You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem\n\nTerminalRegistry.create injects FRESHELL_TOKEN (from AUTH_TOKEN) into the environment of every spawned PTY (shell + coding CLIs). Any process running inside a Freshell terminal can read the server auth token.\n\nRelevant code: server/terminal-registry.ts (baseEnv includes FRESHELL_TOKEN).\n\n## Why This Matters\n\n- Token can leak via env dumps, crash logs, subprocess inheritance, etc.\n- Any command executed in the terminal gets full API access by default (violates least privilege).\n- If a user runs untrusted code in a terminal, it can exfiltrate the token.\n\n## Proposed Fix (Preferred)\n\n1. Stop injecting AUTH_TOKEN into terminal environments by default.\n2. Introduce a scoped “agent token” (least-privilege) for terminal-initiated automation:\n - Short TTL\n - Scope-limited to agent/CLI endpoints\n - Optionally bound to a terminalId/sessionId\n3. Provide an explicit opt-in setting if we still want convenience:\n - UI setting: "Expose API token to terminal env" (default OFF)\n\n## Alternatives\n\n- Write token to a restricted file (0600) and pass only FRESHELL_TOKEN_FILE instead of the token value.\n- Require users to set FRESHELL_TOKEN manually when they want CLI access from terminals.\n\n## Acceptance Criteria\n\n- Default terminal env does not contain a reusable server auth token.\n- CLI still has a supported auth story (explicit token or scoped token).\n
Problem\n\n
TerminalRegistry.createinjectsFRESHELL_TOKEN(fromAUTH_TOKEN) into the environment of every spawned PTY (shell + coding CLIs). Any process running inside a Freshell terminal can read the server auth token.\n\nRelevant code:server/terminal-registry.ts(baseEnvincludesFRESHELL_TOKEN).\n\n## Why This Matters\n\n- Token can leak viaenvdumps, crash logs, subprocess inheritance, etc.\n- Any command executed in the terminal gets full API access by default (violates least privilege).\n- If a user runs untrusted code in a terminal, it can exfiltrate the token.\n\n## Proposed Fix (Preferred)\n\n1. Stop injectingAUTH_TOKENinto terminal environments by default.\n2. Introduce a scoped “agent token” (least-privilege) for terminal-initiated automation:\n - Short TTL\n - Scope-limited to agent/CLI endpoints\n - Optionally bound to a terminalId/sessionId\n3. Provide an explicit opt-in setting if we still want convenience:\n - UI setting: "Expose API token to terminal env" (default OFF)\n\n## Alternatives\n\n- Write token to a restricted file (0600) and pass onlyFRESHELL_TOKEN_FILEinstead of the token value.\n- Require users to setFRESHELL_TOKENmanually when they want CLI access from terminals.\n\n## Acceptance Criteria\n\n- Default terminal env does not contain a reusable server auth token.\n- CLI still has a supported auth story (explicit token or scoped token).\n