@wipcomputer/wip-ldm-os 0.4.85-alpha.2 → 0.4.85-alpha.21

package/src/hosted-mcp/nginx/conf.d/redact-logs.conf

@@ -0,0 +1,60 @@
+# nginx log redaction (F-007 in the VPS hosted-mcp audit).
+#
+# Defines a "redacted" log_format that masks bearer tokens, WS tickets,
+# and ck-style API keys in the request line and the Referer header
+# before they are written to access logs. Maps run at http context, so
+# this file deploys to /etc/nginx/conf.d/redact-logs.conf where nginx
+# loads it automatically from inside the http {} block.
+#
+# Source: src/hosted-mcp/nginx/conf.d/redact-logs.conf
+# Deploy: /etc/nginx/conf.d/redact-logs.conf
+#
+# To use this format, server blocks must reference it explicitly on
+# their access_log directive, e.g.
+#   access_log /var/log/nginx/wip.computer.access.log redacted;
+
+# ── Query-string redaction ──────────────────────────────────────────
+#
+# nginx maps replace the entire value, not a substring, so any value
+# containing one of these patterns gets the whole query string masked.
+# That is correct here: if a request is leaking a token in the query,
+# we do not want to keep the rest of the args either.
+
+# Note: regex patterns are double-quoted because nginx's lexer treats
+# bare {N,} quantifiers as config-block delimiters. Quoting forces
+# nginx to treat the whole token as a regex string.
+
+map $args $args_redacted {
+    "~*(?:^|&)token="         "[REDACTED token=]";
+    "~*(?:^|&)ticket="        "[REDACTED ticket=]";
+    "~*(?:^|&)api_key="       "[REDACTED api_key=]";
+    "~*(?:^|&)access_token="  "[REDACTED access_token=]";
+    "~*ck-[A-Za-z0-9_-]{6,}"  "[REDACTED ck-]";
+    default                   $args;
+}
+
+# ── Referer redaction ───────────────────────────────────────────────
+#
+# Browsers send the previous URL as Referer, which can carry token
+# values across navigations. Mask the same patterns there.
+
+map $http_referer $http_referer_redacted {
+    "~*[?&]token="            "[REDACTED token in referer]";
+    "~*[?&]ticket="           "[REDACTED ticket in referer]";
+    "~*[?&]api_key="          "[REDACTED api_key in referer]";
+    "~*[?&]access_token="     "[REDACTED access_token in referer]";
+    "~*ck-[A-Za-z0-9_-]{6,}"  "[REDACTED ck in referer]";
+    default                   $http_referer;
+}
+
+# ── Request line built without the raw query ────────────────────────
+#
+# $request expands to the full request line including the raw query.
+# We rebuild it from $request_method + $uri (path only) + the redacted
+# args, so the path is preserved but the query is masked when it
+# contains a token-shaped value.
+
+log_format redacted '$remote_addr - $remote_user [$time_local] '
+                    '"$request_method $uri?$args_redacted $server_protocol" '
+                    '$status $body_bytes_sent '
+                    '"$http_referer_redacted" "$http_user_agent"';

package/src/hosted-mcp/nginx/mcp-oauth.conf

@@ -37,6 +37,27 @@ location /webauthn/ {
     proxy_set_header X-Forwarded-Proto $scheme;
 }
 
+# QR login API used by the canonical /login Kaleidoscope desktop-to-phone
+# flow. Without these routes nginx falls through to the static homepage
+# or returns 405, and the browser tries to parse HTML as JSON.
+location = /api/qr-login {
+    proxy_pass http://127.0.0.1:18800/api/qr-login;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
+location /api/qr-login/ {
+    proxy_pass http://127.0.0.1:18800/api/qr-login/;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
 # Signup and login pages
 location = /signup {
     proxy_pass http://127.0.0.1:18800/signup;
@@ -65,6 +86,43 @@ location = /login {
     proxy_set_header X-Forwarded-Proto $scheme;
 }
 
