#23403: Discovery: gate non-loopback full mDNS mode
docs
gateway
size: S
trusted-contributor
Cluster:
Gateway and TLS Enhancements
## Summary
- enforce effective mDNS discovery mode for non-loopback binds:
- keep `minimal` as safe default
- require `OPENCLAW_DISCOVERY_ALLOW_FULL_MDNS=1` to honor `discovery.mdns.mode="full"`
- otherwise fall back to `minimal` with an explicit warning
- thread gateway bind mode into discovery runtime mode resolution
- add audit findings for `discovery.mdns.mode="full"` on non-loopback binds:
- `critical` when unconfirmed
- `warn` when explicitly confirmed
- add unit tests for discovery mode resolution and audit checks
- update discovery/security docs with the new explicit-confirm behavior
## Testing
- pnpm test src/gateway/server-discovery-runtime.test.ts src/gateway/server-discovery.test.ts
- pnpm exec vitest run src/security/audit.test.ts -t "mDNS full mode"
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
enforced explicit confirmation for mDNS full mode on non-loopback binds via `OPENCLAW_DISCOVERY_ALLOW_FULL_MDNS=1`, with runtime fallback to minimal mode when unconfirmed
- added `resolveEffectiveMdnsMode` to gate full mode on non-loopback binds
- added security audit checks for unconfirmed (`critical`) and confirmed (`warn`) full mode on non-loopback binds
- added comprehensive unit tests for mode resolution and audit checks
- updated docs with explicit-confirm behavior
**Issue found:** wide-area discovery path (line 121) bypasses the minimal mode check by calling `resolveBonjourCliPath()` directly instead of using the `cliPath` variable computed on line 72, exposing CLI path metadata even in minimal mode
<h3>Confidence Score: 3/5</h3>
- safe to merge with one logic bug that needs fixing
- implementation correctly gates mDNS full mode for the Bonjour path, but the wide-area discovery path bypasses this check and leaks `cliPath` metadata even in minimal mode; comprehensive test coverage for the main code path but no tests for wide-area discovery behavior
- src/gateway/server-discovery-runtime.ts:121 (logic bug in wide-area discovery path)
<sub>Last reviewed commit: 2b01a6f</sub>
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#4653: fix(gateway): improve crash resilience for mDNS and network errors
by AyedAlmudarra · 2026-01-30
76.3%
#11455: fix(gateway): default gateway.mode to local when unset
by AnonO6 · 2026-02-07
73.8%
#15907: fix(discovery): propagate TLS fingerprint through gateway discovery...
by coygeek · 2026-02-14
72.8%
#17257: fix(bonjour): stop mDNS flood on multi-NIC same-LAN setups (#17222)
by yinghaosang · 2026-02-15
72.7%
#22682: fix(gateway): [P0] status probe ignores gateway.tls.enabled — hardc...
by mahsumaktas · 2026-02-21
72.0%
#22227: fix(security): harden gateway auth — audit logging, pairing, mode v...
by novalis133 · 2026-02-20
71.4%
#6770: fix(gateway): protect host-local transport fields from config.patch
by ryx2 · 2026-02-02
71.2%
#22056: fix(gateway): use loopback for self-connections regardless of bind ...
by usedhonda · 2026-02-20
71.1%
#22804: fix: prioritize loopback for internal gateway calls (issue #22706)
by ambicuity · 2026-02-21
71.1%
#14564: fix(gateway): crashes on startup when tailscale meets non-loopback ...
by yinghaosang · 2026-02-12
71.0%