
+    }
+    location = /docs {
+        return 301 https://docs.wip.computer;
+    }
+    location /docs/ {
+        return 301 https://docs.wip.computer;
     }
 
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-XSS-Protection "1; mode=block" always;
+    # MCP server
+    # OAuth 2.0 for Claude iOS connector
+    include snippets/mcp-oauth.conf;
+    include snippets/mcp-server.conf;
 
-    # ── Codex Remote Control relay ──
-    # The Node app at 127.0.0.1:18800 (wip-mcp/server.mjs) owns these.
-    # Without these blocks, nginx falls back to /index.html and the
-    # phone-side bootstrap + ws-ticket calls receive HTML, which breaks
-    # E2EE handshake and relay attach. See:
-    # wip-ldm-os-private/ai/product/plans-prds/codex-remote-control/
-
-    # HTTP routes: bootstrap (GET), ws-ticket (POST), state (GET),
-    # pair-init (POST), pair-status (GET), pair-complete (POST).
-    location /api/codex-relay/bootstrap/ {
-        proxy_pass http://127.0.0.1:18800;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-    location /api/codex-relay/ws-ticket {
-        proxy_pass http://127.0.0.1:18800;
+    # Codex Remote Control relay (HTTP + WSS proxy_pass to wip-mcp Node app
+    # at 127.0.0.1:18800; covers /api/codex-relay/bootstrap, ws-ticket, state,
+    # pair-init/status/complete, web/<tid>, daemon).
+    include snippets/codex-relay.conf;
+
+    # Codex Remote Control phone surface
+    # The Next.js app at kaleidoscope.wip.computer (port 3001) renders
+    # /codex-remote-control/[threadId]. The MCP tool's auth URL uses
+    # wip.computer as the origin, so wip.computer/codex-remote-control/<tid>
+    # must reach the same Next.js app. WebSocket Upgrade headers included
+    # so live-reload / RSC streams work cleanly.
+    location /codex-remote-control/ {
+        proxy_pass http://127.0.0.1:3001;
         proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-    location /api/codex-relay/state {
-        proxy_pass http://127.0.0.1:18800;
+
+    # Next.js internal asset surface for the Kaleidoscope app on :3001.
+    # /codex-remote-control/<tid> renders a Next HTML shell that
+    # references /_next/static/chunks/*.js and /_next/static/chunks/*.css.
+    # Without this proxy, those asset requests fall through to
+    # `location /` try_files and return the static homepage HTML, which
+    # makes the browser fail to hydrate (page renders blank). Same
+    # upstream as /codex-remote-control/. Covers /_next/static/* and
+    # /_next/image* paths used by the Next runtime.
+    location /_next/ {
+        proxy_pass http://127.0.0.1:3001;
         proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-    location /api/codex-relay/pair-init {
-        proxy_pass http://127.0.0.1:18800;
+
+    # Health check
+    location /health {
+        proxy_pass http://127.0.0.1:18800/health;
         proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     }
-    location /api/codex-relay/pair-status/ {
-        proxy_pass http://127.0.0.1:18800;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-    location /api/codex-relay/pair-complete {
-        proxy_pass http://127.0.0.1:18800;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+
+
+    # Demo pages (static files)
+    location /demo {
+        alias /var/www/wip.computer/app/mcp-server/demo;
+        index index.html;
+        try_files $uri $uri/ $uri/index.html =404;
     }
 
-    # WebSocket routes: phone (web) and daemon long-lived sockets.
-    # Upgrade headers are the standard WebSocket-via-nginx pattern.
-    # Long read timeout because daemon sockets stay open indefinitely.
-    location /api/codex-relay/web/ {
-        proxy_pass http://127.0.0.1:18800;
+    # Demo API (proxied to MCP server)
+    location /demo/api/ {
+        proxy_pass http://127.0.0.1:18800/demo/api/;
         proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 86400;
-        proxy_send_timeout 86400;
-        proxy_buffering off;
     }
-    location /api/codex-relay/daemon {
-        proxy_pass http://127.0.0.1:18800;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 86400;
-        proxy_send_timeout 86400;
-        proxy_buffering off;
+
+    location / {
+        autoindex off;
+        try_files $uri $uri/ /index.html;
     }
 
