Release v0.6.24: security fixes (SSRF, auth, tunnels, agents, email), bump versions

Author: dantelex

apps/agent/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent",
-  "version": "0.6.23",
+  "version": "0.6.24",
   "private": true,
   "bin": {
     "connect": "./dist/cli.js"

apps/api/package.json

@@ -1,13 +1,14 @@
 {
   "name": "api",
-  "version": "0.6.23",
+  "version": "0.6.24",
   "private": true,
   "scripts": {
     "dev": "nest start --watch",
     "build": "nest build",
     "start": "node dist/main",
     "start:prod": "node dist/main",
     "db:generate": "prisma generate",
+    "db:migrate": "prisma migrate deploy",
     "db:push": ". ./.env 2>/dev/null; DATABASE_URL=${DATABASE_URL_MIGRATE:-$DATABASE_URL} prisma db push",
     "db:seed": "tsx prisma/seed.ts",
     "db:dangerous-reset": "echo '⚠️  This will DELETE ALL DATA. Press Ctrl+C to cancel.' && sleep 3 && . ./.env 2>/dev/null; DATABASE_URL=${DATABASE_URL_MIGRATE:-$DATABASE_URL} prisma db push --force-reset && npm run db:seed",

apps/api/src/agents/agents.controller.ts

@@ -659,9 +659,9 @@ export class AgentsController {
       };
     }
 
-    // Send command as a message to the agent
+    // Send command as a message to the agent (fromAgentId must be a valid Agent id; use target agent for system commands)
     const message = await this.agentsService.sendMessage(
-      req.workspace.id, // Using workspace as pseudo-sender for system commands
+      id,
       id,
       req.workspace.id,
       {

apps/api/src/agents/agents.service.ts

@@ -212,11 +212,13 @@ export class AgentsService {
     expiresAt?: Date;
     error?: string;
   }> {
-    // First validate the current token
+    // First validate the current token (no workspace context yet - use withoutRls)
     const tokenHash = this.hashToken(currentToken);
-    const agent = await this.prisma.agent.findUnique({
-      where: { id: agentId },
-    });
+    const agent = await this.prisma.withoutRls(() =>
+      this.prisma.agent.findUnique({
+        where: { id: agentId },
+      })
+    );
 
     if (!agent) {
       return { success: false, error: 'Agent not found' };
@@ -231,13 +233,15 @@ export class AgentsService {
     const newTokenHash = this.hashToken(newToken);
     const newExpiresAt = calculateTokenExpiry();
 
-    await this.prisma.agent.update({
-      where: { id: agentId },
-      data: {
-        tokenHash: newTokenHash,
-        tokenExpiresAt: newExpiresAt,
-      },
-    });
+    await this.prisma.withoutRls(() =>
+      this.prisma.agent.update({
+        where: { id: agentId },
+        data: {
+          tokenHash: newTokenHash,
+          tokenExpiresAt: newExpiresAt,
+        },
+      })
+    );
 
     // Log rotation event
     await this.logAuditEvent(agentId, AgentAuditEvent.ROTATED, undefined, undefined, {
@@ -506,11 +510,13 @@ export class AgentsService {
       return null;
     }
 
-    // Find the agent and verify it belongs to the workspace
-    const agent = await this.prisma.agent.findUnique({
-      where: { id: agentId },
-      include: { workspace: true },
-    });
+    // Find the agent and verify it belongs to the workspace (no workspace context yet - use withoutRls)
+    const agent = await this.prisma.withoutRls(() =>
+      this.prisma.agent.findUnique({
+        where: { id: agentId },
+        include: { workspace: true },
+      })
+    );
 
     if (!agent || agent.workspaceId !== workspace.id) {
       return null;

apps/api/src/ai/ai.controller.ts

@@ -248,17 +248,17 @@ export class AIController {
       throw new BadRequestException('Session belongs to different workspace');
     }
 
-    // Build traffic context
+    // Redact if cloud provider (messages and traffic context must both be redacted before sending to third-party LLMs)
+    const shouldRedact = config.provider !== 'ollama';
     const trafficContext = {
       packets: session.packets.map(p => ({
         direction: p.direction,
         protocol: p.protocol,
-        parsed: p.parsed ? JSON.parse(p.parsed) : undefined,
+        parsed: p.parsed
+          ? JSON.parse(shouldRedact ? this.aiService.redactPII(p.parsed) : p.parsed)
+          : undefined,
       })),
     };
-
-    // Redact if cloud provider
-    const shouldRedact = config.provider !== 'ollama';
     const messages = shouldRedact
       ? body.messages.map(m => ({ ...m, content: this.aiService.redactPII(m.content) }))
       : body.messages;

apps/api/src/auth/auth.controller.ts

@@ -202,16 +202,8 @@ export class AuthController {
     return this.authService.getCurrentUser(token);
   }
 
