3672e92b7e
Tauri + Svelte 5 + Rust application for orchestrating multiple AI coding agents. Includes Claude, Aider, Codex, and Ollama provider support, multi-agent communication (btmsg/bttask), session anchors, plugin sandbox, FTS5 search, Landlock sandboxing, and 507 vitest + 110 cargo tests.
38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
# Security (PARAMOUNT)
|
|
|
|
Treat every violation as a blocking issue.
|
|
|
|
## Secrets
|
|
|
|
- Use environment variables or secret managers for all secrets.
|
|
- Before every commit, verify no secrets are staged.
|
|
- Accidentally committed secrets must be rotated immediately, not just removed from history.
|
|
- Keep `.env` and credential files in `.gitignore`.
|
|
|
|
## Input Validation & Output Encoding
|
|
|
|
- Validate ALL external input. Reject invalid input — never attempt to fix it.
|
|
- Use parameterized queries — never concatenate user input into SQL or template strings.
|
|
- Avoid shell invocation; use language-native APIs. If unavoidable, escape rigorously.
|
|
- Encode output contextually (HTML, URL, JSON). XSS prevention = output encoding, not input sanitization.
|
|
- Apply least privilege — minimum permissions, minimum scopes.
|
|
|
|
## Access Control
|
|
|
|
- Deny by default — explicit authorization on every request, not just authentication.
|
|
- Validate resource ownership on every access (IDOR prevention).
|
|
|
|
## Authentication
|
|
|
|
- Rate-limit login endpoints. Support MFA. Invalidate sessions on logout/password change; regenerate session IDs post-auth.
|
|
|
|
## Cryptography
|
|
|
|
- No MD5/SHA-1. Use SHA-256+ for hashing, Argon2/bcrypt/scrypt for passwords.
|
|
|
|
## Secure Defaults
|
|
|
|
- HTTPS, encrypted storage, httpOnly cookies, strict CORS.
|
|
- Check dependencies for CVEs before adding. Run audit tools after dependency changes.
|
|
|
|
When in doubt, choose more security. Flag concerns explicitly.
|