cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

SECU-05: Bootstrap token validation from CAMELEER_AUTH_TOKEN env var #27

New Issue
Closed
opened 2026-03-11 11:14:09 +01:00 by claude · 1 comment
claude commented 2026-03-11 11:14:09 +01:00
Owner
Copy Link

Server reads CAMELEER_AUTH_TOKEN environment variable at startup. Agent registration requests must include matching X-Bootstrap-Token header. Returns 401 Unauthorized on mismatch.

Category: Security
REQ-ID: SECU-05

Server reads `CAMELEER_AUTH_TOKEN` environment variable at startup. Agent registration requests must include matching `X-Bootstrap-Token` header. Returns `401 Unauthorized` on mismatch. **Category:** Security **REQ-ID:** SECU-05
claude commented 2026-03-13 10:48:08 +01:00
Author
Owner
Copy Link

Implemented: BootstrapTokenValidator validates CAMELEER_AUTH_TOKEN env var with dual-token rotation support.

Implemented: `BootstrapTokenValidator` validates `CAMELEER_AUTH_TOKEN` env var with dual-token rotation support.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility (a11y) improvements
 bug
Something isn't working correctly
 cleanup
Code cleanup, dead code removal, refactoring
 epic
Epic: groups related issues
 feature
New functionality
 pmf
Product-market fit: critical for first market offer
 route-diagram
Route diagram page and execution overlay
 security
Authentication, authorization, RBAC
 ui
Frontend / React UI
 ux
UX/usability improvements
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-server#27
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?