Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94 Commits 3 Branches 23 Tags
a8b2cddcf537009f1dcad39a015de1b268723806
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
root a8b2cddcf5 fix(workers): safe_fetch pins IP + manual redirect re-validation 
Two real findings from the security reviewer:

1. urllib auto-follows 3xx redirects via the default HTTPRedirectHandler.
   The previous code's hop loop never ran — urllib silently followed.
   Replaced with http.client + a manual hop loop. Every hop re-runs
   _validate_url, so an open-redirect to 127.0.0.1 / RFC1918 / metadata
   gets caught on the second hop.

2. DNS TOCTOU — _resolve() validated but urllib.request re-resolved on
   connect. Now the connection is pinned to the validated IP via a
   PinnedHTTPConn / PinnedHTTPSConn subclass that overrides connect() to
   bind socket.create_connection to (addr, port). For HTTPS, TLS
   server_hostname is set to the original host so SNI + cert
   verification still work against the named host while the TCP
   destination is the pinned IP.

Tests added: redirect-to-loopback short-circuits at validation;
too-many-redirects exhausts max_hops; 2xx returns body; non-2xx raises.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-01 10:28:55 +10:00
deploy
fix(deploy): push-workers.sh chowns + preserves .env
2026-06-01 10:06:29 +10:00
docs
chore: version 2.0.0-alpha.4 + changelog + plan-4 completion doc
2026-06-01 10:25:31 +10:00
lib
feat(cron): daily sync.source_doc enqueue
2026-06-01 10:14:07 +10:00
public
feat(ui): Jobs panel with retry/delete + 10s polling
2026-06-01 03:56:52 +10:00
tests
chore: version 2.0.0-alpha.4 + changelog + plan-4 completion doc
2026-06-01 10:25:31 +10:00
workers
fix(workers): safe_fetch pins IP + manual redirect re-validation
2026-06-01 10:28:55 +10:00
.env.example
chore: initial repo scaffolding
2026-05-31 01:22:10 +10:00
.gitignore
chore: initial repo scaffolding
2026-05-31 01:22:10 +10:00
CHANGELOG.md
chore: version 2.0.0-alpha.4 + changelog + plan-4 completion doc
2026-06-01 10:25:31 +10:00
package-lock.json
feat(cron): daily sync.source_doc enqueue
2026-06-01 10:14:07 +10:00
package.json
chore: version 2.0.0-alpha.4 + changelog + plan-4 completion doc
2026-06-01 10:25:31 +10:00
README.md
chore: initial repo scaffolding
2026-05-31 01:22:10 +10:00
server.js
chore: version 2.0.0-alpha.4 + changelog + plan-4 completion doc
2026-06-01 10:25:31 +10:00
vitest.config.js
feat(repos): spaces, projects, tasks with audit stub
2026-05-31 02:11:31 +10:00

README.md

Void 2.0

Homelab orchestrator + canonical knowledge store. Cradle-themed. Successor to Void 1.x (CT 301). Spec at /project/docs/superpowers/specs/2026-05-31-void-v2-design.md.

Layout

  • void-server (this repo) — Node API, MCP, UI, cron, agent runtime
  • void-workers — Python ingest workers (separate repo, later plan)

Quick start (dev)

  1. Provision void2-db LXC (see deploy/README.md)
  2. Install Postgres + pgvector on void2-db
  3. npm install
  4. cp .env.example .env and edit
  5. npm run migrate
  6. npm start
  7. curl -H "Authorization: Bearer $OWNER_TOKEN" http://localhost:3000/health
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 2.6 MiB
Languages
JavaScript 87.5%
CSS 6.4%
Python 5.2%
Shell 0.7%
HTML 0.2%