Alan-Jowett / CoPilot-For-Consensus / 20420764651
78%

DEFAULT BRANCH: main
Ran
Jobs 0
Files 0
Run time
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
20420764651

push

github

web-flow 
security: Disable first-user admin auto-promotion by default (#511)

* Initial plan

* Add configuration to disable first user auto-promotion for production security

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Document first user auto-promotion security in README and SECURITY.md

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Clarify docstring: auto-promotion only applies to new users

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Refactor: rename to first_user_auto_promotion_enabled for clarity

- Change from disable_first_user_auto_promotion to first_user_auto_promotion_enabled
- Follows codebase convention (auto_approve_enabled, enable_dpop, require_nonce)
- Eliminates double negative (if not disable_...) for clearer logic
- Update all code, tests, and documentation
- Flip default from true to false (same security behavior)
- Rename test method for accuracy

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Docs: clarify bootstrap tokens are not yet implemented

- Update all documentation to accurately reflect that bootstrap token mechanism is planned but not implemented
- Provide interim solution: controlled temporary auto-promotion in isolated environment
- Remove misleading references to non-existent /auth/bootstrap/admin endpoint
- Emphasize strict isolation requirements for initial admin setup
- Updated: AUTH_IMPLEMENTATION_SUMMARY.md, README.md, auth/README.md, SECURITY.md

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>
Source Files on build 20420764651
Detailed source file information is not available for this build.