From ac5b81453673c5950d131cf999c0874fefc0d68a Mon Sep 17 00:00:00 2001
From: Rodrigo Rodriguez <me@rodrigorodriguez.com>
Date: Thu, 19 Feb 2026 12:06:05 +0000
Subject: [PATCH] fix(security): Fix unsafe code, CORS logic, and expect usage

---
 src/core/shared/utils.rs | 2 +-
 src/llm/rate_limiter.rs  | 2 +-
 src/security/cors.rs     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/core/shared/utils.rs b/src/core/shared/utils.rs
index 6d5ac328d..bab2bae9a 100644
--- a/src/core/shared/utils.rs
+++ b/src/core/shared/utils.rs
@@ -199,7 +199,7 @@ pub async fn download_file(url: &str, output_path: &str) -> Result<(), anyhow::E
             let pb = ProgressBar::new(total_size);
             pb.set_style(ProgressStyle::default_bar()
                 .template("{msg}\n{spinner:.green} [{elapsed_precise}] [{bar:40.cyan/blue}] {bytes}/{total_bytes} ({eta})")
-                .expect("Invalid progress bar template")
+                .unwrap_or(ProgressStyle::default_bar())
                 .progress_chars("#>-"));
             pb.set_message(format!("Downloading {}", url));
             let mut file = TokioFile::create(&output_path).await?;
diff --git a/src/llm/rate_limiter.rs b/src/llm/rate_limiter.rs
index f2ee24d4d..1e4b99597 100644
--- a/src/llm/rate_limiter.rs
+++ b/src/llm/rate_limiter.rs
@@ -96,7 +96,7 @@ impl ApiRateLimiter {
     pub fn new(limits: RateLimits) -> Self {
         // Requests per minute limiter
         let rpm_quota = NonZeroU32::new(limits.requests_per_minute)
-            .unwrap_or_else(|| unsafe { NonZeroU32::new_unchecked(1) });
+            .unwrap_or_else(|| NonZeroU32::new(1).unwrap());
         let requests_per_minute = Arc::new(RateLimiter::direct(Quota::per_minute(rpm_quota)));
 
         // Tokens per minute (using semaphore as we need to track token count)
diff --git a/src/security/cors.rs b/src/security/cors.rs
index 226819cd0..290c32f26 100644
--- a/src/security/cors.rs
+++ b/src/security/cors.rs
@@ -308,7 +308,7 @@ fn is_valid_origin_format(origin: &str) -> bool {
         return false;
     }
 
-    if origin.contains("..") || origin.contains("//", ) && origin.matches("//").count() > 1 {
+    if origin.contains("..") || origin.matches("//").count() > 1 {
         return false;
     }