GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gb/TASKS.md

2.3 KiB
Raw Blame History

TASKS.md — General Bots Workspace Audit

Generated: 2026-02-19 Workspace: /home/rodriguez/gb (v6.2.0) Scope: Security Audit and Improvements Execution

🔴 P0 — CRITICAL SECURITY FLAWS

SEC-01: 🔴 PENDING — History Clean

Status: 🔴 Blocked. git-filter-repo missing in environment.

  • Files untracked (vault-unseal-keys, init.json)
  • Needs history rewrite (Requires tool installation)

SEC-02: PARTIALLY RESOLVED — .env exposure

Status: Mitigated (Untracked). Rotation needed.

  • Rotate Vault tokens immediately

SEC-03: RESOLVED — init.json removed

Status: Removed from tracking.

SEC-04: RESOLVED — Command Execution Hardened

Status: Replaced Command::new with SafeCommand.

SEC-05: RESOLVED — SQL Injection Hardened

Status: Parameterized queries implemented. Build verified.

SEC-06: RESOLVED — unwrap()/expect() verified

Status: Core/LLM production code verified clean.

  • botserver/src/core: Clean (Unwraps confined to tests/stubs)
  • botserver/src/llm: Clean (Unwraps confined to tests)
  • Fixed rate_limiter.rs (unsafe) & utils.rs (expect)

🟠 P1 — HIGH PRIORITY IMPROVEMENTS

IMP-03: RESOLVED — Artifact Cleanup

  • Deleted .bas, PROMPT.md
  • Added Cargo.lock to tracking

IMP-04: RESOLVED — Unsafe Code Fix

  • Replaced unsafe block in rate_limiter.rs

IMP-06: RESOLVED — CORS Configuration

  • Fixed syntax and logic in validate_origin

IMP-14: 🟡 IN PROGRESS — Code Cleanup (TODOs)

Status: References cleaned. Features pending.

  • Removed stale README references to TODO-refactor1.md
  • Implement drive_handlers.rs (Drive stubbed)
  • Implement admin_invitations.rs (Schema missing)

IMP-15: 🔴 PENDING — Integration Tests

Status: Blocked. cargo-tarpaulin missing.

  • Install coverage tool
  • Generate report

🟡 P2 — POLICIES (Completed)

IMP-07 to IMP-10: RESOLVED — Policies Added

  • Rate Limiting, CSRF, Headers, Dependency Management documented in AGENTS.md.

IMP-16: RESOLVED — Tool Consolidation

  • Removed Puppeteer.

IMP-17: RESOLVED — Lockfile

  • Tracked Cargo.lock.