oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update security documentation with completed fixes and deployment status

Browse Source 
- Add completed security fixes section to SECURITY_CLEANUP_GUIDE.md with 5 resolved vulnerabilities
- Update currentTask.md with 2026-02-13 security fixes and deployment status
- Add comprehensive security fixes section to done.md with implementation details
- Expand infrastructure.md with security configuration, environment variables, and testing notes
- Add recent progress section to roadmap.md documenting security
This commit is contained in:
oib
2026-02-13 16:23:01 +01:00
parent de5b0f2696
commit 0cbd2b507c
6 changed files with 359 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/roadmap.md
View File

@@ -759,6 +759,44 @@ Current Status: Canonical receipt schema specification moved from `protocols/rec
- **Phase 4**: MarketplaceOffer GPU fields, booking system, review system
- **Phase 5**: Batch CSV/JSON ops, job templates, webhooks, plugin system, real-time dashboard, metrics/alerts, multi-sig wallets, encrypted config, audit logging, progress bars
## Recent Progress (2026-02-13)
### Critical Security Fixes ✅ COMPLETE
- **Fixed Hardcoded Secrets**
- JWT secret now required from environment (no longer hardcoded)
- PostgreSQL credentials parsed from DATABASE_URL
- Added fail-fast validation for missing secrets
- **Unified Database Sessions**
- Migrated all routers to use `storage.SessionDep`
- Removed legacy session dependencies
- Consistent database session management across services
- **Closed Authentication Gaps**
- Implemented session-based authentication in exchange API
- Fixed hardcoded user IDs - now uses authenticated context
- Added login/logout endpoints with wallet authentication
- **Tightened CORS Defaults**
- Replaced wildcard origins with specific localhost URLs
- Restricted HTTP methods to only those needed
- Applied across all services (Coordinator, Exchange, Blockchain, Gossip)
- **Enhanced Wallet Encryption**
- Replaced weak XOR with Fernet (AES-128 CBC)
- Added secure key derivation (PBKDF2 with SHA-256)
- Integrated keyring for password management
- **CI Import Error Fix**
- Replaced `requests` with `httpx` (already a dependency)
- Fixed build pipeline failures
- Added graceful fallback for missing dependencies
### Deployment Status
- ✅ Site A (aitbc.bubuit.net): All fixes deployed and active
- ✅ Site B (ns3): No action needed (blockchain node only)
- ✅ Commit: `26edd70` - Changes committed and deployed
## Recent Progress (2026-02-11)
### Git & Repository Hygiene ✅ COMPLETE