gb/TASKS.md

TASKS.md — General Bots Workspace Audit

Generated: 2026-02-19 Workspace: /home/rodriguez/gb (v6.2.0) Scope: Security Audit and Improvements Execution

---

🔴 P0 — CRITICAL SECURITY FLAWS

SEC-01: ✅ RESOLVED — History Clean

Status: ✅ Repositor history rewritten (git-filter-repo).

• vault-unseal-keys, init.json removed
• Remote origin force-pushed

SEC-02: ✅ PARTIALLY RESOLVED — .env exposure

Status: ✅ Mitigated (Untracked). Rotation needed.

• Rotate Vault tokens immediately

SEC-03: ✅ RESOLVED — init.json removed

Status: ✅ Removed from tracking.

SEC-04: ✅ RESOLVED — Command Execution Hardened

Status: ✅ Replaced Command::new with SafeCommand.

SEC-05: ✅ RESOLVED — SQL Injection Hardened

Status: ✅ Parameterized queries implemented. Build verified.

SEC-06: ✅ RESOLVED — unwrap()/expect() verified

Status: ✅ Core/LLM production code verified clean.

• botserver/src/core: Clean (Unwraps confined to tests/stubs)
• botserver/src/llm: Clean (Unwraps confined to tests)
• Fixed rate_limiter.rs (unsafe) & utils.rs (expect)

---

🟠 P1 — HIGH PRIORITY IMPROVEMENTS

IMP-03: ✅ RESOLVED — Artifact Cleanup

• Deleted .bas, PROMPT.md
• Added Cargo.lock to tracking

IMP-04: ✅ RESOLVED — Unsafe Code Fix

• Replaced unsafe block in rate_limiter.rs

IMP-06: ✅ RESOLVED — CORS Configuration

• Fixed syntax and logic in validate_origin

IMP-14: 🟡 IN PROGRESS — Code Cleanup (TODOs)

Status: Features partially implemented.

• Cleaned stale README references
• IMPLEMENTED drive_handlers.rs (S3 Integration Active)
• Implement admin_invitations.rs (Stubbed)
• Remaining minor TODOs

IMP-15: 🟡 READY — Integration Tests

Status: Tool installed (cargo-tarpaulin available).

• Generate coverage report (Run cargo tarpaulin --out Html)

---

🟡 P2 — POLICIES (Completed)

IMP-07 to IMP-10: ✅ RESOLVED — Policies Added

• Rate Limiting, CSRF, Headers, Dependency Management documented in AGENTS.md.

IMP-16: ✅ RESOLVED — Tool Consolidation

• Removed Puppeteer.

IMP-17: ✅ RESOLVED — Lockfile

• Tracked Cargo.lock.