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
     location ~ /\. {
         deny all;
     }

package/src/hosted-mcp/scripts/audit-logs.sh

@@ -0,0 +1,205 @@
+#!/usr/bin/env bash
+# audit-logs.sh: F-007 pre-fix log audit for the VPS hosted-mcp surface.
+#
+# Read-only. No log mutation, no rotation, no clearing. Greps nginx and
+# PM2 logs for bearer/ticket/api-key shaped values that may have leaked
+# during the period when the WS upgrade accepted ?token=ck- and the
+# phone app sent ck values in URLs.
+#
+# Output: per-source match count, plus up to N redacted sample lines per
+# source so you can see which path / agent / time range is affected
+# without ever printing the leaked secret in this terminal session.
+#
+# If any source shows a non-zero count, treat the matching ck values as
+# already-leaked. Rotate them as part of the F-002 + F-005a deploy
+# (see ai/product/bugs/security/2026-04-28--cc-mini--vps-hosted-mcp-audit.md).
+#
+# Usage on the VPS:
+#   bash audit-logs.sh
+#   bash audit-logs.sh --days 14            # widen log window for rotated logs
+#   bash audit-logs.sh --samples 20         # show more redacted samples
+#   bash audit-logs.sh --json               # machine-readable output (counts only)
+#
+# Source: src/hosted-mcp/scripts/audit-logs.sh
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────
+
+DAYS=7
+SAMPLES=10
+JSON=0
+NGINX_LOG_DIR=/var/log/nginx
+PM2_APP=mcp-server
+
+# ── Args ────────────────────────────────────────────────────────────
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --days)    DAYS=$2;    shift 2 ;;
+    --samples) SAMPLES=$2; shift 2 ;;
+    --json)    JSON=1;     shift 1 ;;
+    --nginx-log-dir) NGINX_LOG_DIR=$2; shift 2 ;;
+    --pm2-app) PM2_APP=$2; shift 2 ;;
+    -h|--help)
+      sed -n '2,30p' "$0"
+      exit 0
+      ;;
+    *) echo "Unknown arg: $1" >&2; exit 2 ;;
+  esac
+done
+
+# ── Patterns ────────────────────────────────────────────────────────
+#
+# Three families of leak we are looking for. Each is a single ERE that
+# `grep -E` will accept. We match conservatively (\b, exact prefixes)
+# so we do not over-flag random bytes that happen to resemble a key.
+
+PAT_QUERY_TOKEN='[?&](token|ticket|api_key|access_token)=[^[:space:]&"]+'
+PAT_CK_KEY='\bck-[A-Za-z0-9_-]{6,}\b'
+PAT_AUTH_BEARER='Authorization:[[:space:]]*Bearer[[:space:]]+ck-[A-Za-z0-9_-]{6,}'
+
+# ── Redaction (for sample output only) ──────────────────────────────
+#
+# Replace the matched value with a marker before we print the sample
+# line. This way the audit's own output never reproduces the leaked
+# secret in the operator's terminal/scrollback.
+
+redact() {
+  sed -E \
+    -e 's/([?&](token|ticket|api_key|access_token)=)[^&" \t]+/\1[REDACTED]/g' \
+    -e 's/\bck-[A-Za-z0-9_-]+/[REDACTED ck-]/g'
+}
+
+# ── Source inventory ────────────────────────────────────────────────
+
+declare -a SOURCES
+declare -A SOURCE_LABEL
+
+add_source() {
+  local label=$1
+  local path=$2
+  if [ -e "$path" ] || compgen -G "$path" > /dev/null; then
+    SOURCES+=("$path")
+    SOURCE_LABEL["$path"]=$label
+  fi
+}
+
+add_source "nginx access (current)"      "${NGINX_LOG_DIR}/access.log"
+add_source "nginx error (current)"       "${NGINX_LOG_DIR}/error.log"
+add_source "nginx wip.computer.access"   "${NGINX_LOG_DIR}/wip.computer.access.log"
+add_source "nginx wip.computer.error"    "${NGINX_LOG_DIR}/wip.computer.error.log"
+
+# ── Counters ────────────────────────────────────────────────────────
+
