feat(ui): migrate desktop environment to Window Manager

- Updated UI.md with the completed specification and status - Synced botui submodule with new desktop.html and window-manager.js implementation - Synced botserver submodule with latest changes
2026-02-24 19:02:48 -03:00 · 2026-02-24 19:02:48 -03:00 · c3c235f8c4
commit c3c235f8c4
parent 19b4a20a02
6 changed files with 850 additions and 2 deletions
--- a/SECURITY_CHECKLIST.md
+++ b/SECURITY_CHECKLIST.md
@ -0,0 +1,156 @@
 # General Bots Security Checklist
 ## Critical (P1) - Must Fix Immediately
 ### Authentication & Authorization
 - [ ] **SecurityManager Integration** - Initialize in bootstrap
 - [ ] **CSRF Protection** - Enable for all state-changing endpoints
 - [ ] **Error Handling** - Replace all `unwrap()`/`expect()` calls
 - [ ] **Security Headers** - Apply to all HTTP routes
 ### Data Protection
 - [ ] **TLS/MTLS** - Ensure certificates are generated and validated
 - [ ] **SafeCommand Usage** - Replace all `Command::new()` calls
 - [ ] **Error Sanitization** - Use `ErrorSanitizer` for all HTTP errors
 ## High Priority (P2) - Fix Within 2 Weeks
 ### Authentication
 - [ ] **Passkey Support** - Complete WebAuthn implementation
 - [ ] **MFA Enhancement** - Add backup codes and recovery flows
 - [ ] **API Key Management** - Implement rotation and expiration
 ### Monitoring & Detection
 - [ ] **Security Monitoring** - Integrate `SecurityMonitor` with app events
 - [ ] **DLP Policies** - Configure default policies for PII/PCI/PHI
 - [ ] **Rate Limiting** - Apply consistent limits across all endpoints
 ## Medium Priority (P3) - Fix Within 1 Month
 ### Infrastructure
 - [ ] **Certificate Management** - Add expiration monitoring and auto-renewal
 - [ ] **Audit Logging** - Ensure comprehensive coverage
 - [ ] **Security Testing** - Create dedicated test suite
 ### Compliance
 - [ ] **Security Documentation** - Update policies and procedures
 - [ ] **Compliance Mapping** - Map controls to SOC2/GDPR/ISO27001
 - [ ] **Evidence Collection** - Implement automated evidence gathering
 ## Quick Wins (Can be done today)
 ### Code Quality
 - [ ] Run `cargo clippy --workspace` and fix all warnings
 - [ ] Use `cargo audit` to check for vulnerable dependencies
 - [ ] Replace 10 `unwrap()` calls with proper error handling
 ### Configuration
 - [ ] Check `.env` files for hardcoded secrets (move to `/tmp/`)
 - [ ] Verify `botserver-stack/conf/` permissions
 - [ ] Review `Cargo.toml` for unnecessary dependencies
 ### Testing
 - [ ] Test authentication flows with invalid credentials
 - [ ] Verify CSRF tokens are required for POST/PUT/DELETE
 - [ ] Check security headers on main endpoints
 ## Daily Security Tasks
 ### Morning Check
 - [ ] Review `botserver.log` for security events
 - [ ] Check `cargo audit` for new vulnerabilities
 - [ ] Monitor failed login attempts
 - [ ] Verify certificate expiration dates
 ### Ongoing Monitoring
 - [ ] Watch for unusual access patterns
 - [ ] Monitor DLP policy violations
 - [ ] Track security metric trends
 - [ ] Review audit logs for anomalies
 ### Weekly Tasks
 - [ ] Run full security scan with protection tools
 - [ ] Review and rotate any expiring credentials
 - [ ] Update security dependencies
 - [ ] Backup security configurations
 ## Emergency Response
 ### If you suspect a breach:
 1. **Isolate** - Disconnect affected systems
 2. **Preserve** - Don't delete logs or evidence
 3. **Document** - Record all actions and observations
 4. **Escalate** - Contact security team immediately
 5. **Contain** - Implement temporary security measures
 6. **Investigate** - Determine scope and impact
 7. **Remediate** - Fix vulnerabilities and restore services
 8. **Learn** - Update procedures to prevent recurrence
 ## Security Tools Commands
 ### Dependency Scanning
 ```bash
 cargo audit
 cargo deny check
 cargo geiger
 ```
 ### Code Analysis
 ```bash
 cargo clippy --workspace -- -D warnings
 cargo fmt --check
 ```
 ### Security Testing
 ```bash
 # Run security tests
 cargo test -p bottest --test security
 # Check for unsafe code
 cargo geiger --forbid
 # Audit dependencies
 cargo audit --deny warnings
 ```
 ### Protection Tools
 ```bash
 # Security scanning
 curl -X POST http://localhost:9000/api/security/protection/scan
 # Get security report
 curl http://localhost:9000/api/security/protection/report
 # Check tool status
 curl http://localhost:9000/api/security/protection/status
 ```
 ## Common Security Issues to Watch For
 ### 1. Hardcoded Secrets
 **Bad:** `password = "secret123"` in code
 **Good:** `password = env::var("DB_PASSWORD")?` from `/tmp/`
 ### 2. Unsafe Command Execution
 **Bad:** `Command::new("rm").arg("-rf").arg(user_input)`
 **Good:** `SafeCommand::new("rm")?.arg("-rf")?.arg(sanitized_input)?`
 ### 3. Missing Input Validation
 **Bad:** `format!("SELECT * FROM {}", user_table)`
 **Good:** `validate_table_name(&user_table)?; format!("SELECT * FROM {}", safe_table)`
 ### 4. Information Disclosure
 **Bad:** `Json(json!({ "error": e.to_string() }))`
 **Good:** `let sanitized = log_and_sanitize(&e, "context", None); (StatusCode::INTERNAL_SERVER_ERROR, sanitized)`
 ## Security Contact Information
 **Primary Contact:** security@pragmatismo.com.br  
 **Backup Contact:** Check `security.txt` at `/.well-known/security.txt`
 **Emergency Response:** Follow procedures in `botbook/src/12-auth/security-policy.md`
 ---
 *Last Updated: 2026-02-22*  
 *Review Frequency: Weekly*  
 *Next Review: 2026-03-01*
--- a/TASKS.md
+++ b/TASKS.md
@ -0,0 +1,367 @@
 # General Bots Security Review & Tasks
 **Date:** 2026-02-22  
 **Reviewer:** Kiro CLI Security Assessment  
 **Status:** IN PROGRESS
 ## Executive Summary
 General Bots has a comprehensive security architecture with 46 security modules covering authentication, authorization, encryption, monitoring, and compliance. However, several critical security gaps and implementation issues require immediate attention to meet enterprise security standards.
 ## Critical Security Issues (P1)
 ### 1. **Incomplete Security Manager Initialization**
 **Issue:** The `SecurityManager` struct exists but is not properly initialized in the main application bootstrap process.
 **Location:** `botserver/src/security/mod.rs`
 **Risk:** High - Missing TLS/MTLS, certificate management, and security headers enforcement.
 **Action Required:**
 - [ ] Integrate `SecurityManager::new()` and `initialize()` into `main_module::bootstrap.rs`
