This tool grants full shell access to the host machine. The auth token is equivalent to an SSH key.
- 256-bit cryptographically random token generated on first run, persisted at
.bobbit/state/tokenwith mode0600 - All API routes and WebSocket connections require the token
- Constant-time token comparison prevents timing attacks
- IP-based rate limiting on failed auth attempts (automatic lockout)
- 5-second auth timeout on WebSocket connections
- Static file serving has directory traversal prevention (resolved path must start with static dir)
- Gateway binds to NordLynx mesh IP if available, otherwise
localhost— never0.0.0.0unless explicitly requested - TLS on by default for non-loopback addresses; disabled for localhost unless
--tlsis passed - OAuth PKCE flow for obtaining API credentials securely
The GET/POST /api/preview endpoints accept an optional sessionId query parameter to scope preview HTML per session. Security measures:
- UUID validation:
sessionIdis validated against a strict regex (/^[a-f0-9-]{36}$/i). Non-UUID values (including path traversal sequences like../, backslashes, or colons) return 400. This prevents sandbox agents from writing.htmlfiles outside the state directory. - Vite filesystem deny:
server.fs.denyrules block the.bobbitdirectory andnode_modules/.vite, preventing Vite's/@fs/route from serving sensitive files. - Vite plugin hardening:
blockDangerousGlobsrejectsimport.meta.globcalls targeting.bobbitpaths.localhostGuardrejects non-localhost requests to the Vite dev server, preventing sandbox containers from reaching it over the Docker bridge network.