Skip to content

[codex] Harden Tenderly admin controls#1244

Closed
rossgalloway wants to merge 1 commit into
codex/reconcile-vnet-portfolio-impersonationfrom
codex/harden-tenderly-admin-access-vnet
Closed

[codex] Harden Tenderly admin controls#1244
rossgalloway wants to merge 1 commit into
codex/reconcile-vnet-portfolio-impersonationfrom
codex/harden-tenderly-admin-access-vnet

Conversation

@rossgalloway

@rossgalloway rossgalloway commented May 19, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • require TENDERLY_ADMIN_SECRET for local Tenderly admin mutations
  • add a validation endpoint and gate the control panel behind a successful secret check
  • keep the Tenderly mode toggle available whenever Tenderly is configured
  • document the Tenderly admin secret separately from holdings ADMIN_SECRET

Validation

  • bunx vitest run src/config/tenderly.test.ts api/tenderlyAccess.test.ts api/tenderly.helpers.test.ts
  • bunx vitest run api/tenderlyAccess.test.ts
  • bun run lint:fix
  • bun run tslint
  • bun run build

@rossgalloway
Harden Tenderly admin controls
762be05 
Require a local Tenderly admin secret for mutation routes and validate it before unlocking the control panel.

Add same-host origin handling for private previews, keep the mode toggle available when Tenderly is configured, and document the new TENDERLY_ADMIN_SECRET setting.
@vercel

vercel Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
yearnfi Ready Ready Preview, Comment May 19, 2026 11:07pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
yearnfi-nextjs Ignored Ignored May 19, 2026 11:07pm

Request Review

@github-actions

github-actions Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@rossgalloway rossgalloway marked this pull request as ready for review May 20, 2026 18:55
@rossgalloway rossgalloway requested a review from w84april May 20, 2026 19:34
@rossgalloway rossgalloway mentioned this pull request May 21, 2026
Open
@rossgalloway

rossgalloway commented May 21, 2026

Copy link
Copy Markdown
Collaborator Author

Closing this PR because it has been superseded by the grouped remediation flow.

The Tenderly admin hardening is now covered by the grouped Tenderly local/admin boundary remediation.

Replacement:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@w84april w84april Awaiting requested review from w84april

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rossgalloway