 - [ ] Ensure TLS/MTLS certificates are generated and validated on startup
 - [ ] Add security headers middleware to all HTTP routes
 ### 2. **Passkey Module Incomplete**
 **Issue:** Passkey module is commented out with TODO notes indicating incomplete implementation.
 **Location:** `botserver/src/security/mod.rs` (lines 23-27)
 **Risk:** Medium - Missing modern FIDO2/WebAuthn authentication support.
 **Action Required:**
 - [ ] Uncomment and implement passkey module
 - [ ] Add database schema for passkey storage
 - [ ] Implement WebAuthn registration and authentication flows
 - [ ] Add passkey management UI
 ### 3. **Missing Security Middleware Integration**
 **Issue:** Security middleware (CSRF, rate limiting, security headers) not consistently applied.
 **Location:** Route configuration files
 **Risk:** High - Exposed to CSRF attacks, brute force, and missing security headers.
 **Action Required:**
 - [ ] Apply `security_headers_middleware` to all routes
 - [ ] Implement `csrf_middleware` for state-changing endpoints
 - [ ] Add `rate_limit_middleware` with appropriate limits
 - [ ] Enable `rbac_middleware` for all protected resources
 ## High Priority Issues (P2)
 ### 4. **Inconsistent Error Handling**
 **Issue:** 955 instances of `unwrap()`/`expect()` in production code (per README.md).
 **Location:** Throughout codebase
 **Risk:** Medium - Potential panics exposing internal errors.
 **Action Required:**
 - [ ] Replace all `unwrap()` with proper error handling
 - [ ] Use `ErrorSanitizer::log_and_sanitize()` for all HTTP errors
 - [ ] Implement structured error responses
 ### 5. **Missing Security Monitoring Integration**
 **Issue:** `SecurityMonitor` exists but not integrated with application logging.
 **Location:** `botserver/src/security/security_monitoring.rs`
 **Risk:** Medium - Missing real-time threat detection.
 **Action Required:**
 - [ ] Integrate `SecurityMonitor` with application event system
 - [ ] Configure alert rules for suspicious activities
 - [ ] Add security dashboard to UI
 ### 6. **Incomplete DLP Implementation**
 **Issue:** Data Loss Prevention module exists but needs policy configuration.
 **Location:** `botserver/src/security/dlp.rs`
 **Risk:** Medium - Sensitive data exposure risk.
 **Action Required:**
 - [ ] Configure default DLP policies for PII, PCI, PHI
 - [ ] Add DLP scanning to file uploads and exports
 - [ ] Implement data classification system
 ## Medium Priority Issues (P3)
 ### 7. **Certificate Management Gaps**
 **Issue:** Certificate auto-generation but missing renewal monitoring.
 **Location:** `botserver/src/security/ca.rs`, `botserver/src/security/tls.rs`
 **Risk:** Medium - Certificate expiration could cause service disruption.
 **Action Required:**
 - [ ] Implement certificate expiration monitoring
 - [ ] Add automatic renewal process
 - [ ] Add certificate pinning for critical services
 ### 8. **Missing Security Testing**
 **Issue:** No dedicated security test suite.
 **Risk:** Medium - Undetected security vulnerabilities.
 **Action Required:**
 - [ ] Create security test module in `bottest/`
 - [ ] Add penetration testing scenarios
 - [ ] Implement security regression tests
 ### 9. **Incomplete Audit Logging**
 **Issue:** Audit system exists but needs comprehensive coverage.
 **Location:** `botserver/src/security/audit.rs`
 **Risk:** Low-Medium - Compliance gaps.
 **Action Required:**
 - [ ] Ensure all security events are logged
 - [ ] Add audit trail for data access and modifications
 - [ ] Implement audit log retention and export
 ## Implementation Tasks
 ### Phase 1: Critical Security Foundation (Week 1-2)
 #### Task 1.1: Security Manager Integration
 ```rust
 // In main_module/bootstrap.rs
 async fn initialize_security() -> Result<SecurityManager> {
    let security_config = SecurityConfig::default();
    let mut security_manager = SecurityManager::new(security_config)?;
    security_manager.initialize()?;
    Ok(security_manager)
 }
 ```
 #### Task 1.2: Security Middleware Setup
 ```rust
 // In route configuration
 let app = Router::new()
    .route("/api/*", api_routes)
    .layer(security_headers_middleware())
    .layer(csrf_middleware())
    .layer(rate_limit_middleware::create_default_rate_limit_layer())
