Skip to content

fix(daemon): treat unrecognized gRPC consumer tokens as unauthenticated for session ownership #71

Description

@cidrblock

Context

In PR #62, resolveGrpcSessionOwner maps a present-but-unrecognized x-abbenay-token to local (same as no token). That matches today's local-trust model for CLI/VS Code, but when consumers are configured it means a wrong token does not fail closed — it falls into the local session namespace.

Flagged during review of PR #62: #62

Proposal

When config.consumers is non-empty and a token is presented but matches no consumer, reject the session RPC (UNAUTHENTICATED) rather than treating the caller as local. Keep no-token → local for unix-socket / local CLI DX.

Coordinate with consumer auth on privileged RPCs (authorizeConsumer) so behavior is consistent.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions