Skip to content

Auctalis/nocturnusai

v0.3.8 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

agentic-ai agents ai-agents ai-memory backward-chaining context-engineering
+8 more
cost-optimization inference-engine knowledge-graph langchain logic-programming mcp reasoning truth-maintenance

Affected surfaces

auth rbac breaking_upgrade

Summary

AI summary

POST /execute now requires RULE_WRITE permission and WAL/snapshot strict decryption is on by default.

Full changelog

Second wave of security fixes on top of v0.3.7. All 764 tests pass.

🛡️ Security

High

  • Trusted-proxy-aware rate limitingAuthInterceptor and /auth/bootstrap now honour X-Forwarded-For when the TCP peer is listed in TRUSTED_PROXY_IPS. Without this, every client behind a reverse proxy shared a single bucket (DoS vector) and attackers upstream of the proxy could evade the limit entirely.

Medium

  • Strict GCM decrypt for WAL + snapshots — when ENCRYPTION_KEY is configured, lines/files that fail auth are skipped rather than silently accepted as plaintext, blocking injection of replayable records by someone with filesystem access. Set STORAGE_STRICT_DECRYPT=false for a one-off legacy-data migration.
  • Log-injection guardCallLogging sanitizes URI and X-Database / X-Tenant-ID headers before logging (strips CRLF + control chars, caps length).
  • POST /admin/backups — validates the db query param via Validator and returns only the relative backup name (previously leaked the absolute server-side path).
  • POST /infer result cap — bounded by INFERENCE_MAX_RESULTS (default 10 000) to prevent OOM from cartesian rule expansion.
  • Atomic snapshot renameSnapshotManager.saveSnapshot now uses Files.move(ATOMIC_MOVE, REPLACE_EXISTING) instead of the silent-fail File.renameTo.

Low

  • API key pepper — when API_KEY_PEPPER is set, new keys are stored as HMAC-SHA256(pepper, key). Legacy SHA-256 keys continue to validate for rolling migration.
  • /llm.txt filter — no longer advertises /admin/*, /auth/* (except /auth/status), or /replication/* routes. It was unauthenticated and functioning as a discovery aid.
  • POST /execute requires RULE_WRITE (was FACT_WRITE) — the DSL is strictly more powerful than any single /assert/* route.
  • Parser command capPARSER_MAX_COMMANDS (default 10 000) guards /execute against DoS via oversized scripts.

🔧 New environment variables

| Variable | Default | Purpose |
|----------|---------|---------|
| TRUSTED_PROXY_IPS | (empty) | Comma-separated proxy IPs whose X-Forwarded-For header is trusted |
| STORAGE_STRICT_DECRYPT | true | Fail-closed on GCM auth errors when ENCRYPTION_KEY is set |
| INFERENCE_MAX_RESULTS | 10000 | Cap on /infer response cardinality |
| PARSER_MAX_COMMANDS | 10000 | Cap on commands per /execute payload |
| API_KEY_PEPPER | (empty) | Secret used to HMAC API keys at rest; opt-in for new keys |

⚠️ Breaking changes

  • POST /execute now requires RULE_WRITE. Any writer-scoped key that previously called /execute must be upgraded or the traffic moved to the narrower /assert/* routes.
  • WAL / snapshot strict decrypt is on by default. If your deployment has a mix of legacy plaintext and encrypted storage, set STORAGE_STRICT_DECRYPT=false during migration.

Still on the backlog (tracked for a follow-up)

  • SSE per-principal concurrency + idle-timeout caps
  • Broader narrowing of catch (Exception) { e.message } in AdminRoutes beyond /admin/backups

Full diff: https://github.com/Auctalis/nocturnusai/compare/v0.3.7...v0.3.8

Breaking Changes

  • POST /execute now requires RULE_WRITE permission (previously accepted FACT_WRITE).
  • WAL and snapshot strict decryption is enabled by default when ENCRYPTION_KEY is set; legacy plaintext storage must opt out via STORAGE_STRICT_DECRYPT=false during migration.

Security Fixes

  • High severity fix: AuthInterceptor and /auth/bootstrap now honour X-Forwarded-For from trusted proxies (prevents DoS vector).
  • Medium severity fixes: Strict GCM decrypt for WAL/snapshots skips invalid records; Log-injection guard sanitizes headers; /admin/backups param validation prevents path leakage; /infer result cap prevents OOM; Atomic snapshot rename uses atomic move.
  • Low severity fixes: API key pepper adds HMAC storage option; /llm.txt route filtering removes admin/auth/replication endpoints; Parser command cap via PARSER_MAX_COMMANDS.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Auctalis/nocturnusai

Get notified when new releases ship.

Sign up free

About Auctalis/nocturnusai

Deterministic reasoning engine for AI agent context compression. Extracts structured facts with logical inference, proof chains, and truth maintenance. REST API, Python/TypeScript SDKs, and MCP server integration.

All releases →

Related context

Beta — feedback welcome: [email protected]