    .layer(rbac_middleware());
 ```
 #### Task 1.3: Error Handling Cleanup
 - Use `cargo clippy --workspace` to identify all `unwrap()` calls
 - Create batch fix script for common patterns
 - Implement `SafeCommand` for all command executions
 ### Phase 2: Authentication & Authorization (Week 3-4)
 #### Task 2.1: Passkey Implementation
 - Uncomment passkey module
 - Add WebAuthn library dependency
 - Implement registration/authentication endpoints
 - Add passkey management UI
 #### Task 2.2: MFA Enhancement
 - Complete TOTP implementation
 - Add backup code management
 - Implement MFA enforcement policies
 - Add MFA recovery flows
 #### Task 2.3: API Key Management
 - Enhance `ApiKeyManager` with rotation policies
 - Add key usage analytics
 - Implement key expiration and revocation
 - Add API key audit logging
 ### Phase 3: Data Protection & Monitoring (Week 5-6)
 #### Task 3.1: DLP Policy Configuration
 ```rust
 // Default DLP policies
 let policies = vec![
    DlpPolicy::new("pii")
        .with_patterns(vec![
            r"\b\d{3}-\d{2}-\d{4}\b", // SSN
            r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b", // Email
        ])
        .with_action(DlpAction::Redact),
 ];
 ```
 #### Task 3.2: Security Monitoring Integration
 - Connect `SecurityMonitor` to application events
 - Configure alert thresholds
 - Add security dashboard
 - Implement incident response workflows
 #### Task 3.3: Certificate Management
 - Add certificate expiration alerts
 - Implement automatic renewal
 - Add certificate pinning
 - Create certificate inventory
 ### Phase 4: Testing & Compliance (Week 7-8)
 #### Task 4.1: Security Test Suite
 ```rust
 // In bottest/src/security/
 mod authentication_tests;
 mod authorization_tests;
 mod encryption_tests;
 mod injection_tests;
 mod rate_limit_tests;
 ```
 #### Task 4.2: Compliance Documentation
 - Update security policy documentation
 - Add compliance mapping (SOC2, ISO27001, GDPR)
 - Create security controls matrix
 - Implement evidence collection
 #### Task 4.3: Security Hardening
 - Apply security headers consistently
 - Implement CSP nonce generation
 - Add security.txt file
 - Configure security contact information
 ## Security Controls Matrix
 | Control Category | Implementation Status | Module | Priority |
 |-----------------|----------------------|--------|----------|
 | **Authentication** | ✅ Partial | `auth`, `jwt`, `mfa` | P1 |
 | **Authorization** | ✅ Good | `rbac_middleware`, `auth` | P2 |
 | **Encryption** | ✅ Good | `encryption`, `tls` | P2 |
 | **Input Validation** | ✅ Good | `validation`, `sql_guard` | P2 |
 | **Error Handling** | ❌ Poor | Throughout codebase | P1 |
 | **Audit Logging** | ✅ Partial | `audit` | P3 |
 | **Security Monitoring** | ✅ Partial | `security_monitoring` | P2 |
 | **Data Protection** | ✅ Partial | `dlp`, `secrets` | P2 |
 | **Certificate Management** | ✅ Partial | `ca`, `tls` | P3 |
 | **Security Headers** | ✅ Good | `headers` | P1 |
 | **Rate Limiting** | ✅ Good | `rate_limiter` | P2 |
 | **CSRF Protection** | ✅ Good | `csrf` | P1 |
 | **File Security** | ✅ Good | `file_validation`, `path_guard` | P3 |
 ## Dependencies & Tools
 ### Required Security Dependencies
 ```toml
 # Cargo.toml additions
 [dependencies]
 webauthn-rs = "0.4"  # For passkey support
 rpassword = "7.0"    # For secure password input
 argon2 = "0.5"       # Password hashing
 ring = "0.17"        # Cryptography
 rustls = "0.22"      # TLS implementation
 ```
 ### Security Testing Tools
 - `cargo audit` - Dependency vulnerability scanning
 - `cargo-deny` - License compliance
 - `cargo-geiger` - Unsafe code detection
 - OWASP ZAP - Web application security testing
 - `sqlmap` - SQL injection testing (for test environments)
 ## Monitoring & Alerting
 ### Security Metrics to Monitor
 1. **Authentication Metrics**
   - Failed login attempts per IP/user
   - MFA enrollment/completion rates
   - Session duration and renewal patterns
 2. **Authorization Metrics**
   - Permission denied events
   - Role assignment changes
   - Resource access patterns
 3. **Data Protection Metrics**
   - DLP policy violations
   - Encryption key rotations
   - Data access audit trails
 4. **System Security Metrics**
