Found during the v0.8.8 release review (CTO, P2 deferred).
POST /altimate/mcp/reload-datamate (added in #893) is a state-changing endpoint that re-reads IDE mcp.json from disk and calls MCP.add() to (re)connect MCP clients with whatever command/url those files contain. With no OPENCODE_SERVER_PASSWORD set (the default, loopback bind + startup warning only), any local process — including a browser page the CORS policy reflects http://localhost:* / http://127.0.0.1:* for — can POST to it and trigger a reconnect.
This is the same auth posture as all existing routes (not a new exposure class), but reload-datamate is more side-effectful (spawns/reconnects transports) than the read routes, so it warrants a closer look.
Possible directions: require auth for state-changing /altimate/* routes even when the global password is unset, or tighten the CORS reflection for those routes. Deferred — design decision, not an in-diff edit, and default bind is loopback.
Found during the v0.8.8 release review (CTO, P2 deferred).
POST /altimate/mcp/reload-datamate(added in #893) is a state-changing endpoint that re-reads IDEmcp.jsonfrom disk and callsMCP.add()to (re)connect MCP clients with whatever command/url those files contain. With noOPENCODE_SERVER_PASSWORDset (the default, loopback bind + startup warning only), any local process — including a browser page the CORS policy reflectshttp://localhost:*/http://127.0.0.1:*for — can POST to it and trigger a reconnect.This is the same auth posture as all existing routes (not a new exposure class), but
reload-datamateis more side-effectful (spawns/reconnects transports) than the read routes, so it warrants a closer look.Possible directions: require auth for state-changing
/altimate/*routes even when the global password is unset, or tighten the CORS reflection for those routes. Deferred — design decision, not an in-diff edit, and default bind is loopback.