8 Commits

Author	SHA1	Message	Date
Yusuf Suleman	877021ff20	fix: remaining code issues — TLS, CORS, disconnect safety, cleanup ... 1. Trips TLS: Removed all ssl CERT_NONE / check_hostname=False from 5 external HTTPS call sites (OpenAI, Gemini, Google Places, Geocode). All external calls now use default TLS verification. 2. Internal CORS: Removed permissive cors() from inventory and budget. Both are internal services accessed only via gateway. 3. App visibility: Documented as cosmetic-only in layout.server.ts. Nav hiding is intentional UX, not access control. 4. Disconnect safety: Added confirm() dialog before service disconnect in Settings. Prevents accidental disconnects. 5. Inventory cleanup: Removed stale /test startup log message. Replaced with API key status indicator. 6. Frontend deps: 4 low-severity cookie vulnerabilities in @sveltejs/kit. Fix requires breaking downgrade to kit@0.0.30 — not safe. Documented.	2026-03-29 15:38:42 -05:00
Yusuf Suleman	ac5c758056	fix: complete remaining partial issues (#5, #8, #9) ... #5 Gateway Trust Model: - Removed inventory /test endpoint - Updated docs/trust-model.md with accurate description: - Per-user services (trips, fitness) vs gateway-key services clearly separated - Known limitations documented (no per-user isolation on shared services) - No false claims about per-user auth where it doesn't exist #8 Dependency Security: - Workflow reviewed and confirmed sane - Added .gitea/README.md documenting runner requirement - Status: repo-side complete, operationally blocked on runner setup #9 Performance Hardening: - Budget /transactions/recent: 30s cache (1.1s→41ms on repeat) - Budget /uncategorized-count: 2min cache (1.3s→42ms on repeat) - Both endpoints document Actual Budget per-account API constraint - Budget buildLookups: 2min cache (already in place) - All inventory full scans already eliminated (prior commit)	2026-03-29 15:17:28 -05:00
Yusuf Suleman	9e13984b05	fix: performance hardening — eliminate full table scans (#9) ... Inventory: - /issues: replaced full scan + client filter with NocoDB server-side WHERE filter (Received eq Issues/Issue). Single query, ~200 rows max. - /needs-review-count: replaced full scan with server-side WHERE + limit=1 + pageInfo.totalRows. Returns count without fetching data. Budget: - buildLookups(): added 2-minute cache for payee/account/category maps. Eliminates 3 API calls per request for repeated queries. - /summary cache (added earlier): 1-minute TTL still active. Files: services/inventory/server.js, services/budget/server.js	2026-03-29 13:50:07 -05:00
Yusuf Suleman	4ecd2336b5	fix: complete remaining remediation (#5, #8, #9) ... #5 Gateway Trust Model: - Token validation now uses protected endpoints, not health checks - Unknown services rejected (no fallback to unprotected endpoint) - Trust model documented in docs/trust-model.md #8 CI Enforcement: - Added .gitea/workflows/security.yml with: - Dependency audit (npm audit --audit-level=high for budget) - Secret scanning (checks for tracked .env/.db, hardcoded secrets) - Dockerfile lint (non-root USER, HEALTHCHECK presence) #9 Performance Hardening: - Budget /summary: 1-minute in-memory cache (avoids repeated account fan-out) - Gateway /api/dashboard: 30-second per-user cache (50x faster on repeat) - Inventory health endpoint added before auth middleware Closes #5, #8, #9	2026-03-29 10:13:00 -05:00
Yusuf Suleman	72747668f9	fix: remaining security and deployment hardening (#6 #7 #10) ... #7 Transport Security: - Removed legacy _ssl_ctx alias from config.py - proxy.py now uses _internal_ssl_ctx directly (explicitly scoped) - No global TLS bypass remains #10 Deployment Hardening: - Inventory Dockerfile: non-root (node user), health check, production deps - Budget Dockerfile: non-root (node user), health check, npm ci, multi-stage ready - Frontend-v2 Dockerfile: multi-stage build, non-root (node user), health check - Added /health endpoints to inventory and budget (before auth middleware) - All 6 containers now run as non-root with health checks All services verified: gateway, trips, fitness, inventory, budget, frontend	2026-03-29 09:35:39 -05:00
Yusuf Suleman	14c667bd5e	fix: resolve path-to-regexp ReDoS vulnerability in budget service (#8) ... - Ran npm audit fix on services/budget — updated path-to-regexp - npm audit now reports 0 vulnerabilities - CI enforcement deferred (no Gitea CI runner configured) Partial fix for #8 — vulnerability resolved, CI setup remaining.	2026-03-29 09:14:21 -05:00
Yusuf Suleman	fcb9383623	fix(gateway): enforce API key auth on inventory and budget services (#5) ... - Added X-API-Key middleware to inventory-service and budget-service - Services reject all requests without valid API key (401) - Gateway proxy injects service API keys for inventory and budget - Dashboard widget fetchers inject API keys - Generated unique API keys per service, stored in .env - Added SERVICE_API_KEY env var to docker-compose for both services Partial fix for #5 — internal services now require auth. Remaining: document trust model, validate service token semantics.	2026-03-29 09:06:41 -05:00
Yusuf Suleman	d3e250e361	Initial commit: Second Brain Platform ... Complete platform with unified design system and real API integration. Apps: Dashboard, Fitness, Budget, Inventory, Trips, Reader, Media, Settings Infrastructure: SvelteKit + Python gateway + Docker Compose	2026-03-28 23:20:40 -05:00