   - Certificate expiration dates
   - Security patch levels
   - Vulnerability scan results
 ### Alert Thresholds
 - **Critical:** >10 failed logins/minute from single IP
 - **High:** Certificate expires in <7 days
 - **Medium:** DLP violation on sensitive data
 - **Low:** Security header missing on endpoint
 ## Compliance Requirements
 ### SOC2 Type II Controls
 - [ ] CC6.1 - Logical access security software, infrastructure, and architectures
 - [ ] CC6.6 - Logical access to data is managed through identification and authentication
 - [ ] CC6.7 - Security procedures for transmission of data
 - [ ] CC6.8 - Incident management procedures
 ### GDPR Requirements
 - [ ] Article 32 - Security of processing
 - [ ] Article 33 - Notification of personal data breach
 - [ ] Article 35 - Data protection impact assessment
 ### ISO 27001 Controls
 - [ ] A.9 - Access control
 - [ ] A.10 - Cryptography
 - [ ] A.12 - Operations security
 - [ ] A.13 - Communications security
 - [ ] A.14 - System acquisition, development and maintenance
 - [ ] A.16 - Information security incident management
 ## Risk Assessment
 ### High Risk Areas
 1. **Missing Security Manager Integration** - Exposes all services to TLS/security header gaps
 2. **Incomplete Error Handling** - Potential information disclosure through panics
 3. **Lack of CSRF Protection** - Risk of cross-site request forgery attacks
 ### Medium Risk Areas
 1. **Incomplete Passkey Support** - Missing modern authentication method
 2. **Gaps in Security Monitoring** - Delayed threat detection
 3. **Certificate Management** - Risk of service disruption
 ### Low Risk Areas
 1. **Audit Logging Gaps** - Compliance issues but low security impact
 2. **Security Testing** - Quality issue but not immediate vulnerability
 ## Success Criteria
 ### Phase 1 Complete
 - [ ] SecurityManager fully integrated and initialized
 - [ ] All `unwrap()` calls replaced with proper error handling
 - [ ] Security headers applied to all routes
 - [ ] CSRF protection enabled for state-changing endpoints
 ### Phase 2 Complete
 - [ ] Passkey authentication implemented
 - [ ] MFA fully functional with backup codes
 - [ ] API key management with rotation policies
 - [ ] Rate limiting applied consistently
 ### Phase 3 Complete
 - [ ] DLP policies configured and active
 - [ ] Security monitoring integrated with alerts
 - [ ] Certificate management with auto-renewal
 - [ ] Security dashboard available in UI
 ### Phase 4 Complete
 - [ ] Security test suite passing
 - [ ] Compliance documentation updated
 - [ ] Security hardening completed
 - [ ] All critical vulnerabilities addressed
 ## Next Steps
 ### Immediate (Next 24 hours)
 1. Review and prioritize tasks with development team
 2. Assign owners for critical P1 issues
 3. Begin SecurityManager integration
 ### Short-term (Week 1)
 1. Complete error handling cleanup
 2. Implement security middleware
 3. Start passkey module implementation
 ### Medium-term (Month 1)
 1. Complete all P1 and P2 issues
 2. Implement security testing
 3. Update compliance documentation
 ### Long-term (Quarter 1)
 1. Complete all security tasks
 2. Conduct penetration testing
 3. Achieve security certification readiness
 ## References
 1. General Bots Security Policy: `botbook/src/12-auth/security-policy.md`
 2. Security API Documentation: `botbook/src/10-rest/security-api.md`
 3. Security Features Guide: `botbook/src/12-auth/security-features.md`
 4. Security Auditing Guide: `botbook/src/19-maintenance/security-auditing.md`
 5. SOC2 Compliance: `botbook/src/23-security/soc2-compliance.md`
 ## Contact
 **Security Team:** security@pragmatismo.com.br  
 **Emergency Contact:** Follow incident response procedures in security policy
 ---
 *This document will be updated as tasks are completed and new security requirements are identified.*
--- a/UI.md
+++ b/UI.md
@ -0,0 +1,196 @@
 # Web Desktop Environment Migration Plan (The "Windows" Vibe)
 ## 1. Project Overview & Vision
 We are migrating the entire UI suite to a Web Desktop Environment (WDE). The goal is to create a UI that feels like a modern, web-based operating system (inspired by Windows 95's spatial model but with modern Tailwind aesthetics like the `html3.html` prototype). 
