Opus
ALLOWED_ORIGIN defaults to '*' but Access-Control-Allow-Credentials is always 'true'
- agent/src/api.ts:47-60
When DASHBOARD_ORIGIN is not set, ALLOWED_ORIGIN === '*' but the response also sets `access-control-allow-credentials: true`. Browsers reject this combination (cookies/auth headers won't be sent), and more importantly, hosting providers/load balancers that allow this header will accept cross-origin credentialed requests from anywhere, expanding attack surface for SIWE replay or CSRF if cookies are added later. The agent admin endpoints (POST /api/mode, /api/proposals/.../reject) could be hit cross-origin.
Recommendation
Reflect the request Origin only when it matches an allowlist, or refuse to emit Allow-Credentials when Allow-Origin is '*'. At minimum, default ALLOWED_ORIGIN to a safe value rather than '*'.