+# Explicit non-primary route for the app/login.html flow. Without
+# this, /login/app falls through to the catch-all `location /` and
+# serves the WIP marketing static. The Node app's /login/app handler
+# is what we actually want here.
+location = /login/app {
+    proxy_pass http://127.0.0.1:18800/login/app;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+location = /login/app/ {
+    proxy_pass http://127.0.0.1:18800/login/app/;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
+# Static assets served by Node from src/hosted-mcp/app/.
+# /login (app/kaleidoscope-login.html) references /app/footer.js and
+# /app/sprites.png. Without this proxy, those asset requests fall
+# through to the catch-all `location /` and either 404 or get the
+# static homepage HTML, recreating the "HTML returned where JS/PNG
+# was expected" failure class. server.mjs's serveAppFile sets the
+# correct Content-Type for js, png, html, css, svg, json, ico.
+location /app/ {
+    proxy_pass http://127.0.0.1:18800/app/;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
 # Agent approval page (server-generated)
 location = /approve {
     proxy_pass http://127.0.0.1:18800/approve;

package/src/hosted-mcp/nginx/wip.computer.conf

@@ -4,7 +4,12 @@ server {
     root /var/www/wip.computer/public_html;
     index index.html index.htm;
 
-    access_log /var/log/nginx/wip.computer.access.log;
+    # Log redaction: F-007 in the VPS hosted-mcp audit.
+    # The "redacted" format is defined in /etc/nginx/conf.d/redact-logs.conf
+    # (source: src/hosted-mcp/nginx/conf.d/redact-logs.conf). It masks
+    # token=, ticket=, api_key=, access_token=, and ck- values in the
+    # request line and Referer before the line is written.
+    access_log /var/log/nginx/wip.computer.access.log redacted;
     error_log /var/log/nginx/wip.computer.error.log;
 
     # Docs redirect to docs.wip.computer
@@ -45,6 +50,25 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    # Next.js internal asset surface for the Kaleidoscope app on :3001.
+    # /codex-remote-control/<tid> renders a Next HTML shell that
+    # references /_next/static/chunks/*.js and /_next/static/chunks/*.css.
+    # Without this proxy, those asset requests fall through to
+    # `location /` try_files and return the static homepage HTML, which
+    # makes the browser fail to hydrate (page renders blank). Same
+    # upstream as /codex-remote-control/. Covers /_next/static/* and
+    # /_next/image* paths used by the Next runtime.
+    location /_next/ {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
     # Health check
     location /health {
         proxy_pass http://127.0.0.1:18800/health;

