security: patch OACP reader vulnerability and implement HMAC foundations

2026-04-08 20:14:57 -04:00
parent 7e14f49204
commit 1cd283ccb3
5 changed files with 124 additions and 50 deletions
--- a/.env.example
+++ b/.env.example
@@ -41,3 +41,7 @@ SYSTEM_DIR="/memex/system"
 MEMEX_USER="YourName"
 MEMEX_ASSISTANT="AgentName"
 RECIPIENT_ID="+1..." # For Signal/Telegram delivery
+
+# OACP Integrity & Authentication (HMAC-SHA256)
+OACP_ENFORCE_HMAC=false
+OACP_HMAC_SECRET="change-this-to-a-secure-random-string"