Commit Graph

10 Commits

Author SHA1 Message Date
12118ac4ec fix(security): resolve Critical+High findings from module audit — agent, translate, superset_client
P0 — CRITICAL (CWE-798): JWT_SECRET crash-early
  Replace hardcoded super-secret-key fallback with os.environ["JWT_SECRET"]
  and ${JWT_SECRET:?} syntax in app.py + docker-compose files

P1 — HIGH: Frontend dependency CVEs
  Upgrade svelte 5.43.8 → 5.56.4 — resolves devalue DoS (GHSA-g2pg-6438-jwpf)
  and svelte XSS (GHSA-crpf-4hrx-3jrp, GHSA-m56q-vw4c-c2cp, GHSA-rcqx-6q8c-2c42)

P2 — MEDIUM: Logging hygiene + contract gaps + tool resolver refactor
  Apply _redact_sensitive_fields() in middleware + event streaming
  Truncate LLM error body to 100 chars
  Add @RATIONALE/@REJECTED to HandleResume + SaveConversation
  Refactor deterministic intent matching → LLM-driven tool resolution

P3 — LOW: Translate logging hardening
  Move _sanitize_url() to _utils.py (shared, no circular imports)
  Sanitize base_url before logging in _llm_call.py and _llm_async_http.py
  Emit EXPLORE warning when LLM_SSL_VERIFY=false disables TLS

superset_client module: passed clean — no changes needed
2026-07-01 13:17:29 +03:00
ba8dc2f8c6 fix(package-lock): correct @adobe/css-tools typo (csuperset-tools → css-tools) 2026-06-16 12:03:12 +03:00
de87739eab chore: cleanup tracked junk + commit remaining test fixes
.gitignore:
- Add .duckdb semantic index binaries
- Add .axiom/temp/ pytest artifacts
- Add e2e_*.png screenshots
- Remove tracked package-lock.json (already in gitignore)

Untrack junk (git rm --cached):
- 3 duckdb binary index files
- 18 pytest temp artifacts
- 12 e2e screenshots
- package-lock.json

Test fixes (decomposition follow-up):
- executor test mock paths
- orchestrator test mock paths
- preview test mock paths
- orthogonal fixes test mock paths
- git_manager integration test
- settings_page integration test
- settings-utils fix
2026-05-17 19:22:09 +03:00
9b8c485562 chore: configure ruff + eslint linters for agentic workflow
- Replace pylint with ruff (backend/ruff.toml)
  - line-length=300, max-complexity=10, per-file-ignores for tests
  - Exclude D (docstrings replaced by contracts) and ANN
- Add eslint flat config for frontend (eslint-plugin-svelte)
  - Allow console.info/warn/error (belief-state protocol)
- Remove .pylintrc (references non-existent plugin)
- Update agent docs: ruff check . + npm run lint
- Add ruff>=0.11.0 to backend/requirements.txt
- Add eslint + plugins to frontend devDependencies
2026-05-14 10:28:30 +03:00
d89c92ad35 tests ready 2026-02-19 13:33:20 +03:00
5fa283a6e0 semantics update 2026-01-13 09:11:27 +03:00
7331b8d6e8 backup worked 2025-12-30 22:02:51 +03:00
f3822bf344 feat: integrate SvelteKit for seamless navigation and improved data loading 2025-12-20 22:41:23 +03:00
2d8cae563f feat: implement plugin architecture and application settings with Svelte UI
- Added plugin base and loader for backend extensibility
- Implemented application settings management with config persistence
- Created Svelte-based frontend with Dashboard and Settings pages
- Added API routes for plugins, tasks, and settings
- Updated documentation and specifications
- Improved project structure and developer tools
2025-12-20 20:48:18 +03:00
ce703322c2 WIP: Staged all changes 2025-12-19 22:40:28 +03:00