patch
COMPANION-APP-PHASE-2-LOOPBACK-SECURITY.md
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.1. Adversarial threat model
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.1. Adversarial threat model.Attacker A — malicious web page in the user's browser (cross-origin)
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.1. Adversarial threat model.Attacker B — DNS-rebinding (make a remote origin appear to target loopback)
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.1. Adversarial threat model.Attacker C — a local non-browser process
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.1. Adversarial threat model.Attacker D — prompt-injection payload inside a note body
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.1 verifyLoopbackRequest(params) → LoopbackVerdict
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.1 verifyLoopbackRequest(params) → LoopbackVerdict.code[js]
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.1 verifyLoopbackRequest(params) → LoopbackVerdict.table@L152
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.1 verifyLoopbackRequest(params) → LoopbackVerdict.table@L165
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.2 Rate-limit helpers
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.2. Guard contract — lib/companion-loopback-guard.mjs.2.3 Why the Origin allowlist is the loopback origin only
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.3. Evaluation order (and why)
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.3. Evaluation order (and why).code
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.4. The rate-limit recording contract
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.4. The rate-limit recording contract.code[js]
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.5. Mapping: gate §4 controls → Phase 2 enforcement
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.5. Mapping: gate §4 controls → Phase 2 enforcement.table
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.6. What Phase 5 must do to bind the socket safely
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.7. Test obligations satisfied (gate §10, 7 tiers)
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.7. Test obligations satisfied (gate §10, 7 tiers).table
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.8. Deferred (explicitly not Phase 2)
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.Simple summary
11 hours ago
insert
Companion App — Phase 2: Loopback Endpoint Security Core.Technical summary
11 hours ago