package/src/hosted-mcp/scripts/audit-logs.sh

@@ -0,0 +1,205 @@
+#!/usr/bin/env bash
+# audit-logs.sh: F-007 pre-fix log audit for the VPS hosted-mcp surface.
+#
+# Read-only. No log mutation, no rotation, no clearing. Greps nginx and
+# PM2 logs for bearer/ticket/api-key shaped values that may have leaked
+# during the period when the WS upgrade accepted ?token=ck- and the
+# phone app sent ck values in URLs.
+#
+# Output: per-source match count, plus up to N redacted sample lines per
+# source so you can see which path / agent / time range is affected
+# without ever printing the leaked secret in this terminal session.
+#
+# If any source shows a non-zero count, treat the matching ck values as
+# already-leaked. Rotate them as part of the F-002 + F-005a deploy
+# (see ai/product/bugs/security/2026-04-28--cc-mini--vps-hosted-mcp-audit.md).
+#
+# Usage on the VPS:
+#   bash audit-logs.sh
+#   bash audit-logs.sh --days 14            # widen log window for rotated logs
+#   bash audit-logs.sh --samples 20         # show more redacted samples
+#   bash audit-logs.sh --json               # machine-readable output (counts only)
+#
+# Source: src/hosted-mcp/scripts/audit-logs.sh
+
+set -euo pipefail
+
+# ── Defaults ────────────────────────────────────────────────────────
+
+DAYS=7
+SAMPLES=10
+JSON=0
+NGINX_LOG_DIR=/var/log/nginx
+PM2_APP=mcp-server
+
+# ── Args ────────────────────────────────────────────────────────────
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --days)    DAYS=$2;    shift 2 ;;
+    --samples) SAMPLES=$2; shift 2 ;;
+    --json)    JSON=1;     shift 1 ;;
+    --nginx-log-dir) NGINX_LOG_DIR=$2; shift 2 ;;
+    --pm2-app) PM2_APP=$2; shift 2 ;;
+    -h|--help)
+      sed -n '2,30p' "$0"
+      exit 0
+      ;;
+    *) echo "Unknown arg: $1" >&2; exit 2 ;;
+  esac
+done
+
+# ── Patterns ────────────────────────────────────────────────────────
+#
+# Three families of leak we are looking for. Each is a single ERE that
+# `grep -E` will accept. We match conservatively (\b, exact prefixes)
+# so we do not over-flag random bytes that happen to resemble a key.
+
+PAT_QUERY_TOKEN='[?&](token|ticket|api_key|access_token)=[^[:space:]&"]+'
+PAT_CK_KEY='\bck-[A-Za-z0-9_-]{6,}\b'
+PAT_AUTH_BEARER='Authorization:[[:space:]]*Bearer[[:space:]]+ck-[A-Za-z0-9_-]{6,}'
+
+# ── Redaction (for sample output only) ──────────────────────────────
+#
+# Replace the matched value with a marker before we print the sample
+# line. This way the audit's own output never reproduces the leaked
+# secret in the operator's terminal/scrollback.
+
+redact() {
+  sed -E \
+    -e 's/([?&](token|ticket|api_key|access_token)=)[^&" \t]+/\1[REDACTED]/g' \
+    -e 's/\bck-[A-Za-z0-9_-]+/[REDACTED ck-]/g'
+}
+
+# ── Source inventory ────────────────────────────────────────────────
+
+declare -a SOURCES
+declare -A SOURCE_LABEL
+
+add_source() {
+  local label=$1
+  local path=$2
+  if [ -e "$path" ] || compgen -G "$path" > /dev/null; then
+    SOURCES+=("$path")
+    SOURCE_LABEL["$path"]=$label
+  fi
+}
+
+add_source "nginx access (current)"      "${NGINX_LOG_DIR}/access.log"
+add_source "nginx error (current)"       "${NGINX_LOG_DIR}/error.log"
+add_source "nginx wip.computer.access"   "${NGINX_LOG_DIR}/wip.computer.access.log"
+add_source "nginx wip.computer.error"    "${NGINX_LOG_DIR}/wip.computer.error.log"
+
+# ── Counters ────────────────────────────────────────────────────────
+
+total_matches=0
+declare -A counts
+
+scan_one() {
