fix: tighten file perms and enforce Slack ACL checks (#186)

- write config and cron store with 0600 instead of 0644 - check allow list in Slack slash commands and app mentions - pass workspace restrict flag to cron exec tool Closes #179
2026-02-16 16:06:39 +08:00
parent 17685da584
commit 5c321a90de
7 changed files with 86 additions and 7 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -370,7 +370,7 @@ func SaveConfig(path string, cfg *Config) error {
 		return err
 	}

-	return os.WriteFile(path, data, 0644)
+	return os.WriteFile(path, data, 0600)
 }

 func (c *Config) WorkspacePath() string {