Learn Module Session Integration:
- Added AuthenticatedUser extractor to 9 handlers
- submit_quiz, get_progress, start_course, complete_lesson_handler
- create_assignment, get_pending_assignments, get_certificates
- get_recommendations, get_user_stats
Security Auth Role Fetching:
- validate_session_sync() reads from SESSION_CACHE
- Maps role strings to Role enum (Admin, SuperAdmin, etc.)
- Falls back to User role for uncached sessions
AutoTask Improvements:
- get_task_logs() reads from manifest with status-based logs
- store_compiled_intent() saves to cache and database
Face API Full Implementation:
- AWS Rekognition: detect, verify, analyze
- OpenCV: local face detection/verification
- InsightFace: RetinaFace detection, ArcFace verification
- Helper methods: get_image_bytes, simulate_face_detection, generate_landmarks
- Create installer.rs for 'botserver install protection' command
- Requires root to install packages and create sudoers config
- Sudoers uses exact commands (no wildcards) for security
- Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo
- Update manager.rs service management to use sudo
- Add 'sudo' and 'visudo' to command_guard.rs whitelist
- Update CLI with install/remove/status protection commands
- Create comprehensive botbook documentation
- Update SUMMARY.md with protection-tools entry
Security model:
- Installation requires root (sudo botserver install protection)
- Runtime uses sudoers NOPASSWD for specific commands only
- No wildcards in sudoers - exact command specifications
- Tools run on host system, not in containers
- Fix JwtKey::from_secret to use &str instead of &[u8]
- Fix auth_middleware_with_providers to avoid holding &Request across await
- Add ExtractedAuthData struct for thread-safe auth data extraction
- Remove duplicate require_permission_middleware export from rbac_middleware
- Fix check_route_access argument order in rbac_middleware
- Remove unused auth_config field from ZitadelAuthProviderAdapter
- Remove unused imports (body::Body, http::Request, AuthError)
- Make check_permission_string public for middleware use
- Add missing jwt_manager, auth_provider_registry, rbac_manager fields to AppState
Phase 5.1 compilation test: PASSED (0 warnings, 0 errors)
