- Protocol: 10 context categories (apps, system, network, bitcoin, media, files, notes, search, ai-local, wallet) - ContextBroker: real data wiring for all categories with sanitization - Permissions: user toggles for all categories in Settings - Nginx: Claude API, OpenRouter, SearXNG proxy pass-through - Actions: launch-app, search-web, install-app handlers - Chat.vue: loading state + connection indicator - Integration test page: test-aiui.html Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
50 lines
2.1 KiB
Markdown
50 lines
2.1 KiB
Markdown
---
|
|
name: harden
|
|
description: Security hardening review and fixes for Archipelago code and infrastructure
|
|
disable-model-invocation: true
|
|
allowed-tools: Read, Edit, Write, Glob, Grep, Bash
|
|
argument-hint: "[area: backend|frontend|containers|scripts|all]"
|
|
---
|
|
|
|
Perform a security hardening pass on $ARGUMENTS (default: all).
|
|
|
|
## Backend Hardening (Rust)
|
|
|
|
- [ ] No hardcoded credentials — check for Base64-encoded auth strings, passwords in source
|
|
- [ ] Secrets use `core/security/secrets_manager.rs` — verify encryption is implemented (not plaintext)
|
|
- [ ] All RPC endpoints validate inputs before processing
|
|
- [ ] No `unwrap()` on user-supplied data — handle errors gracefully
|
|
- [ ] Rate limiting on auth endpoints (login, password change)
|
|
- [ ] Session tokens have proper expiry and rotation
|
|
- [ ] File permissions: keys at 0o600, dirs at 0o700
|
|
- [ ] Tracing never logs secrets, passwords, keys, or tokens
|
|
|
|
## Frontend Hardening (Vue/TypeScript)
|
|
|
|
- [ ] No secrets in source (API keys, passwords, tokens)
|
|
- [ ] No `eval()` or `innerHTML` with untrusted content
|
|
- [ ] XSS prevention — sanitize all user inputs
|
|
- [ ] CSRF protection on state-changing requests
|
|
- [ ] Credentials use `credentials: 'include'` not localStorage tokens
|
|
- [ ] No sensitive data in console.log statements
|
|
|
|
## Container Hardening
|
|
|
|
- [ ] All manifests: `readonly_root: true` (unless documented exception)
|
|
- [ ] All manifests: capabilities dropped, only required ones added
|
|
- [ ] All manifests: non-root user (UID > 1000)
|
|
- [ ] All manifests: `no-new-privileges: true`
|
|
- [ ] All images pinned to specific versions (no `:latest`)
|
|
- [ ] Network isolation — no `host` network unless required and documented
|
|
- [ ] AppArmor profiles defined and enforced
|
|
|
|
## Script Hardening
|
|
|
|
- [ ] All scripts use `set -euo pipefail`
|
|
- [ ] No hardcoded passwords (use deploy-config.sh or env vars)
|
|
- [ ] SSH uses proper key-based auth where possible
|
|
- [ ] No `chmod 777` or overly permissive permissions
|
|
- [ ] Temp files use `mktemp` not predictable paths
|
|
|
|
Report all findings with file paths and line numbers. Fix issues directly where safe to do so. Flag anything that needs discussion.
|