2.4 KiB
2.4 KiB
TASKS.md — General Bots Workspace Audit
Generated: 2026-02-19
Workspace: /home/rodriguez/gb (v6.2.0)
Scope: Security Audit and Improvements Execution
🔴 P0 — CRITICAL SECURITY FLAWS
SEC-01: ✅ RESOLVED — History Clean
Status: ✅ Repositor history rewritten. Sensitive files removed and ignored.
vault-unseal-keys,init.jsonremoved from history (git-filter-repo)- Files ignored in
.gitignore - Remote
originupdated (force pushed)
SEC-02: ✅ PARTIALLY RESOLVED — .env exposure
Status: ✅ Mitigated (Untracked). Rotation needed.
- Rotate Vault tokens immediately
SEC-03: ✅ RESOLVED — init.json removed
Status: ✅ Removed from tracking.
SEC-04: ✅ RESOLVED — Command Execution Hardened
Status: ✅ Replaced Command::new with SafeCommand.
SEC-05: ✅ RESOLVED — SQL Injection Hardened
Status: ✅ Parameterized queries implemented. Build verified.
SEC-06: ✅ RESOLVED — unwrap()/expect() verified
Status: ✅ Core/LLM production code verified clean.
botserver/src/core: Clean (Unwraps confined to tests/stubs)botserver/src/llm: Clean (Unwraps confined to tests)- Fixed
rate_limiter.rs(unsafe) &utils.rs(expect)
🟠 P1 — HIGH PRIORITY IMPROVEMENTS
IMP-03: ✅ RESOLVED — Artifact Cleanup
- Deleted
.bas,PROMPT.md - Added
Cargo.lockto tracking
IMP-04: ✅ RESOLVED — Unsafe Code Fix
- Replaced
unsafeblock inrate_limiter.rs
IMP-06: ✅ RESOLVED — CORS Configuration
- Fixed syntax and logic in
validate_origin
IMP-14: 🟡 IN PROGRESS — Code Cleanup (TODOs)
Status: References cleaned. Features pending.
- Removed stale references to
TODO-refactor1.md - Implement
drive_handlers.rs(Drive stubbed) - Implement
admin_invitations.rs(Schema missing)
IMP-15: 🟡 IN PROGRESS — Integration Tests
Status: Tool installing (cargo-tarpaulin compiling in background).
- Generate coverage report once installed
🟡 P2 — POLICIES (Completed)
IMP-07 to IMP-10: ✅ RESOLVED — Policies Added
- Rate Limiting, CSRF, Headers, Dependency Management documented in
AGENTS.md.
IMP-16: ✅ RESOLVED — Tool Consolidation
- Removed Puppeteer.
IMP-17: ✅ RESOLVED — Lockfile
- Tracked
Cargo.lock.