[security] fix(ohmo): gate gateway-scoped /provider and /model commands#281
Open
glitch-ux wants to merge 1 commit into
Open
[security] fix(ohmo): gate gateway-scoped /provider and /model commands#281glitch-ux wants to merge 1 commit into
glitch-ux wants to merge 1 commit into
Conversation
/provider and /model are registered with remote_invocable=False and remote_admin_opt_in=True in src/openharness/commands/registry.py, but OhmoSessionRuntimePool.stream_message intercepted them with _handle_gateway_scoped_command before the remote-allowed gate ran, so the contract was silently skipped for both commands. Move the gateway-scoped intercept after the gating block so the existing remote_admin_opt_in / allow_remote_admin_commands + allowed_remote_admin_commands path governs them like every other admin command. Add a regression test that asserts /provider and /model are rejected unless the operator has opted in, and update the existing positive test to set the opt-in so it continues to exercise the success path. Refs HKUDS#280
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #280. Restores the
remote_invocable/remote_admin_opt_ingate for the two ohmo gateway-scoped administrative commands (/provider,/model) that were silently bypassing it.The bug
ohmo/gateway/runtime.pyshort-circuited/providerand/modelthrough_handle_gateway_scoped_commandbefore the remote-allowed gate at lines 276-298, so neitherremote_invocable=Falsenor theallow_remote_admin_commands+allowed_remote_admin_commandsopt-in was consulted for those two commands. Any sender on the channel allowlist could swap the active provider profile or mutateallowed_modelsover Slack/Telegram/Feishu/Discord/Matrix.Both commands are registered with
remote_invocable=False, remote_admin_opt_in=Trueatsrc/openharness/commands/registry.py:2453-2470, matching the pattern recently extended to/commit,/diff,/tasks,/autopilot,/session,/issue, etc.The fix
ohmo/gateway/runtime.py— move the_handle_gateway_scoped_commandcall after the existing gate. The gate already supports admin opt-in viaGatewayConfig.allow_remote_admin_commands=Trueandallowed_remote_admin_commands=["provider","model"], so the operator-opted-in flow keeps working unchanged.Test plan
test_runtime_pool_rejects_gateway_scoped_command_without_admin_opt_incovers both/provider codexand/model gpt-5.5and asserts:handle_gateway_provider_command/handle_gateway_model_commandare NOT invoked.gateway.yaml'sprovider_profileis unchanged.build_callslength stays at 1).test_runtime_pool_provider_command_refresh_uses_gateway_profileupdated to setallow_remote_admin_commands=True, allowed_remote_admin_commands=["provider","model"]. It still asserts the runtime rebuild + active-profile swap on success.uv run pytest tests/test_ohmo/test_gateway.py -q→ 72 passeduv run pytest tests/test_ohmo/ -q→ 92 passeduv run ruff check src tests scripts→ cleanCHANGELOG intentionally not updated per repo maintainer practice for
[security] fix(...)commits.