- Branch:
main - Entire:
entire resume mainreturned no checkpoint. - Recent commits focus on v0.6.0 release and registry metadata.
- Authenticated proxy URLs were generated by
ServiceRegistry::base_url_overrides_with_tokenincrates/phantom-proxy/src/services.rs. phantom execandphantom startboth consumed that helper and printed/injected URLs containing?phantom_token=....- Proxy authentication happens in
crates/phantom-proxy/src/server.rs::handle_request. - The proxy already strips
phantom_tokenfrom forwarded upstream queries and dropsx-phantom-proxy-tokenfrom forwarded headers.
- Added
ProxyConfig::allow_query_token_auth, defaulting tofalse. - Header token auth remains
x-phantom-proxy-token. - Query token auth now works only when the proxy is started with
allow_query_token_auth: true. - CLI compatibility switch:
PHANTOM_PROXY_ALLOW_QUERY_TOKEN=1. - Default
phantom execandphantom startbase URLs are now token-free. phantom execpassesPHANTOM_PROXY_TOKENinto the child environment.phantom startcontinues printingPHANTOM_PROXY_TOKENas a separate export.
~/.cargo/bin/cargo test -p phantom-secrets-proxy: passed, 59 tests.~/.cargo/bin/cargo check -p phantom-secrets: passed.~/.cargo/bin/cargo fmt --all -- --check: passed after formatting.
- Added signed monotonic
seqvalues to new audit events. phantom audit verifynow treats malformed JSON lines and sequence gaps as verification failures.- Added
audit-head.json, a signed atomic head checkpoint withlast_seqandlast_hmac. verify_log()compares the walked log tail against the head checkpoint, catching tail truncation of new sequenced logs.- Remaining known limitation: deleting both
audit.logandaudit-head.jsonstill requires external backup/checkpoint evidence. - Explorer findings confirmed next audit gaps after this slice: file locking for concurrent writers, explicit fail-closed mode, and wider audit coverage for cloud/team/sync/proxy/MCP/config events.
- MCP mutating tools still use
confirm: true; next hardening slice should add out-of-band nonce approvals bound to tool name, canonical args hash, project, TTL, and audit events. .phantom.tomlservice mappings accept free-form domains; next config slice should add advisory risk analysis in core and surface warnings indoctor/check.- Web blockers include device auth normalization mismatch, browser billing auth mismatch, team API/client contract mismatches, recursive RLS policies, and non-atomic team vault CAS.
- Docs/action drift: GitHub Action docs reference unsupported flags (
login --ci,cloud pull --env,list --count), source install package names are inconsistent, and proxy-auth docs need updating after header-only defaults.
- Fixed initiate/approve mismatch by storing
device_tokens.user_codeas canonical uppercase alphanumeric without hyphens. - API still returns readable
XXXX-XXXXcodes using shared formatting helper. - Browser device page and approve route now use shared normalization/validation helpers.
- Initiate rate limit now matches its comment: reject once 10 device codes have been created in the last minute.
- Added migration
20260523000016_canonical_device_user_codes.sqlto canonicalize existing user codes and enforce a uniqueuser_codeindex. - Verification:
npx tsc --noEmitpassed,npm run buildpassed.
- Added
PhantomConfig::service_risks()to flag suspicious API service mappings without rejecting custom providers. - Warnings cover built-in service reroutes, known secret keys routed to unexpected domains, URL/path/userinfo/wildcard patterns, localhost/private IPs, and
header_formatvalues missing{secret}. phantom doctorsurfaces route risks as issues with a review fix hint.phantom check --stagedparses staged.phantom.tomlblobs and prints route-risk warnings without incrementing blocking issues.- Verification:
cargo test -p phantom-secrets-core service_risks,cargo test -p phantom-secrets --test check_test, andcargo test -p phantom-secrets --test doctor_testpassed.
- Rust team client expects raw arrays/objects for list/create/members while web routes return
{ teams },{ team }, and{ members }. - Fixed Rust response envelope parsing in
crates/phantom-core/src/teams.rsforlist_teams,create_team, andlist_members. - Added serde contract tests for
{ teams },{ team }, and{ members }. - Remaining team contract issue: Rust sends
github_loginfor invites while web currently requiresuser_id. - Verification:
cargo test -p phantom-secrets-core teamspassed.
