You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: allow token-based agent onboarding routes through proxy auth (#18)
* fix: allow token-based agent onboarding routes through proxy auth
The onboarding bootstrap flow serves /api/onboarding/script and
/api/onboarding/register to agents using signed invite tokens, not
human JWTs. The app proxy was requiring authentication for all API
routes except an explicit allowlist, which returned 401 before the
onboarding handlers could verify the invite token.
Add script (GET) and register (POST) to route-local auth passthrough so
invite creation stays operator-protected while agent bootstrap works.
Co-authored-by: Luis Calderon <luis@calderon.com>
* chore: cover onboarding routes in route-auth boundary check
Co-authored-by: Luis Calderon <luis@calderon.com>
* chore: refresh proxy trust-boundary checklist hash
Co-authored-by: Luis Calderon <luis@calderon.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
0 commit comments