Securing Your Router

IP whitelist

The whitelist is an allow-list. An empty list means no enforcement: every request from any IP that can reach the TCP port is accepted. Adding a single IP switches the router into enforcement mode — only the listed IPs can reach ui.sock-served routes through TCP.

Requests arriving on the Unix socket itself are always accepted, because a caller that can write to the socket is already inside the trust boundary.

The list is stored as a comma-separated string in the hero_proc secret ADMIN_SECRETS. Manage it from the Admin tab or directly with the CLI:

hero_router access list # show current whitelist
hero_router access add 10.0.0.5 # add an IP (switches enforcement on)
hero_router access remove 10.0.0.5 # remove a single IP
hero_router access clear # delete the secret (reverts to open access)

Pass --context <N> to any subcommand when operating a non-default context.

SSH authorized_keys

The SSH key card is a CRUD surface on top of ~/.ssh/authorized_keys. The router does not run sshd itself — it just manages the key file for whatever SSH daemon is listening on the same host. Keys are parsed and validated against known algorithms (ed25519, RSA, ECDSA and their certified variants) before being written atomically via rename(2).

Terminal access

Terminal sessions inherit the identity of the hero_proc process. Anyone who can open the Terminal tab can run any command that user can run. The minimum production defence is the IP whitelist plus a non-root hero_proc user.

Add OpenRPC Spec

Add any OpenRPC spec by local file path or HTTP(S) URL. It will be fetched, validated, and added to the sidebar.

Socket paths, local files, or HTTP(S) URLs.
Overrides the title from the spec.