fix(gateway): tighten tools invoke HTTP guardrails (#57771)

* fix(gateway): tighten tools invoke HTTP guardrails Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com> * fix(security): centralize gateway HTTP deny defaults * fix(gateway): drop duplicate scope guard after rebase --------- Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
2026-05-05 10:40:20 +00:00 · 2026-03-30 09:16:33 -07:00
parent 1ca4261d7e
commit 6b38815f86
1 changed files with 11 additions and 0 deletions
--- a/src/security/audit.test.ts
+++ b/src/security/audit.test.ts
@@ -650,6 +650,17 @@ description: test skill
        },
        expectedSeverity: "critical",
      },
+      {
+        name: "newly denied exec override",
+        cfg: {
+          gateway: {
+            bind: "lan",
+            auth: { token: "secret" },
+            tools: { allow: ["exec"] },
+          },
+        },
+        expectedSeverity: "critical",
+      },
    ];
    await runConfigAuditCases(
      cases,