fix(security): resolve Critical+High findings from module audit — agent, translate, superset_client

P0 — CRITICAL (CWE-798): JWT_SECRET crash-early
  Replace hardcoded super-secret-key fallback with os.environ["JWT_SECRET"]
  and ${JWT_SECRET:?} syntax in app.py + docker-compose files

P1 — HIGH: Frontend dependency CVEs
  Upgrade svelte 5.43.8 → 5.56.4 — resolves devalue DoS (GHSA-g2pg-6438-jwpf)
  and svelte XSS (GHSA-crpf-4hrx-3jrp, GHSA-m56q-vw4c-c2cp, GHSA-rcqx-6q8c-2c42)

P2 — MEDIUM: Logging hygiene + contract gaps + tool resolver refactor
  Apply _redact_sensitive_fields() in middleware + event streaming
  Truncate LLM error body to 100 chars
  Add @RATIONALE/@REJECTED to HandleResume + SaveConversation
  Refactor deterministic intent matching → LLM-driven tool resolution

P3 — LOW: Translate logging hardening
  Move _sanitize_url() to _utils.py (shared, no circular imports)
  Sanitize base_url before logging in _llm_call.py and _llm_async_http.py
  Emit EXPLORE warning when LLM_SSL_VERIFY=false disables TLS

superset_client module: passed clean — no changes needed
This commit is contained in:
2026-07-01 13:17:29 +03:00
parent 1e24452b1a
commit 12118ac4ec
21 changed files with 871 additions and 336 deletions

View File

@@ -21,7 +21,9 @@ from typing import Any
import httpx
from ...core.cot_logger import log
from ...core.logger import logger
from ._utils import _sanitize_url
# Module-level httpx client, lazily initialized for connection reuse
_http_client: httpx.AsyncClient | None = None
@@ -57,8 +59,13 @@ def _get_verify() -> ssl.SSLContext | bool:
async def _get_http_client() -> httpx.AsyncClient:
global _http_client
if _http_client is None:
ssl_verify = _get_verify()
if ssl_verify is False:
log("LLMAsyncHttpClient", "EXPLORE",
"TLS verification disabled via LLM_SSL_VERIFY=false",
error="TLS verification disabled — traffic to LLM provider is unencrypted")
_http_client = httpx.AsyncClient(
verify=_get_verify(),
verify=ssl_verify,
timeout=httpx.Timeout(180.0),
)
return _http_client
@@ -117,7 +124,7 @@ async def call_openai_compatible(
payload["max_tokens"] = max_tokens
logger.reason(
f"LLM request url={base_url} model={payload.get('model')} "
f"LLM request url={_sanitize_url(base_url)} model={payload.get('model')} "
f"provider_type={provider_type} "
f"response_format={'yes' if 'response_format' in payload else 'no'} "
f"prompt_len={len(prompt)}"