+  /** Use req.ip (set by Express when trust proxy is enabled) so rate limiting cannot be bypassed via spoofed X-Forwarded-For. */
   private getClientIp(req: Request): string {
-    const forwarded =
-      req.headers['x-forwarded-for'] ||
-      req.headers['x-real-ip'] ||
-      req.ip ||
-      req.connection?.remoteAddress ||
-      req.socket?.remoteAddress ||
-      'unknown';
-
-    const raw = Array.isArray(forwarded) ? forwarded[0] : forwarded.toString();
-    return raw.split(',')[0].trim();
+    return req.ip || req.connection?.remoteAddress || req.socket?.remoteAddress || 'unknown';
   }
 }

apps/api/src/auth/auth.service.ts

@@ -152,9 +152,10 @@ export class AuthService {
     });
   }
 
-  // Login: send magic link to existing user
+  // Login: send magic link to existing user (same response whether account exists or not — prevents user enumeration)
   async login(email: string): Promise<{ message: string }> {
     const normalizedEmail = email.toLowerCase().trim();
+    const genericMessage = 'If an account exists with this email, you will receive a magic link';
 
     // Login is unauthenticated — bypass RLS
     return this.prisma.withoutRls(async () => {
@@ -163,7 +164,7 @@ export class AuthService {
       });
 
       if (!user) {
-        throw new BadRequestException('No account found with this email. Please register first.');
+        return { message: genericMessage };
       }
 
       // Invalidate any existing unused magic links
@@ -197,7 +198,7 @@ export class AuthService {
         type: 'LOGIN',
       });
 
-      return { message: 'If an account exists with this email, you will receive a magic link' };
+      return { message: genericMessage };
     });
   }
 

apps/api/src/auth/device.service.ts

@@ -55,7 +55,7 @@ export class DeviceService {
       },
     });
 
-    const baseUrl = process.env.WEB_URL || 'http://localhost:3000';
+    const baseUrl = process.env.WEB_URL || process.env.APP_URL || 'http://localhost:3000';
 
     return {
       deviceCode,

apps/api/src/auth/email.service.ts

@@ -27,7 +27,7 @@ export class EmailService {
 
   async sendMagicLink(options: SendMagicLinkOptions): Promise<void> {
     const { to, token, type, workspaceName } = options;
-    const baseUrl = process.env.APP_URL || 'http://localhost:3000';
+    const baseUrl = process.env.WEB_URL || process.env.APP_URL || 'http://localhost:3000';
     const magicLink = `${baseUrl}/verify?token=${token}`;
 
     const subject = type === 'REGISTER' 
@@ -54,8 +54,12 @@ This link expires in 15 minutes.
 
 If you didn't request this, you can safely ignore this email.`;
 
-    // In development or if Resend is not configured, log to console
+    // Resend not configured
     if (!this.resend) {
+      if (process.env.NODE_ENV === 'production') {
+        throw new Error('Email service not configured. Please set RESEND_API_KEY.');
+      }
+      // Development only: log to console (never log magic links in production)
       this.logger.log('');
       this.logger.log('═══════════════════════════════════════════════════════════');
       this.logger.log('  📧 MAGIC LINK EMAIL (Development Mode)');

apps/api/src/common/security.spec.ts

@@ -0,0 +1,28 @@
+import { extractClientIp } from './security';
+
+describe('extractClientIp', () => {
+  it('returns the rightmost IP from X-Forwarded-For to prevent spoofing', () => {
+    const headers = {
+      'x-forwarded-for': '8.8.8.8, 1.2.3.4', // 8.8.8.8 is spoofed, 1.2.3.4 is real client IP added by proxy
+    };
+    const ip = extractClientIp(headers);
+    expect(ip).toBe('1.2.3.4');
+  });
+
+  it('returns the only IP when X-Forwarded-For has one entry', () => {
+    const headers = { 'x-forwarded-for': '203.0.113.50' };
+    expect(extractClientIp(headers)).toBe('203.0.113.50');
+  });
+
+  it('prefers Cloudflare cf-connecting-ip when present', () => {
+    const headers = {
+      'cf-connecting-ip': '1.2.3.4',
+      'x-forwarded-for': '8.8.8.8, 1.2.3.4',
+    };
+    expect(extractClientIp(headers)).toBe('1.2.3.4');
+  });
+
+  it('returns undefined when no IP headers are present', () => {
+    expect(extractClientIp({})).toBeUndefined();
+  });
+});