archy/loop/pentest/recon/surface.md

Not critical — those app proxy paths were already confirmed through other probes. The full attack surface analysis is complete above.

**Summary of critical findings:**

1. **Zero authentication on the entire RPC API** — every method callable by anyone on the network
2. **Arbitrary container image execution** — `package.install` pulls and runs any Docker image
3. **Cryptographic key abuse** — `node.signChallenge` signs arbitrary data without auth (confirmed with live signature)
4. **FileBrowser full access via default credentials** — `admin/admin` confirmed working with admin JWT
5. **Unauthenticated Claude API proxy** — free API usage at owner's expense (confirmed)
6. **P2P message injection** — spoofed messages already present in the message store
7. **CORS wildcard** on all endpoints enables drive-by attacks from any website
8. **Backend runs as root** with dev mode enabled in production

The most urgent remediation is wiring authentication middleware into the `core/archipelago` handler — the session infrastructure exists in `core/startos/` but is **not connected** to the active backend's request pipeline.
chore: add security pentest reports and remediation plan Overnight pentest run produced recon, analysis, exploitation reports, and a full security assessment. Plan.md updated with 22 prioritized fix items for auth, SSRF, injection, XSS, and hardening. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-06 03:08:14 +00:00			`Not critical — those app proxy paths were already confirmed through other probes. The full attack surface analysis is complete above.`

			`Summary of critical findings:`

			`1. Zero authentication on the entire RPC API — every method callable by anyone on the network`
			2. Arbitrary container image execution — `package.install` pulls and runs any Docker image
			3. Cryptographic key abuse — `node.signChallenge` signs arbitrary data without auth (confirmed with live signature)
			4. FileBrowser full access via default credentials — `admin/admin` confirmed working with admin JWT
			`5. Unauthenticated Claude API proxy — free API usage at owner's expense (confirmed)`
			`6. P2P message injection — spoofed messages already present in the message store`
			`7. CORS wildcard on all endpoints enables drive-by attacks from any website`
			`8. Backend runs as root with dev mode enabled in production`

			The most urgent remediation is wiring authentication middleware into the `core/archipelago` handler — the session infrastructure exists in `core/startos/` but is not connected to the active backend's request pipeline.