Summary
OpenWolf PR #16 (cytostack/openwolf#16) reports that the dashboard server binds to 0.0.0.0 by default with no authentication. This exposes all .wolf/ brain files (cerebrum, memory, buglog, token-ledger, suggestions) and allows remote cron task execution to anyone on the same network.
Relevance to OpenOwl
OpenOwl's dashboard (React + Express + WebSocket) likely shares the same or similar architecture. We need to verify:
- Network binding — Does our Express server bind to
0.0.0.0 or 127.0.0.1?
- Authentication — Is there any auth on the REST API or WebSocket connections?
- Exposed endpoints — Can unauthenticated users access
/api/files, /api/cron/run/:taskId, or similar?
- WebSocket security — Can unauthenticated users trigger tasks via WebSocket messages?
Suggested Fix
- Default bind to
127.0.0.1 (localhost only)
- Add optional token-based authentication for remote access
- Add a startup warning if binding to a non-loopback interface
- Consider adding this to the daemon config so users can opt-in to network exposure
Reference
Summary
OpenWolf PR #16 (cytostack/openwolf#16) reports that the dashboard server binds to
0.0.0.0by default with no authentication. This exposes all.wolf/brain files (cerebrum, memory, buglog, token-ledger, suggestions) and allows remote cron task execution to anyone on the same network.Relevance to OpenOwl
OpenOwl's dashboard (React + Express + WebSocket) likely shares the same or similar architecture. We need to verify:
0.0.0.0or127.0.0.1?/api/files,/api/cron/run/:taskId, or similar?Suggested Fix
127.0.0.1(localhost only)Reference
.wolf/to local network, allows remote cron task execution and brain file read access