Skip to content

chore: regenerate poetry.lock to match pyproject.toml#2

Merged
github-actions[bot] merged 1 commit into
mainfrom
auto/regenerate-poetry-lock-20260303142002
Mar 3, 2026
Merged

chore: regenerate poetry.lock to match pyproject.toml#2
github-actions[bot] merged 1 commit into
mainfrom
auto/regenerate-poetry-lock-20260303142002

Conversation

@github-actions

@github-actions github-actions Bot commented Mar 3, 2026

Copy link
Copy Markdown

Automated regeneration of poetry.lock after pyproject.toml was updated on main.

Fixes the recurring CI failure:

pyproject.toml changed significantly since poetry.lock was last generated.
Run `poetry lock` to fix the lock file.

@github-actions github-actions Bot merged commit 0ae6414 into main Mar 3, 2026
Harshit28j pushed a commit that referenced this pull request Mar 10, 2026
Harshit28j pushed a commit that referenced this pull request Mar 20, 2026
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Harshit28j pushed a commit that referenced this pull request Apr 25, 2026
Continuation of Veria E3NpkuAd / Audit-B hardening. All three are the
same anti-pattern PR BerriAI#25904 already addressed for _user_is_org_admin
and /user/delete: route-level gate trusts a caller-supplied scope
field, handler operates on a different scope.

1. /user/update no longer silently creates a user when the target
   email doesn't exist. Pre-fix, an org admin could supply a fresh
   email + caller-chosen budget/models/metadata; the INSERT path
   created the user with no org attachment, bypassing /user/new's
   org/team authorization. Now require PROXY_ADMIN for the create
   branch; return 404 otherwise. Also fixes /user/bulk_update because
   it dispatches through the same _update_single_user_helper.

2. /team/bulk_member_add with all_users=true restricted to PROXY_ADMIN.
   The flag pulls every user in the database into the target team,
   ignoring org scope — any team admin could use it to capture every
   user across every org into their team.

3. /team/update now verifies destination-org admin rights. When the
   request carries an organization_id that differs from the team's
   current org, an org admin of the caller's current org could
   previously relocate the team into any other org (draining their
   resources, or capturing a team they once administered). Require
   PROXY_ADMIN or org-admin of the DESTINATION org for the relocation.

Regression tests for #1 and #3; #2 covered by the existing bulk_add
suite after the gate addition.
Harshit28j pushed a commit that referenced this pull request Apr 25, 2026
Audit-B #2. _check_key_admin_access was gated on max_budget/spend
changes only, which meant a non-admin caller could blanket-rewrite
any OTHER field on any key (key_alias, models, tpm_limit, rpm_limit,
metadata, tags, allowed_routes, guardrails, blocked, duration,
permissions, auto_rotate, access_group_ids, object_permission, …)
as long as they avoided budget/spend. Example attack:

  POST /key/update {
    key: sk-victim-in-org-B,
    models: [],
    blocked: true,
    organization_id: org-A,
  }

The caller is org-admin of org-A, which satisfies the route gate;
the handler then wipes models and blocks the victim's key.

Policy after this fix:
- PROXY_ADMIN: always allowed.
- Key OWNER (matching user_id): allowed for non-budget fields;
  budget/spend changes still require team/org admin.
- Everyone else: must pass _check_key_admin_access (PROXY_ADMIN /
  key-owner / team-admin / org-admin of the key).

Regression test confirms a non-owner INTERNAL_USER cannot rewrite
key_alias/blocked on someone else's key; existing test covers the
owner-can-update-alias case; existing test covers
internal-user-cannot-modify-max-budget.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants