mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 16:16:52 +00:00
fix(auth): harden agy safety endpoints and config writes
- add safer error responses for settings/auth routes to avoid leaking internals - guard sensitive AGY settings endpoints to localhost when dashboard auth is off - validate start-route bodies and reject OAuth start in remote mode for consistency - preserve cliproxy.kiro_no_incognito and token_refresh during config merges - enforce AGY acknowledgement in remote auth-token run/auth command paths
This commit is contained in:
@@ -529,9 +529,23 @@ export async function execClaudeWithCLIProxy(
|
||||
log(`Using remote proxy authentication (skipping local OAuth)`);
|
||||
}
|
||||
|
||||
if (provider === 'agy' && !forceAuth && !skipLocalAuth) {
|
||||
if (provider === 'agy' && forceAuth && skipLocalAuth) {
|
||||
const acknowledged = await ensureCliAntigravityResponsibility({
|
||||
context: 'oauth',
|
||||
acceptedByFlag: acceptAgyRisk,
|
||||
});
|
||||
if (!acknowledged) {
|
||||
throw new Error(
|
||||
`Antigravity auth blocked. Re-run after completing confirmation or pass ${ANTIGRAVITY_ACCEPT_RISK_FLAGS[0]}.`
|
||||
);
|
||||
}
|
||||
console.error(info('Remote proxy mode is active; local OAuth flow is skipped in --auth mode.'));
|
||||
return;
|
||||
}
|
||||
|
||||
if (provider === 'agy' && !forceAuth) {
|
||||
const requiresAuthNow = providerConfig.requiresOAuth && !isAuthenticated(provider);
|
||||
if (!requiresAuthNow) {
|
||||
if (skipLocalAuth || !requiresAuthNow) {
|
||||
const acknowledged = await ensureCliAntigravityResponsibility({
|
||||
context: 'run',
|
||||
acceptedByFlag: acceptAgyRisk,
|
||||
|
||||
Reference in New Issue
Block a user