86 lines
2.6 KiB
Markdown
86 lines
2.6 KiB
Markdown
# TASKS.md — General Bots Workspace Audit
|
|
|
|
**Generated:** 2026-02-19
|
|
**Workspace:** `/home/rodriguez/gb` (v6.2.0)
|
|
**Scope:** Security Audit and Improvements Execution
|
|
|
|
---
|
|
|
|
## 🔴 P0 — CRITICAL SECURITY FLAWS
|
|
|
|
### SEC-01: ✅ RESOLVED — `vault-unseal-keys` removed
|
|
**Status:** ✅ Removed from tracking. **History purge required.**
|
|
- [x] `git rm --cached vault-unseal-keys`
|
|
- [ ] **Rotate ALL 5 Vault unseal keys immediately**
|
|
- [ ] Use `git filter-repo` to purge history
|
|
|
|
### SEC-02: ✅ PARTIALLY RESOLVED — `.env` exposure
|
|
**Status:** ✅ Mitigated (Untracked, Example created). **Rotation needed.**
|
|
- [x] Verified `.env` untracked
|
|
- [x] Created `.env.example`
|
|
- [ ] **Rotate Vault tokens immediately**
|
|
|
|
### SEC-03: ✅ RESOLVED — `init.json` removed
|
|
**Status:** ✅ Removed from tracking.
|
|
|
|
### SEC-04: ✅ RESOLVED — Command Execution Hardened
|
|
**Status:** ✅ Replaced `Command::new` with `SafeCommand`.
|
|
|
|
### SEC-05: ✅ RESOLVED — SQL Injection Hardened
|
|
**Status:** ✅ Parameterized queries implemented. Build verified.
|
|
|
|
### SEC-06: 🟡 IN PROGRESS — `unwrap()`/`expect()` Reduction
|
|
**Status:** Started. Fixed `rate_limiter.rs` and `utils.rs`.
|
|
- [x] Replaced `expect` in `utils.rs` with safe fallback
|
|
- [x] Replaced `unsafe` in `rate_limiter.rs`
|
|
- [ ] Continue elimination in `core/` and `llm/`
|
|
|
|
---
|
|
|
|
## 🟠 P1 — HIGH PRIORITY IMPROVEMENTS (Selected)
|
|
|
|
### IMP-03: ✅ RESOLVED — Artifact Cleanup
|
|
- [x] Deleted `.bas`, `PROMPT.md`
|
|
- [x] Added `Cargo.lock` to tracking (.gitignore)
|
|
|
|
### IMP-04: ✅ RESOLVED — Unsafe Code Fix
|
|
- [x] Replaced `unsafe` block in `rate_limiter.rs` with safe `NonZeroU32` construction
|
|
|
|
### IMP-06: ✅ RESOLVED — CORS Configuration
|
|
- [x] Fixed syntax error in `validate_origin`
|
|
- [x] Hardened origin validation logic
|
|
|
|
---
|
|
|
|
## 🟡 P2 — MEDIUM PRIORITY IMPROVEMENTS (Policies)
|
|
|
|
### IMP-07 to IMP-10: ✅ RESOLVED — Security Policies Added
|
|
**Status:** Added to `AGENTS.md`.
|
|
- [x] IMP-07: Rate Limiting
|
|
- [x] IMP-08: CSRF Protection
|
|
- [x] IMP-09: Security Headers
|
|
- [x] IMP-10: Dependency Pinning
|
|
|
|
---
|
|
|
|
## 🔵 P3 — LOW PRIORITY / PENDING
|
|
|
|
### IMP-14: 🟡 TODO — Code Cleanup (TODOs)
|
|
**Action:** Triage ~40 TODO comments.
|
|
- [ ] Remove stale TODOs
|
|
- [ ] Fix critical TODOs
|
|
|
|
### IMP-15: 🟡 TODO — Integration Tests
|
|
**Action:** Set up coverage.
|
|
- [ ] Add `cargo-tarpaulin` or similar
|
|
- [ ] Generate coverage report
|
|
|
|
### IMP-16: ✅ RESOLVED — Tool Consolidation
|
|
- [x] Removed `puppeteer` from `package.json` (Consolidated on Playwright)
|
|
|
|
### IMP-17: ✅ RESOLVED — Lockfile Tracking
|
|
- [x] Removed `Cargo.lock` from `.gitignore`
|
|
|
|
---
|
|
|
|
*Note: Unlisted tasks (IMP-01, 02, 05, 11-13, 18, 19) have been removed from focus.*
|