12118ac4ec
fix(security): resolve Critical+High findings from module audit — agent, translate, superset_client
...
P0 — CRITICAL (CWE-798): JWT_SECRET crash-early
Replace hardcoded super-secret-key fallback with os.environ["JWT_SECRET"]
and ${JWT_SECRET:?} syntax in app.py + docker-compose files
P1 — HIGH: Frontend dependency CVEs
Upgrade svelte 5.43.8 → 5.56.4 — resolves devalue DoS (GHSA-g2pg-6438-jwpf)
and svelte XSS (GHSA-crpf-4hrx-3jrp, GHSA-m56q-vw4c-c2cp, GHSA-rcqx-6q8c-2c42)
P2 — MEDIUM: Logging hygiene + contract gaps + tool resolver refactor
Apply _redact_sensitive_fields() in middleware + event streaming
Truncate LLM error body to 100 chars
Add @RATIONALE/@REJECTED to HandleResume + SaveConversation
Refactor deterministic intent matching → LLM-driven tool resolution
P3 — LOW: Translate logging hardening
Move _sanitize_url() to _utils.py (shared, no circular imports)
Sanitize base_url before logging in _llm_call.py and _llm_async_http.py
Emit EXPLORE warning when LLM_SSL_VERIFY=false disables TLS
superset_client module: passed clean — no changes needed
2026-07-01 13:17:29 +03:00
ba8dc2f8c6
fix(package-lock): correct @adobe/css-tools typo (csuperset-tools → css-tools)
2026-06-16 12:03:12 +03:00
de87739eab
chore: cleanup tracked junk + commit remaining test fixes
...
.gitignore:
- Add .duckdb semantic index binaries
- Add .axiom/temp/ pytest artifacts
- Add e2e_*.png screenshots
- Remove tracked package-lock.json (already in gitignore)
Untrack junk (git rm --cached):
- 3 duckdb binary index files
- 18 pytest temp artifacts
- 12 e2e screenshots
- package-lock.json
Test fixes (decomposition follow-up):
- executor test mock paths
- orchestrator test mock paths
- preview test mock paths
- orthogonal fixes test mock paths
- git_manager integration test
- settings_page integration test
- settings-utils fix
2026-05-17 19:22:09 +03:00
9b8c485562
chore: configure ruff + eslint linters for agentic workflow
...
- Replace pylint with ruff (backend/ruff.toml)
- line-length=300, max-complexity=10, per-file-ignores for tests
- Exclude D (docstrings replaced by contracts) and ANN
- Add eslint flat config for frontend (eslint-plugin-svelte)
- Allow console.info/warn/error (belief-state protocol)
- Remove .pylintrc (references non-existent plugin)
- Update agent docs: ruff check . + npm run lint
- Add ruff>=0.11.0 to backend/requirements.txt
- Add eslint + plugins to frontend devDependencies
2026-05-14 10:28:30 +03:00
d89c92ad35
tests ready
2026-02-19 13:33:20 +03:00
5fa283a6e0
semantics update
2026-01-13 09:11:27 +03:00
7331b8d6e8
backup worked
2025-12-30 22:02:51 +03:00
f3822bf344
feat: integrate SvelteKit for seamless navigation and improved data loading
2025-12-20 22:41:23 +03:00
2d8cae563f
feat: implement plugin architecture and application settings with Svelte UI
...
- Added plugin base and loader for backend extensibility
- Implemented application settings management with config persistence
- Created Svelte-based frontend with Dashboard and Settings pages
- Added API routes for plugins, tasks, and settings
- Updated documentation and specifications
- Improved project structure and developer tools
2025-12-20 20:48:18 +03:00
ce703322c2
WIP: Staged all changes
2025-12-19 22:40:28 +03:00