Dorian 7b56927c3c feat: complete AIUI integration — all 31 overnight tasks
- Protocol: 10 context categories (apps, system, network, bitcoin, media, files, notes, search, ai-local, wallet)
- ContextBroker: real data wiring for all categories with sanitization
- Permissions: user toggles for all categories in Settings
- Nginx: Claude API, OpenRouter, SearXNG proxy pass-through
- Actions: launch-app, search-web, install-app handlers
- Chat.vue: loading state + connection indicator
- Integration test page: test-aiui.html

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 14:34:02 +00:00

50 lines
2.1 KiB
Markdown

---
name: harden
description: Security hardening review and fixes for Archipelago code and infrastructure
disable-model-invocation: true
allowed-tools: Read, Edit, Write, Glob, Grep, Bash
argument-hint: "[area: backend|frontend|containers|scripts|all]"
---
Perform a security hardening pass on $ARGUMENTS (default: all).
## Backend Hardening (Rust)
- [ ] No hardcoded credentials — check for Base64-encoded auth strings, passwords in source
- [ ] Secrets use `core/security/secrets_manager.rs` — verify encryption is implemented (not plaintext)
- [ ] All RPC endpoints validate inputs before processing
- [ ] No `unwrap()` on user-supplied data — handle errors gracefully
- [ ] Rate limiting on auth endpoints (login, password change)
- [ ] Session tokens have proper expiry and rotation
- [ ] File permissions: keys at 0o600, dirs at 0o700
- [ ] Tracing never logs secrets, passwords, keys, or tokens
## Frontend Hardening (Vue/TypeScript)
- [ ] No secrets in source (API keys, passwords, tokens)
- [ ] No `eval()` or `innerHTML` with untrusted content
- [ ] XSS prevention — sanitize all user inputs
- [ ] CSRF protection on state-changing requests
- [ ] Credentials use `credentials: 'include'` not localStorage tokens
- [ ] No sensitive data in console.log statements
## Container Hardening
- [ ] All manifests: `readonly_root: true` (unless documented exception)
- [ ] All manifests: capabilities dropped, only required ones added
- [ ] All manifests: non-root user (UID > 1000)
- [ ] All manifests: `no-new-privileges: true`
- [ ] All images pinned to specific versions (no `:latest`)
- [ ] Network isolation — no `host` network unless required and documented
- [ ] AppArmor profiles defined and enforced
## Script Hardening
- [ ] All scripts use `set -euo pipefail`
- [ ] No hardcoded passwords (use deploy-config.sh or env vars)
- [ ] SSH uses proper key-based auth where possible
- [ ] No `chmod 777` or overly permissive permissions
- [ ] Temp files use `mktemp` not predictable paths
Report all findings with file paths and line numbers. Fix issues directly where safe to do so. Flag anything that needs discussion.