+total_matches=0
+declare -A counts
+
+scan_one() {
+  local path=$1
+  local label=$2
+  local count
+  if [[ "$path" == *.gz ]]; then
+    count=$(sudo zgrep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null | wc -l | tr -d ' ')
+  else
+    count=$(sudo grep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null | wc -l | tr -d ' ')
+  fi
+  counts["$path"]=$count
+  total_matches=$(( total_matches + count ))
+}
+
+print_samples() {
+  local path=$1
+  local label=$2
+  local count=${counts["$path"]}
+  [ "$count" -eq 0 ] && return
+  echo
+  echo "── $label ($path)"
+  echo "   matches: $count"
+  echo "   sample (redacted, up to $SAMPLES lines):"
+  if [[ "$path" == *.gz ]]; then
+    sudo zgrep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null \
+      | head -n "$SAMPLES" | redact | sed 's/^/     /'
+  else
+    sudo grep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null \
+      | head -n "$SAMPLES" | redact | sed 's/^/     /'
+  fi
+}
+
+# ── Run nginx scan ──────────────────────────────────────────────────
+
+if [ "$JSON" -ne 1 ]; then
+  echo "F-007 log audit"
+  echo "Days back (rotated): $DAYS"
+  echo "Samples per source: $SAMPLES"
+  echo "Nginx log dir: $NGINX_LOG_DIR"
+  echo
+fi
+
+# Current logs
+for path in "${SOURCES[@]}"; do
+  scan_one "$path" "${SOURCE_LABEL[$path]}"
+done
+
+# Rotated logs within the window
+shopt -s nullglob
+declare -a ROTATED
+for f in "${NGINX_LOG_DIR}"/*.gz "${NGINX_LOG_DIR}"/*.[0-9]*; do
+  if [ -f "$f" ]; then
+    if find "$f" -mtime "-${DAYS}" -print -quit | grep -q .; then
+      ROTATED+=("$f")
+    fi
+  fi
+done
+
+for path in "${ROTATED[@]}"; do
+  scan_one "$path" "rotated $(basename "$path")"
+done
+
+# ── PM2 ─────────────────────────────────────────────────────────────
+#
+# pm2 logs --nostream prints recent lines from the in-memory buffer.
+# This is best-effort: it covers the current PM2 process lifetime, not
+# rotated copies. PM2's persisted logs (if any) live under
+# ~/.pm2/logs/<app>-out.log and ~/.pm2/logs/<app>-error.log.
+
+PM2_OUT="$HOME/.pm2/logs/${PM2_APP}-out.log"
+PM2_ERR="$HOME/.pm2/logs/${PM2_APP}-error.log"
+
+if [ -e "$PM2_OUT" ]; then add_source "pm2 ${PM2_APP} out"   "$PM2_OUT"; scan_one "$PM2_OUT" "pm2 out"; fi
+if [ -e "$PM2_ERR" ]; then add_source "pm2 ${PM2_APP} error" "$PM2_ERR"; scan_one "$PM2_ERR" "pm2 error"; fi
+
+# ── Output ──────────────────────────────────────────────────────────
+
+if [ "$JSON" -eq 1 ]; then
+  printf '{"total_matches": %d, "by_source": {' "$total_matches"
+  first=1
+  for path in "${!counts[@]}"; do
+    [ "$first" -eq 1 ] && first=0 || printf ','
+    printf '"%s": %d' "$path" "${counts[$path]}"
+  done
+  printf '}}\n'
+else
+  echo "── Summary"
+  for path in "${!counts[@]}"; do
+    label=${SOURCE_LABEL[$path]:-${path}}
+    printf "   %-40s %s matches\n" "$label" "${counts[$path]}"
+  done
+  echo
+  echo "── Total matches: $total_matches"
+
+  for path in "${!counts[@]}"; do
+    print_samples "$path" "${SOURCE_LABEL[$path]:-${path}}"
+  done
+
+  echo
+  if [ "$total_matches" -gt 0 ]; then
+    echo "ACTION REQUIRED:"
+    echo "  Treat any matched ck values as leaked. Rotate them as part of the"
+    echo "  F-002 + F-005a deploy. After deploying redact-logs.conf, re-run"
+    echo "  this script and confirm zero matches in the post-rotation window."
+  else
+    echo "OK: no leak signatures found in the scanned window."
+    echo "  Re-run after every deploy that adds or moves auth surfaces."
+  fi
+fi