 **Key Principles:**
 - **Vanilla JS + HTMX:** We will build a custom Window Manager in Vanilla JS (`window-manager.js`) rather than relying on outdated libraries like WinBox. HTMX will handle fetching the content *inside* the windows.
 - **Desktop Metaphor:** A main workspace with shortcut icons (Vibe, Tasks, Chat, Terminal, Explorer, Editor, Browser, Mail, Settings).
 - **Taskbar:** A bottom bar showing currently open applications, allowing users to switch between them, alongside a system tray and clock.
 - **Dynamic Windows:** Windows must be draggable, closable, minimizable, and maintain their state. The title bar must dynamically reflect the active view.
 - **App Renames:** 
  - `Mantis` is now **`Vibe`**
  - `Terminal` added to suite default features
  - `Browser` added to suite default features
  - `Editor` already in suite, add to default features
  - Note: Keep `Drive` as `Drive` (undo Explorer rename).
 This document provides a strictly detailed, step-by-step implementation guide so that any LLM or developer can execute it without ambiguity.
 ---
 ## 2. Architecture & File Structure
 ### Frontend Assets to Create:
 1. `ui/desktop.html` - The main shell containing the desktop background, desktop icons, and the empty taskbar.
 2. `js/window-manager.js` - The core engine. A JavaScript class responsible for DOM manipulation of windows.
 3. `css/desktop.css` - Custom styles for the grid background, scrollbars, and window animations (using Tailwind as the base).
 ### Backend (Botserver) Updates:
 - **State Management:** The backend needs to track the user's open windows, their positions, and sizes if we want persistence across reloads. Otherwise, local state (localStorage) is fine for V1.
 - **HTMX Endpoints:** Each app (Explorer, Vibe, Chat, etc.) must expose an endpoint that returns *only* the HTML fragment for the app's body, NOT a full HTML page.
 - **Theme Manager:** Needs to be updated to support the new desktop color schemes (e.g., brand-500 greens, transparent glass effects).
 ---
 ## 3. Step-by-Step Implementation Guide
 ### PHASE 1: The Shell (Desktop & Taskbar)
 **Goal:** Create the static HTML structure based on `html3.html`.
 **Tasks:**
 1. Create the main `desktop.html`.
 2. Implement the `workspace-bg` and `workspace-grid` using Tailwind and SVG.
 3. Add the left-side Desktop Icons. Each icon must have a `data-app-id` and `data-app-title` attribute.
   - Example: `<div class="desktop-icon" data-app-id="drive" data-app-title="Drive" hx-get="/app/drive" hx-target="#temp-buffer" hx-swap="none">...</div>`
 4. Create the Bottom Taskbar `<footer id="taskbar">`. It needs an empty container `<div id="taskbar-apps"></div>` to hold icons of open apps.
 ### PHASE 2: The Window Manager Engine (`window-manager.js`)
 **Goal:** Build a robust, vanilla JavaScript class `WindowManager` to handle floating UI panels that feels as native, smooth, and feature-rich as WinBox.
 **Core Requirements for `window-manager.js`:**
 1. **State & Z-Index Management:** Keep an array of `openWindows = []`. Track the `activeWindowId`. Clicking any window must bring it to the front by updating its z-index (stacking context) and highlighting its taskbar icon.
 2. **`createWindow(appId, title, initialContent)` method:**
   - Generates the DOM nodes for a floating window.
   - Includes a Title Bar (drag handle, dynamic title, minimize, maximize, close buttons).
   - Includes invisible 8px borders around the window for **resizing** (N, S, E, W, NE, NW, SE, SW).
   - Appends it to the `#workspace` container and its icon to the `#taskbar-apps` container.
 3. **Advanced Drag & Drop (The "WinBox" Feel):**
   - **Smooth Dragging:** Use `requestAnimationFrame` for drag rendering to prevent lag.