- Public docs still need header-auth wording after the proxy auth change.
- Update README/getting-started/LLM docs/blog snippets to state local proxy requests must send
x-phantom-proxy-token: $PHANTOM_PROXY_TOKEN. - Query-string proxy auth should be described only as legacy compatibility via
PHANTOM_PROXY_ALLOW_QUERY_TOKEN=1.
- Updated README quick start, Windows notes, how-it-works, command reference, and feature list to describe
PHANTOM_PROXY_TOKENandx-phantom-proxy-token. - Updated
docs/getting-started.md,docs/llms-full.txt, andapps/web/public/llms-full.txtto remove stale claims that phantom placeholders are regenerated perphantom execsession. - Updated static docs/pricing copy from "session-scoped tokens" to header-authenticated proxy sessions.
- Verification:
rgconfirmed no remaining "Session-scoped tokens" or "session generates fresh phantom" claims in README/docs/public LLM copy.
- Disabled
integrations/github-actions/action.ymlas a fail-fast placeholder because the current CLI does not support non-interactive Phantom Cloud auth for GitHub Actions. - Replaced GitHub Action README and example workflow with supported CI patterns:
phantom check --stagedin CI and platform sync to Vercel/Railway for deployment secrets. - Rewrote
docs/ci-cd.mdto remove unsupportedphantom login --ci,phantom reveal --passphrase,phantom cloud pull --env,phantom list --count,phantom status --quiet,PHANTOM_CLOUD_TOKEN, and Fly.io sync claims. - Verification:
rgconfirms remaining unsupported commands appear only in the GitHub Action README's explicit "Not Supported Yet" list.
- Fixed the web
POST /api/v1/teams/:team_id/membersroute to accept either legacyuser_idor the intended CLI/MCPgithub_logincontract. - GitHub login values are trimmed, optional leading
@is stripped, and lookup is case-insensitive viailike. - Missing invitee returns a product-specific 404 telling the user the invitee must sign in to Phantom first; duplicate login matches return 409.
- Owner role remains disallowed through invitations because owner transfer is a separate future flow.
- Verification:
npm run buildandnpx tsc --noEmitpassed after this route change.
- Integration review found three production blockers: header-only proxy auth could break generic SDKs, audit HMAC/head writes were not concurrency-safe, and device-code migration could fail on historical canonical duplicates.
- All three were addressed in follow-up slices below.
- Remaining candidate slices: MCP nonce approval hardening, wider audit event coverage for cloud/team/sync/proxy/config, Supabase RLS recursion review, and team vault CAS.
- Kept proxy server header auth and query compatibility support, but changed CLI-generated SDK URLs to use a path-scoped local auth segment:
/<service>/_phantom/<proxy-token>/. - The proxy strips
/_phantom/<token>before route matching and before forwarding upstream. phantom execandphantom startdefault to SDK-compatible path-auth URLs;PHANTOM_PROXY_HEADER_AUTH_ONLY=1emits token-free base URLs and requiresx-phantom-proxy-token.- Updated README, threat model, docs, static site, and LLM reference copy to distinguish default SDK compatibility from strict header-only mode.
initiatenow retries unique constraint collisions up to five times before returning 503.approvenow selects the newest pending, unexpired canonical user code withmaybeSingle()instead of failing on old duplicate rows.- Migration now canonicalizes user codes, expires stale pending rows, expires older duplicate pending rows, and creates a partial unique index on pending
user_codeonly.
- Added
AuditMode::{Disabled, BestEffort, Required}withPHANTOM_AUDIT=required/fail-closed. - Added
log_result()so future high-risk command paths can propagate audit failures while legacylog()remains best-effort. - Added an
audit.lockfile with exclusive writer locking and shared verify locking to serialize HMAC-chain/head checkpoint transactions. - Added concurrency and required-mode unit tests in
crates/phantom-core/src/audit.rs.