the universal sandbox runtime for agents and humans.
pocketenv.io
sandbox
openclaw
agent
claude-code
vercel-sandbox
deno-sandbox
cloudflare-sandbox
atproto
sprites
daytona
Reject requests with invalid JWT even on root
Do not allow an invalid JWT to bypass auth for the root path. The
root-path skip is now only taken when no token is present, so failed
verification returns Unauthorized.
+4
-4
+4
-4
apps/sandbox/src/index.ts
+4
-4
apps/sandbox/src/index.ts
···
41
41
const decoded = await jwt.verify(token, process.env.JWT_SECRET!);
42
42
c.set("did", decoded?.payload.sub);
43
43
} catch (err) {
44
-
if (c.req.path === "/") {
45
-
await next();
46
-
return;
47
-
}
48
44
consola.error("JWT verification failed:", err);
49
45
return c.json({ error: "Unauthorized" }, 401);
50
46
}
51
47
} else {
48
+
if (c.req.path === "/") {
49
+
await next();
50
+
return;
51
+
}
52
52
return c.json({ error: "Unauthorized" }, 401);
53
53
}
54
54
await next();