   - **Boundary Constraints:** Prevent windows from being dragged completely out of the viewport. At least a portion of the title bar must remain grabbable.
   - **Snapping:** (Optional but recommended) If dragged to the top edge, trigger maximize. If dragged to the left/right, snap to 50% screen width.
 4. **Resizing Logic:**
   - Implement event listeners on the edges/corners. Updating `width`, `height`, `top`, and `left` simultaneously when resizing from the top or left edges.
 5. **Maximize & Minimize Logic:**
   - **Maximize:** Save the pre-maximized `top/left/width/height` state. Animate the window to fill `100%` of the workspace (accounting for the taskbar).
   - **Minimize:** Animate the window shrinking down into its taskbar icon, then set `display: none` or opacity. Clicking the taskbar icon restores it with the reverse animation.
 6. **Taskbar Integration:**
   - Highlight the active window's icon in the taskbar. Click to toggle minimize/restore.
 ### PHASE 3: HTMX Intercepts (The Magic Glue)
 **Goal:** Connect the Desktop Icons to the Window Manager.
 Instead of HTMX swapping directly into the DOM, we use HTMX events to intercept the response and pass it to the Window Manager.
 **Implementation for the Dumbest LLM:**
 ```javascript
 // Listen to HTMX afterRequest event
 document.body.addEventListener('htmx:afterRequest', function(evt) {
    const target = evt.detail.elt;
    // Check if the click came from a desktop icon
    if (target.classList.contains('desktop-icon')) {
        const appId = target.getAttribute('data-app-id');
        const title = target.getAttribute('data-app-title');
        const htmlContent = evt.detail.xhr.response;
        // Tell WindowManager to open it
        window.WindowManager.open(appId, title, htmlContent);
    }
 });
 ```
 ### PHASE 4: Migrating the Apps
 **Goal:** Refactor existing pages to be fragments.
 1. **Vibe (formerly Mantis):** Remove the outer `<html>`, `<head>`, and `<body>`. Return only the inner content grid.
 2. **Drive:** Ensure HTMX links *inside* Drive target elements *inside* Drive's window container (`closest .window-body #target`), not the whole page.
 3. **Chat, Mail, Settings, Terminal:** Wrap their specific UIs into clean fragments.
 **Crucial HTMX Rule for Windows:**
 Any link inside a window MUST use relative HTMX targeting (e.g., `hx-target="closest .window-body"`) so it doesn't break out of the floating window.
 ### PHASE 5: Botserver Routing & AGENTS.md Compliance
 **Goal:** Update backend to serve HTMX fragments while strictly adhering to `AGENTS.md` security and architecture rules.
 1. **Route Management (HTMX-First):**
   - `GET /` -> Returns `desktop.html` (Full page load).
   - `GET /app/vibe` -> Returns the Vibe fragment (NO `<html>` or `<body>` tags).
   - `GET /api/drive/files?path=/` -> Returns the Drive fragment.
   - *Rule:* All state-changing endpoints (POST/PUT/DELETE) triggered from these windows MUST include CSRF tokens (`IMP-08`).
 2. **File Structure & 450-Line Limit:**
   - Do not dump all routes into a single file. Respect the 450-line maximum per file rule.
   - Create separate modules for each app's routes (e.g., `botserver/src/handlers/desktop.rs`, `botserver/src/handlers/vibe.rs`, `botserver/src/handlers/explorer.rs`).
 3. **Local Assets ONLY (NO CDNs):**
   - **CRITICAL:** The original `html3.html` prototype used Tailwind and FontAwesome CDNs. `AGENTS.md` explicitly forbids this.
   - All CSS, Tailwind outputs, HTMX (`htmx.min.js`), and Web Fonts MUST be downloaded and served locally from the server's static assets folder.
 4. **Command Execution (Terminal/Explorer Apps):**
   - If the Terminal or Explorer apps need to read files or execute system commands, the backend handlers **MUST** use `crate::security::command_guard::SafeCommand`.
 5. **Theme Manager:**
   - Update CSS variables locally to match the aesthetic (brand-500 greens, translucent `bg-white/90`).
 ---
 ## 4. "Dumbest LLM" Coding Prompts & Snippets
 If you are an AI tasked with implementing this, follow these explicit instructions.
 ### A. Implementing `desktop.html`
 - **CRITICAL:** Do NOT copy the CDN links (`<script src="https://cdn...">`) from `html3.html`. `AGENTS.md` strictly forbids CDNs. You must link to local compiled CSS and local HTMX scripts.
 - The main container must have `position: relative` and `overflow: hidden`.