package/src/hosted-mcp/scripts/verify-deploy.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# verify-deploy.sh: Verify a hosted-mcp deploy manifest against the live
+# VPS. Reads a manifest produced by deploy.sh, fetches the current
+# sha256 of each declared destination on the remote, and compares.
+#
+# Per F-009 of the VPS hosted-mcp audit. Use after deploy.sh, after
+# any apparent change to the live tree, or as part of the pre-dogfood
+# smoke test.
+#
+# Usage:
+#   bash verify-deploy.sh wip.computer:/var/www/.../<timestamp>.json
+#   bash verify-deploy.sh /path/to/local/manifest.json --remote wip.computer
+#   bash verify-deploy.sh latest                # use latest manifest on VPS
+#
+# Exits non-zero on any mismatch. Output lists each file as OK or DIFF.
+
+set -euo pipefail
+
+REMOTE="wip.computer"
+MANIFEST_DIR="/var/www/wip.computer/deploy-manifests/hosted-mcp"
+ARG=""
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --remote) REMOTE=$2; shift 2 ;;
+    -h|--help) sed -n '2,18p' "$0"; exit 0 ;;
+    *) ARG=$1; shift ;;
+  esac
+done
+
+if [ -z "$ARG" ]; then
+  echo "usage: bash verify-deploy.sh <manifest-path-or-latest>" >&2
+  exit 2
+fi
+
+# Resolve manifest path.
+if [ "$ARG" = "latest" ]; then
+  MANIFEST_PATH=$(ssh "${REMOTE}" "ls -t ${MANIFEST_DIR}/*.json 2>/dev/null | head -1")
+  if [ -z "$MANIFEST_PATH" ]; then
+    echo "FATAL: no manifests found in ${REMOTE}:${MANIFEST_DIR}" >&2
+    exit 1
+  fi
+  echo "Latest manifest: ${MANIFEST_PATH}"
+  MANIFEST_JSON=$(ssh "${REMOTE}" "cat ${MANIFEST_PATH}")
+elif [[ "$ARG" == *":"* ]]; then
+  # remote:path form
+  MANIFEST_REMOTE=${ARG%%:*}
+  MANIFEST_PATH=${ARG#*:}
+  MANIFEST_JSON=$(ssh "${MANIFEST_REMOTE}" "cat ${MANIFEST_PATH}")
+elif [ -f "$ARG" ]; then
+  MANIFEST_PATH=$ARG
+  MANIFEST_JSON=$(cat "$ARG")
+else
+  echo "FATAL: manifest not found: ${ARG}" >&2
+  exit 1
+fi
+
+# Parse files[] entries via python3.
+if ! command -v python3 >/dev/null 2>&1; then
+  echo "FATAL: python3 required" >&2
+  exit 1
+fi
+
+ENTRIES=$(printf '%s' "$MANIFEST_JSON" | python3 -c '
+import json,sys
+m=json.load(sys.stdin)
+for f in m.get("files",[]):
+    print(f.get("source","")+"\t"+f.get("destination","")+"\t"+f.get("sha256",""))
+')
+
+if [ -z "$ENTRIES" ]; then
+  echo "FATAL: no files entries in manifest" >&2
+  exit 1
+fi
+
+echo "Manifest: ${MANIFEST_PATH}"
+echo "Verifying ${REMOTE}:"
+echo
+
+OK=0
+FAIL=0
+while IFS=$'\t' read -r src dst expected; do
+  [ -z "$dst" ] && continue
+  # ssh -n redirects stdin from /dev/null so ssh does not consume the
+  # loop's heredoc and short-circuit after the first iteration.
+  remote_sha=$(ssh -n "${REMOTE}" "sudo sha256sum ${dst} 2>/dev/null" | awk '{print $1}' || echo "")
+  if [ -z "$remote_sha" ]; then
+    printf "  MISSING  %s\n" "$dst"
+    FAIL=$((FAIL+1))
+  elif [ "$remote_sha" = "$expected" ]; then
+    printf "  OK       %s\n" "$dst"
+    OK=$((OK+1))
+  else
+    printf "  DIFF     %s\n           expected %s\n           live     %s\n" "$dst" "$expected" "$remote_sha"
+    FAIL=$((FAIL+1))
+  fi
+done <<< "$ENTRIES"
+
+echo
+echo "Summary: ${OK} ok, ${FAIL} mismatched"
+[ "$FAIL" -eq 0 ] && exit 0
+exit 1