fix: production readiness review — security hardening & bug fixes#358
Merged
fix: production readiness review — security hardening & bug fixes#358
Conversation
…curity, fix bugs - Remove browser_evaluate action (arbitrary JS execution in agent trust zone) - Add sanitize_for_prompt() to all channel inbound messages (telegram, discord, slack) - Authenticate SPA catchall route with dashboard session cookie - Add autoescape=True to Jinja2 template rendering - Tighten CSP headers (default-src, connect-src, frame-src) - Add thread safety lock to EventBus sequence counter - Replace hardcoded KasmVNC password with secrets.token_urlsafe - Add startup warning when BROWSER_AUTH_TOKEN is unset - Fix _walk() infinite recursion with MAX_WALK_DEPTH=50 - Fix _remove_project_blackboard_permissions() blanket-clearing all permissions - Fix zombie process leak: add proc.wait() after proc.kill() - Change detached agent log mode from overwrite to append - Hoist inline imports to module level, remove redundant re-imports - Update CLAUDE.md with review findings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
browser_evaluateaction (arbitrary JS in agent trust zone), addsanitize_for_prompt()to all channel inbound messages, authenticate SPA catchall route_remove_project_blackboard_permissions()blanket-clearing, fix zombie process leak, change detached log mode to append_walk()depth limitTest plan