 - Render the icons exactly as:
 ```html
 <div class="desktop-icon flex flex-col items-center w-20 group cursor-pointer" 
     data-app-id="explorer" data-app-title="Explorer" 
     hx-get="/app/explorer" hx-swap="none">
    <div class="app-icon w-16 h-16 rounded-xl flex items-center justify-center text-white text-3xl group-hover:scale-105 transition-transform">
        <i class="fa-regular fa-folder-open drop-shadow-md"></i>
    </div>
    <span class="mt-2 text-xs font-mono font-medium text-gray-800 bg-white/70 px-1.5 py-0.5 rounded backdrop-blur-sm">Explorer</span>
 </div>
 ```
 ### B. Implementing `window-manager.js`
 Create a global object `window.WindowManager`.
 It must have an `open(id, title, html)` method.
 If the window with `id` already exists, call `focus(id)`.
 If it doesn't exist, create this exact DOM structure:
 ```html
 <div id="window-{id}" class="absolute w-[700px] bg-white rounded-lg shadow-2xl flex flex-col border border-gray-200 overflow-hidden z-20" style="top: 100px; left: 150px;">
    <!-- Header (Draggable) -->
    <div class="window-header h-10 bg-white/95 backdrop-blur flex items-center justify-between px-4 border-b border-gray-200 select-none cursor-move">
        <div class="font-mono text-xs font-bold text-brand-600 tracking-wide">{title}</div>
        <div class="flex space-x-3 text-gray-400">
            <button class="btn-minimize hover:text-gray-600"><i class="fa-solid fa-minus"></i></button>
            <button class="btn-maximize hover:text-gray-600"><i class="fa-regular fa-square"></i></button>
            <button class="btn-close hover:text-red-500"><i class="fa-solid fa-xmark"></i></button>
        </div>
    </div>
    <!-- Body (HTMX target) -->
    <div class="window-body relative flex-1 overflow-y-auto bg-[#fafdfa]">
        {html}
    </div>
 </div>
 ```
 ### C. Implementing the Taskbar Task
 When `WindowManager.open()` is called, also append this to `#taskbar-apps`:
 ```html
 <div id="taskbar-item-{id}" class="h-10 w-12 flex items-center justify-center cursor-pointer bg-brand-50 rounded border-b-2 border-brand-500 transition-all taskbar-icon" onclick="WindowManager.toggle('{id}')">
    <div class="app-icon w-8 h-8 rounded-md flex items-center justify-center text-white text-xs shadow-sm">
        <!-- Map icon based on ID here -->
    </div>
 </div>
 ```
 ---
 ## 5. Summary of Definitions
 - **Desktop:** The root view of the application.
 - **Window:** A floating, draggable container for a specific app (Explorer, Vibe, etc.).
 - **Taskbar:** The bottom panel tracking open windows.
 - **App Fragment:** The partial HTML code returned by the server to populate a Window.
 **Execute this plan sequentially.** Do not attempt to load full HTML pages inside windows. Build the Window Manager engine first, then migrate apps one by one.
 ## Current Implementation Status (Feb 24, 2026)
 **What is Working:**
 1. The backend has been re-routed. `localhost:3000` now correctly serves the new `desktop.html` UI shell instead of the old `default.gbui`.
 2. The core assets (`window-manager.js`, `desktop.css`) and static HTMX structure for the desktop sidebar, grid background, and icons are loading successfully.
 3. The apps (Chat, Tasks, Terminal) have existing implementations in the suite directories.
 **What is Missing/Broken to See Windows Again:**
 1. **Window Manager Initialization Bug:** `desktop.html` currently crashes on load because it tries to call `new window.WindowManager()`. The `window-manager.js` script already exports an *instance*, not a class, causing a `TypeError`.
 2. **Missing Tailwind CDN/CSS Classes:** The original `html3.html` prototype likely relied on a Tailwind CSS CDN script. Because CDNs are banned, `window-manager.js` is creating windows using dynamic Tailwind classes (like `w-[700px]`, `bg-white/95`) which do not exist in the locally compiled CSS (`app.css` or `desktop.css`). The windows will have no structure or styling until these classes are ported to `desktop.css` or compiled.
 3. **App Fragment Extraction:** HTMX is currently fetching the full `chat/chat.html` page (including `<head>`, `<body>`, etc.). When `window-manager.js` tries to inject this into a floating `div`, it can break the DOM. The endpoints must be updated to return *only* the inner content (the fragments) as defined in Phase 4 of this document.
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 764f05865348714911be3f2f8d2a3f8c693b20d3
+Subproject commit 0b1b17406db9d4cc91c1a29cf549398e72fd111a
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 6afeeb311f0ed9be0a3058fe07f21e6a476bdf42
+Subproject commit 2f53b65aeb9f09c2c28b88ef005e540d3823b23d
--- a/security_audit.sh
+++ b/security_audit.sh
@ -0,0 +1,129 @@
 #!/bin/bash
 # General Bots Security Audit Script
 # This script helps identify critical security issues in the codebase
 set -e
 echo "🔒 General Bots Security Audit"
 echo "=============================="
 echo ""
 # Check for hardcoded secrets
 echo "1. Checking for hardcoded secrets..."
 if grep -r "password\s*=\s*\"" --include="*.rs" --include="*.toml" --include="*.json" . 2>/dev/null | grep -v "test" | grep -v "example" | head -10; then
    echo "⚠️  WARNING: Found potential hardcoded passwords"
 else
    echo "✅ No obvious hardcoded passwords found"
 fi
 echo ""
 # Check for unwrap/expect calls
 echo "2. Checking for unwrap/expect calls..."
