Fix gRPC bind host fail-open by homerquan · Pull Request #2 · MirrorNeuronLab/MirrorNeuron

homerquan · 2026-05-18T17:39:53Z

The gRPC listener previously treated unparsable MN_CORE_HOST values as no bind restriction, which could expose unauthenticated control APIs to all interfaces.
The change ensures invalid or oddly-cased localhost values do not silently remove the loopback binding and instead fail closed to loopback.

Normalize MN_CORE_HOST (trim and to_string) and centralize parsing in grpc_bind_opts/1 so empty and whitespace variants bind to 127.0.0.1.
Preserve IPv4/IPv6 literal passthrough by using :inet.parse_address/1 and treat any parse failure as a loopback-binding decision via grpc_loopback_opts/1.
Add a Logger.warning/1 when a non-literal, non-localhost host is provided to notify operators that the listener is being restricted to loopback.
Add unit tests at tests/unit/application_test.exs to cover localhost variants, IP literals, and invalid hostnames, and update README.md to document the binding behavior.

mix format --check-formatted completed successfully.
Executed a direct Elixir invocation that loads lib/mirror_neuron/application.ex and exercised MirrorNeuron.Application.grpc_bind_opts/1, which validated localhost normalization, IP literal passthrough, and fail-closed behavior and emitted the expected warning.
mix deps.get / mix test could not be run due to environment/network restrictions preventing Hex from being fetched, so the new unit test file was added but could not be executed in this environment.

Fix gRPC bind host fail-open

1b959ca

homerquan added codex aardvark labels May 18, 2026 — with ChatGPT Codex Connector

homerquan added the codex label May 18, 2026

homerquan merged commit 915fc35 into main May 18, 2026
1 check failed

Provide feedback