mayros security

Security tools (audit + optional fixes).

Related:

Audit

bash
mayros security audit
mayros security audit --deep
mayros security audit --fix
mayros security audit --json

The audit warns when multiple DM senders share the main session and recommends secure DM mode: session.dmScope="per-channel-peer" (or per-account-channel-peer for multi-account channels) for shared inboxes. This is for cooperative/shared inbox hardening. A single Gateway shared by mutually untrusted/adversarial operators is not a recommended setup; split trust boundaries with separate gateways (or separate OS users/hosts). It also warns when small models (<=300B) are used without sandboxing and with web/browser tools enabled. For webhook ingress, it warns when hooks.defaultSessionKey is unset, when request sessionKey overrides are enabled, and when overrides are enabled without hooks.allowedSessionKeyPrefixes. It also warns when sandbox Docker settings are configured while sandbox mode is off, when gateway.nodes.denyCommands uses ineffective pattern-like/unknown entries, when global tools.profile="minimal" is overridden by agent tool profiles, and when installed extension plugin tools may be reachable under permissive tool policy. It also warns when sandbox browser uses Docker bridge network without sandbox.browser.cdpSourceRange. It also warns when existing sandbox browser Docker containers have missing/stale hash labels (for example pre-migration containers missing mayros.browserConfigEpoch) and recommends mayros sandbox recreate --browser --all. It also warns when npm-based plugin/hook install records are unpinned, missing integrity metadata, or drift from currently installed package versions. It warns when gateway.auth.mode="none" leaves Gateway HTTP APIs reachable without a shared secret (/tools/invoke plus any enabled /v1/* endpoint).

JSON output

Use --json for CI/policy checks:

bash
mayros security audit --json | jq '.summary'
mayros security audit --deep --json | jq '.findings[] | select(.severity=="critical") | .checkId'

If --fix and --json are combined, output includes both fix actions and final report:

bash
mayros security audit --fix --json | jq '{fix: .fix.ok, summary: .report.summary}'

What --fix changes

--fix applies safe, deterministic remediations:

  • flips common groupPolicy="open" to groupPolicy="allowlist" (including account variants in supported channels)
  • sets logging.redactSensitive from "off" to "tools"
  • tightens permissions for state/config and common sensitive files (credentials/*.json, auth-profiles.json, sessions.json, session *.jsonl)

--fix does not:

  • rotate tokens/passwords/API keys
  • disable tools (gateway, cron, exec, etc.)
  • change gateway bind/auth/network exposure choices
  • remove or rewrite plugins/skills