 UNWRAP_COUNT=$(grep -r "\.unwrap()\|\.expect(" --include="*.rs" . 2>/dev/null | wc -l)
 if [ "$UNWRAP_COUNT" -gt 0 ]; then
    echo "⚠️  WARNING: Found $UNWRAP_COUNT unwrap/expect calls"
    echo "   Sample locations:"
    grep -r "\.unwrap()\|\.expect(" --include="*.rs" . 2>/dev/null | head -5
 else
    echo "✅ No unwrap/expect calls found"
 fi
 echo ""
 # Check for Command::new usage
 echo "3. Checking for unsafe command execution..."
 if grep -r "Command::new" --include="*.rs" . 2>/dev/null | grep -v "SafeCommand" | head -5; then
    echo "⚠️  WARNING: Found potential unsafe command execution"
    echo "   Should use SafeCommand instead"
 else
    echo "✅ No unsafe Command::new calls found"
 fi
 echo ""
 # Check for SQL injection patterns
 echo "4. Checking for SQL injection patterns..."
 if grep -r "format!.*SELECT\|format!.*INSERT\|format!.*UPDATE\|format!.*DELETE" --include="*.rs" . 2>/dev/null | grep -v "sanitize" | head -5; then
    echo "⚠️  WARNING: Found potential SQL injection patterns"
    echo "   Should use sql_guard functions"
 else
    echo "✅ No obvious SQL injection patterns found"
 fi
 echo ""
 # Check security headers in routes
 echo "5. Checking for security middleware usage..."
 if grep -r "security_headers_middleware\|csrf_middleware\|rate_limit_middleware" --include="*.rs" . 2>/dev/null | head -5; then
    echo "✅ Security middleware found"
 else
    echo "⚠️  WARNING: No security middleware found in routes"
 fi
 echo ""
 # Check for SecurityManager usage
 echo "6. Checking for SecurityManager initialization..."
 if grep -r "SecurityManager::new\|SecurityManager::initialize" --include="*.rs" . 2>/dev/null; then
    echo "✅ SecurityManager usage found"
 else
    echo "⚠️  WARNING: SecurityManager not initialized"
 fi
 echo ""
 # Check dependencies
 echo "7. Checking dependencies..."
 if command -v cargo-audit &> /dev/null; then
    echo "Running cargo audit..."
    cargo audit
 else
    echo "⚠️  Install cargo-audit: cargo install cargo-audit"
 fi
 echo ""
 # Check for .env files in git
 echo "8. Checking for secrets in git..."
 if find . -name ".env" -type f | grep -v node_modules | grep -v target; then
    echo "⚠️  WARNING: .env files found in repository"
    echo "   Secrets should be in /tmp/ only"
 else
    echo "✅ No .env files in repository"
 fi
 echo ""
 # Check file permissions
 echo "9. Checking critical file permissions..."
 if [ -f "botserver-stack/conf/vault/init.json" ]; then
    PERMS=$(stat -c "%a" "botserver-stack/conf/vault/init.json")
    if [ "$PERMS" -gt 600 ]; then
        echo "⚠️  WARNING: Vault init file permissions too open: $PERMS"
        echo "   Should be 600 or 400"
    else
        echo "✅ Vault init file permissions OK: $PERMS"
    fi
 fi
 echo ""
 # Summary
 echo "📊 Security Audit Summary"
 echo "========================"
 echo ""
 echo "Critical Issues to Address:"
 echo "1. $UNWRAP_COUNT unwrap/expect calls need replacement"
 echo "2. SecurityManager initialization missing"
 echo "3. Security middleware may not be applied to all routes"
 echo ""
 echo "Next Steps:"
 echo "1. Review TASKS.md for detailed remediation plan"
 echo "2. Fix P1 issues first (SecurityManager, error handling)"
 echo "3. Run cargo clippy and fix all warnings"
 echo "4. Implement security testing"
 echo ""
 echo "For detailed tasks, see: TASKS.md"
 echo "For quick checklist, see: SECURITY_CHECKLIST.md"
		`@ -1 +1 @@`
			`Subproject commit 764f05865348714911be3f2f8d2a3f8c693b20d3`				`Subproject commit 0b1b17406db9d4cc91c1a29cf549398e72fd111a`
		`@ -1 +1 @@`
			`Subproject commit 6afeeb311f0ed9be0a3058fe07f21e6a476bdf42`				`Subproject commit 2f53b65aeb9f09c2c28b88ef005e540d3823b23d`