src,permission: add --allow-inspector ability#59711

RafaelGSS · 2025-09-01T20:23:12Z

Refs: #48534

Remaining questions:

How should it behave when connecting through a Websocket? Should the net permissions deny this access?
- Answer: We no longer create the InspectorIO thread when no --allow-inspector

The test case I included makes sure we won't reintroduce 3df13d5

cc: @nodejs/security-wg

Refs: nodejs#48534

nodejs-github-bot · 2025-09-01T20:23:17Z

Review requested:

@nodejs/config
@nodejs/security-wg

codecov · 2025-09-01T21:22:19Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.26%. Comparing base (255dd7b) to head (350d7ef).
⚠️ Report is 303 commits behind head on main.

Additional details and impacted files

@@ Coverage Diff @@## main #59711 +/- ## ========================================== - Coverage 89.93% 88.26% -1.68%  ========================================== Files 667 701 +34 Lines 196790 206759 +9969 Branches 38423 39757 +1334 ========================================== + Hits 176982 182494 +5512 - Misses 12240 16281 +4041 - Partials 7568 7984 +416

Files with missing lines	Coverage Δ
lib/internal/process/permission.js	`77.08% <100.00%> (+0.48%)`	⬆️
lib/internal/process/pre_execution.js	`98.51% <100.00%> (+2.03%)`	⬆️
src/env.cc	`80.80% <100.00%> (-0.08%)`	⬇️
src/node_options.cc	`77.89% <100.00%> (-6.45%)`	⬇️
src/node_options.h	`97.90% <100.00%> (+0.02%)`	⬆️

... and 125 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

nodejs-github-bot · 2025-09-02T19:46:18Z

CI: https://ci.nodejs.org/job/node-test-pull-request/69009/

nodejs-github-bot · 2025-09-07T22:06:27Z

CI: https://ci.nodejs.org/job/node-test-pull-request/69122/

nodejs-github-bot · 2025-09-08T16:08:19Z

CI: https://ci.nodejs.org/job/node-test-pull-request/69133/

RafaelGSS · 2025-09-08T19:46:59Z

Ready to review @nodejs/security-wg

nodejs-github-bot · 2025-09-08T20:36:52Z

CI: https://ci.nodejs.org/job/node-test-pull-request/69140/

nodejs-github-bot · 2025-09-09T17:02:57Z

CI: https://ci.nodejs.org/job/node-test-pull-request/69161/

santigimeno

LGTM with a nit.

santigimeno · 2025-09-11T19:43:45Z

lib/internal/process/permission.js

 '--allow-net',
+'--allow-inspector',


Use alphabetical order here?
Suggested change
'--allow-net',
'--allow-inspector',
'--allow-inspector',
'--allow-net',

Will do it in a follow-up PR so I don't need to re-run the tests

nodejs-github-bot · 2025-09-11T20:10:04Z

Landed in 29738c7

targos · 2025-09-12T14:44:47Z

There are many conflicts with v24.x-staging.

Refs: nodejs#48534 PR-URL: nodejs#59711 Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Signed-off-by: RafaelGSS <[email protected]>

Refs: #48534 PR-URL: #59711 Backport-PR-URL: #60248 Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Signed-off-by: RafaelGSS <[email protected]>

Notable changes: http: * (SEMVER-MINOR) add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 lib: * (SEMVER-MINOR) add options to util.deprecate (Rafael Gonzaga) #59982 module: * (SEMVER-MINOR) mark type stripping as stable (Marco Ippolito) #60600 node-api: * (SEMVER-MINOR) add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 sqlite: * (SEMVER-MINOR) allow setting defensive flag (Bart Louwers) #60217 src: * (SEMVER-MINOR) add watch config namespace (Marco Ippolito) #60178 * (SEMVER-MINOR) add an option to make compile cache portable (Aditi) #58797 src,permission: * (SEMVER-MINOR) add --allow-inspector ability (Rafael Gonzaga) #59711 v8: * (SEMVER-MINOR) add cpu profile (theanarkh) #59807 PR-URL: #61001

a2425rdl · 2025-12-18T16:58:52Z

Great

a2425rdl · 2025-12-18T16:58:54Z

Great

src,permission: add --allow-inspector ability
23cb9f3
Refs: nodejs#48534

RafaelGSS added the permission Issues and PRs related to the Permission Model label Sep 1, 2025

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Sep 1, 2025

RafaelGSS added the semver-minor PRs that contain new features and should be released in the next minor version. label Sep 2, 2025

fixup! src,permission: add --allow-inspector ability
350d7ef

RafaelGSS added the review wanted PRs that need reviews. label Sep 9, 2025

santigimeno approved these changes Sep 11, 2025
View reviewed changes

juanarbol approved these changes Sep 11, 2025
View reviewed changes

RafaelGSS added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue Add this label to land a pull request using GitHub Actions. labels Sep 11, 2025

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Sep 11, 2025

nodejs-github-bot merged commit 29738c7 into nodejs:mainSep 11, 2025
64 of 65 checks passed

targos added the backport-requested-v24.x PRs awaiting manual backport to the v24.x-staging branch. label Sep 12, 2025

This was referenced Oct 9, 2025
2025-10-15, Version 25.0.0 (Current) #59896
Merged
Option to enable inspection mode along with permission model #48534
Closed

RafaelGSS mentioned this pull request Oct 13, 2025
[v24.x] src,permission: add --allow-inspector ability #60248
Closed

RafaelGSS removed the backport-requested-v24.x PRs awaiting manual backport to the v24.x-staging branch. label Oct 13, 2025

RafaelGSS added the backport-open-v24.x Indicate that the PR has an open backport label Oct 13, 2025

github-actionsbot mentioned this pull request Dec 9, 2025
2025-12-10, Version 24.12.0 'Krypton' (LTS) #61001
Merged

This was referenced Jan 3, 2026
chore(nix): update flake.lock (deno, git, go +3 more) i9wa4/dotfiles#76
Closed
chore(nix): update flake.lock (act, actionlint, awscli2 +25 more) i9wa4/dotfiles#79
Closed

Uh oh!

src,permission: add --allow-inspector ability#59711

src,permission: add --allow-inspector ability #59711

Uh oh!

Conversation

RafaelGSS commented Sep 1, 2025• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Sep 1, 2025

Uh oh!

codecovbot commented Sep 1, 2025• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

nodejs-github-bot commented Sep 2, 2025

Uh oh!

nodejs-github-bot commented Sep 7, 2025

Uh oh!

nodejs-github-bot commented Sep 8, 2025

Uh oh!

RafaelGSS commented Sep 8, 2025• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Sep 8, 2025

Uh oh!

nodejs-github-bot commented Sep 9, 2025

Uh oh!

santigimeno left a comment

Choose a reason for hiding this comment

Uh oh!

santigimenoSep 11, 2025

Choose a reason for hiding this comment

Uh oh!

RafaelGSSSep 11, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

nodejs-github-bot commented Sep 11, 2025

Uh oh!

targos commented Sep 12, 2025

Uh oh!

a2425rdl commented Dec 18, 2025

Uh oh!

a2425rdl commented Dec 18, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

RafaelGSS commented Sep 1, 2025•
edited
Loading

codecovbot commented Sep 1, 2025•
edited
Loading

RafaelGSS commented Sep 8, 2025•
edited
Loading