+  local path=$1
+  local label=$2
+  local count
+  if [[ "$path" == *.gz ]]; then
+    count=$(sudo zgrep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null | wc -l | tr -d ' ')
+  else
+    count=$(sudo grep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null | wc -l | tr -d ' ')
+  fi
+  counts["$path"]=$count
+  total_matches=$(( total_matches + count ))
+}
+
+print_samples() {
+  local path=$1
+  local label=$2
+  local count=${counts["$path"]}
+  [ "$count" -eq 0 ] && return
+  echo
+  echo "── $label ($path)"
+  echo "   matches: $count"
+  echo "   sample (redacted, up to $SAMPLES lines):"
+  if [[ "$path" == *.gz ]]; then
+    sudo zgrep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null \
+      | head -n "$SAMPLES" | redact | sed 's/^/     /'
+  else
+    sudo grep -E "$PAT_QUERY_TOKEN|$PAT_CK_KEY|$PAT_AUTH_BEARER" "$path" 2>/dev/null \
+      | head -n "$SAMPLES" | redact | sed 's/^/     /'
+  fi
+}
+
+# ── Run nginx scan ──────────────────────────────────────────────────
+
+if [ "$JSON" -ne 1 ]; then
+  echo "F-007 log audit"
+  echo "Days back (rotated): $DAYS"
+  echo "Samples per source: $SAMPLES"
+  echo "Nginx log dir: $NGINX_LOG_DIR"
+  echo
+fi
+
+# Current logs
+for path in "${SOURCES[@]}"; do
+  scan_one "$path" "${SOURCE_LABEL[$path]}"
+done
+
+# Rotated logs within the window
+shopt -s nullglob
+declare -a ROTATED
+for f in "${NGINX_LOG_DIR}"/*.gz "${NGINX_LOG_DIR}"/*.[0-9]*; do
+  if [ -f "$f" ]; then
+    if find "$f" -mtime "-${DAYS}" -print -quit | grep -q .; then
+      ROTATED+=("$f")
+    fi
+  fi
+done
+
+for path in "${ROTATED[@]}"; do
+  scan_one "$path" "rotated $(basename "$path")"
+done
+
+# ── PM2 ─────────────────────────────────────────────────────────────
+#
+# pm2 logs --nostream prints recent lines from the in-memory buffer.
+# This is best-effort: it covers the current PM2 process lifetime, not
+# rotated copies. PM2's persisted logs (if any) live under
+# ~/.pm2/logs/<app>-out.log and ~/.pm2/logs/<app>-error.log.
+
+PM2_OUT="$HOME/.pm2/logs/${PM2_APP}-out.log"
+PM2_ERR="$HOME/.pm2/logs/${PM2_APP}-error.log"
+
+if [ -e "$PM2_OUT" ]; then add_source "pm2 ${PM2_APP} out"   "$PM2_OUT"; scan_one "$PM2_OUT" "pm2 out"; fi
+if [ -e "$PM2_ERR" ]; then add_source "pm2 ${PM2_APP} error" "$PM2_ERR"; scan_one "$PM2_ERR" "pm2 error"; fi
+
+# ── Output ──────────────────────────────────────────────────────────
+
+if [ "$JSON" -eq 1 ]; then
+  printf '{"total_matches": %d, "by_source": {' "$total_matches"
+  first=1
+  for path in "${!counts[@]}"; do
+    [ "$first" -eq 1 ] && first=0 || printf ','
+    printf '"%s": %d' "$path" "${counts[$path]}"
+  done
+  printf '}}\n'
+else
+  echo "── Summary"
+  for path in "${!counts[@]}"; do
+    label=${SOURCE_LABEL[$path]:-${path}}
+    printf "   %-40s %s matches\n" "$label" "${counts[$path]}"
+  done
+  echo
+  echo "── Total matches: $total_matches"
+
+  for path in "${!counts[@]}"; do
+    print_samples "$path" "${SOURCE_LABEL[$path]:-${path}}"
+  done
+
+  echo
+  if [ "$total_matches" -gt 0 ]; then
+    echo "ACTION REQUIRED:"
+    echo "  Treat any matched ck values as leaked. Rotate them as part of the"
+    echo "  F-002 + F-005a deploy. After deploying redact-logs.conf, re-run"
+    echo "  this script and confirm zero matches in the post-rotation window."
+  else
+    echo "OK: no leak signatures found in the scanned window."
+    echo "  Re-run after every deploy that adds or moves auth surfaces."
+  fi
+fi

