feat(guardian): own the Vite dev port — probe, strictPort, truthful banner, origin allowlist#322
Merged
Merged
Conversation
…anner, origin allowlist Previously the UI port lived outside Guardian's port authority: dev.ts printed a hardcoded "5173 (Vite picks +1 if taken)" banner before Vite even spawned, Vite auto-incremented on its own, and the workspace WS origin allowlist kept trusting literal 5173 — so a drifted Vite port meant a lying banner plus an allowlist pointing at whatever unrelated app sat on 5173. - planPorts claims a fourth `ui` port (default 5173, probe upward; env OPENALICE_UI_PORT / ports.json `ui` key follow the same explicit fail-loud rule as the backend trio) - dev.ts banner prints the resolved port; injects OPENALICE_UI_PORT into both Vite and Alice - vite.config.ts binds exactly the injected port (strictPort) under the orchestrator; standalone keeps classic 5173 + auto-increment - buildDefaultOrigins derives UI origins from the injected port instead of hardcoded 5173, so the WS origin gate tracks the real frontend Verified end-to-end with 5173+5174 occupied: banner/Vite agree on 5175; WS upgrade with Origin 5175 → 101, stale 5173 → 403, foreign origin → 403, same-origin through the Vite proxy → 101. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
pull Bot
pushed a commit
to jinzaizhichi/OpenAlice
that referenced
this pull request
Jun 12, 2026
Headless sessions become reopenable + the ~/.openalice data root + sealed broker credentials + the UTA order lifecycle closes. release.yml tags v0.42.0-beta.1 + publishes the prerelease on master push. Highlights: - Headless runs are now real sessions: all four agent CLIs' session ids are captured from headless stdout while running, full output logs persist on disk, and a finished run reopens as a normal interactive session (resume-by-id). UI: collapsed "headless · N" tier under each workspace + output viewer in the Automation panel (TraderAlice#326). - User data moves to ~/.openalice (OPENALICE_HOME); broker credentials are sealed at rest (AES-256-GCM, machine-bound key, migration 0009); desktop relocates packaged data on first launch. - UTA order lifecycle closed: auto-sync poller + fill data + PnL invariant (TraderAlice#325); externally-placed orders observed as squashed [observed] commits with configurable cadence (TraderAlice#327); Alpaca error bodies surfaced, bybit spot+swap order sweep, listing-driven sync perf (TraderAlice#328). - CLI is the default workspace tool access; trading lands on the CLI surface as the alice-uta export family (TraderAlice#319, TraderAlice#320). - Self-host hardening: configurable ports, MCP loopback bind + lock, Docker self-host image, Guardian owns the Vite dev port (TraderAlice#303–TraderAlice#308, TraderAlice#322). - Market data: status-first settings page with coverage map (TraderAlice#323), hub FX table, keyless yfinance fallbacks, long-tail fetcher fixes (TraderAlice#310–TraderAlice#317). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
planPortsclaims a fourthuiport (default 5173, probe upward), withOPENALICE_UI_PORTenv /ports.json"ui"key following the same explicit-config-fails-loud rule as web/mcp/uta.strictPort) so banner, Vite, and allowlist can never disagree. Standalonepnpm --filter open-alice-ui devkeeps the classic 5173 + auto-increment behavior.buildDefaultOriginsderives the UI origins from the injected port instead of literal 5173 — the PTY WS origin gate now tracks the real frontend location, and a stale 5173 entry no longer whitelists whatever unrelated app happens to sit there.Test plan
npx tsc --noEmitclean (root) andtsc -bclean (ui/)pnpm testpasses (113 files / 1825 tests)localhost:5175→ 101, stalelocalhost:5173→ 403,evil.example→ 403, same-origin via Vite proxy → 101.Boundary touch
Touches the workspace WS origin allowlist (
src/workspaces/config.tsbuildDefaultOrigins). Net effect is a tightening: the allowlist follows the actual Vite port; no new origins are admitted beyond what Guardian itself resolved. The #318 same-origin rule is unaffected.🤖 Generated with Claude Code