package/src/hosted-mcp/scripts/verify-deploy.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+# verify-deploy.sh: Verify a hosted-mcp deploy manifest against the live
+# VPS. Reads a manifest produced by deploy.sh, fetches the current
+# sha256 of each declared destination on the remote, and compares.
+#
+# Per F-009 of the VPS hosted-mcp audit. Use after deploy.sh, after
+# any apparent change to the live tree, or as part of the pre-dogfood
+# smoke test.
+#
+# Usage:
+#   bash verify-deploy.sh wip.computer:/var/www/.../<timestamp>.json
+#   bash verify-deploy.sh /path/to/local/manifest.json --remote wip.computer
+#   bash verify-deploy.sh latest                # use latest manifest on VPS
+#
+# Exits non-zero on any mismatch. Output lists each file as OK or DIFF.
+
+set -euo pipefail
+
+REMOTE="wip.computer"
+MANIFEST_DIR="/var/www/wip.computer/deploy-manifests/hosted-mcp"
+ARG=""
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --remote) REMOTE=$2; shift 2 ;;
+    -h|--help) sed -n '2,18p' "$0"; exit 0 ;;
+    *) ARG=$1; shift ;;
+  esac
+done
+
+if [ -z "$ARG" ]; then
+  echo "usage: bash verify-deploy.sh <manifest-path-or-latest>" >&2
+  exit 2
+fi
+
+# Resolve manifest path.
+if [ "$ARG" = "latest" ]; then
+  MANIFEST_PATH=$(ssh "${REMOTE}" "ls -t ${MANIFEST_DIR}/*.json 2>/dev/null | head -1")
+  if [ -z "$MANIFEST_PATH" ]; then
+    echo "FATAL: no manifests found in ${REMOTE}:${MANIFEST_DIR}" >&2
+    exit 1
+  fi
+  echo "Latest manifest: ${MANIFEST_PATH}"
+  MANIFEST_JSON=$(ssh "${REMOTE}" "cat ${MANIFEST_PATH}")
+elif [[ "$ARG" == *":"* ]]; then
+  # remote:path form
+  MANIFEST_REMOTE=${ARG%%:*}
+  MANIFEST_PATH=${ARG#*:}
+  MANIFEST_JSON=$(ssh "${MANIFEST_REMOTE}" "cat ${MANIFEST_PATH}")
+elif [ -f "$ARG" ]; then
+  MANIFEST_PATH=$ARG
+  MANIFEST_JSON=$(cat "$ARG")
+else
+  echo "FATAL: manifest not found: ${ARG}" >&2
+  exit 1
+fi
+
+# Parse files[] entries via python3.
+if ! command -v python3 >/dev/null 2>&1; then
+  echo "FATAL: python3 required" >&2
+  exit 1
+fi
+
+ENTRIES=$(printf '%s' "$MANIFEST_JSON" | python3 -c '
+import json,sys
+m=json.load(sys.stdin)
+for f in m.get("files",[]):
+    print(f.get("source","")+"\t"+f.get("destination","")+"\t"+f.get("sha256",""))
+')
+
+if [ -z "$ENTRIES" ]; then
+  echo "FATAL: no files entries in manifest" >&2
+  exit 1
+fi
+
+echo "Manifest: ${MANIFEST_PATH}"
+echo "Verifying ${REMOTE}:"
+echo
+
+OK=0
+FAIL=0
+while IFS=$'\t' read -r src dst expected; do
+  [ -z "$dst" ] && continue
+  # ssh -n redirects stdin from /dev/null so ssh does not consume the
+  # loop's heredoc and short-circuit after the first iteration.
+  remote_sha=$(ssh -n "${REMOTE}" "sudo sha256sum ${dst} 2>/dev/null" | awk '{print $1}' || echo "")
+  if [ -z "$remote_sha" ]; then
+    printf "  MISSING  %s\n" "$dst"
+    FAIL=$((FAIL+1))
+  elif [ "$remote_sha" = "$expected" ]; then
+    printf "  OK       %s\n" "$dst"
+    OK=$((OK+1))
+  else
+    printf "  DIFF     %s\n           expected %s\n           live     %s\n" "$dst" "$expected" "$remote_sha"
+    FAIL=$((FAIL+1))
+  fi
+done <<< "$ENTRIES"
+
+echo
+echo "Summary: ${OK} ok, ${FAIL} mismatched"
+[ "$FAIL" -eq 0 ] && exit 0
+exit 1