19 commits

Author	SHA1	Message	Date
Rodrigo Rodriguez (Pragmatismo)	7d8f141fc2	refactor: Replace all hardcoded ./botserver-stack paths with get_stack_path()/get_work_path() ... - Adds get_stack_path() helper: returns /opt/gbo in production (.env without botserver-stack), ./botserver-stack in dev - Adds get_work_path() helper: returns /opt/gbo/work in production, ./botserver-stack/data/system/work in dev - Updated 35+ files to use dynamic path resolution - Production system container no longer needs botserver-stack directory - Work files go to /opt/gbo/work instead of /opt/gbo/bin/botserver-stack	2026-04-04 09:24:44 -03:00
Rodrigo Rodriguez (Pragmatismo)	fb2e5242da	fix: Vault seeding, service health checks, and restart idempotency ... - Replace hardcoded passwords with generate_random_string() for all Vault-seeded services - Add valkey-cli, nc to SafeCommand allowlist; fix PATH in all 4 execution methods - Fix empty Vault KV values ('none' placeholder) preventing 'Failed to parse K=V' errors - Fix special chars in generated passwords triggering shell injection false positives - Add ALM app.ini creation with absolute paths for Forgejo CLI - Increase Qdrant timeout 15s→45s, ALM wait 5s→20s - Persist file_states and kb_states to disk for .bas/KB idempotency across restarts - Add duplicate check to use_website registration (debug log for existing) - Remove dead code (SERVER_START_EPOCH, server_epoch) - Add generate_random_string() to shared mod.rs, remove duplicates	2026-04-01 12:22:57 -03:00
Rodrigo Rodriguez (Pragmatismo)	2fa59057fa	fix: Resolve migration error, Vault 403, cache timeout, and shell injection false positives ... - Fix migration 6.2.5: Create lost_reason column before VIEW that references it - Fix Vault 403: Enable KV2 secrets engine after initialization - Fix cache timeout: Increase Valkey readiness wait from 12s to 30s - Fix command_guard: Remove () from forbidden chars (safe in std::process::Command)	2026-03-31 19:55:16 -03:00
Rodrigo Rodriguez (Pragmatismo)	d1cb6b758c	Fix LXD container mode: PATH, socket proxy, exec	2026-03-15 20:00:06 -03:00
Rodrigo Rodriguez (Pragmatismo)	ef426b7a50	LXD proxy and container improvements	2026-03-15 15:50:02 -03:00
Rodrigo Rodriguez (Pragmatismo)	13892b3157	Fix tenant-org-bot relationship and CRM lead form	2026-03-12 18:19:18 -03:00
Rodrigo Rodriguez (Pragmatismo)	2c92a81302	merge: Unify master into main - all commits unified	2026-03-01 07:43:07 -03:00
Rodrigo Rodriguez	d7211a6c19	fix: Resolve unused import and variable warnings	2026-02-19 11:48:17 +00:00
Rodrigo Rodriguez	fc0926ffff	WIP: Multiple code improvements from previous session ... - Fix various compiler warnings - Update analytics, auto_task, and basic keywords - Improve security, channels, and core modules - Update designer, directory, and drive modules - Fix embedded UI and LLM modules Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-08 12:25:37 +00:00
Rodrigo Rodriguez (Pragmatismo)	ff4e6c4fe8	fix(lxc): configure lxd-sock proxy for brother mode and update installers	2026-01-26 11:44:18 -03:00
Rodrigo Rodriguez (Pragmatismo)	fc9c07d204	Refactor schema.rs into modular files	2026-01-22 13:57:40 -03:00
Rodrigo Rodriguez (Pragmatismo)	18b8afd54c	O	2026-01-19 21:19:10 -03:00
Rodrigo Rodriguez (Pragmatismo)	faeae250bc	Add security protection module with sudo-based privilege escalation ... - Create installer.rs for 'botserver install protection' command - Requires root to install packages and create sudoers config - Sudoers uses exact commands (no wildcards) for security - Update all tool files (lynis, rkhunter, chkrootkit, suricata, lmd) to use sudo - Update manager.rs service management to use sudo - Add 'sudo' and 'visudo' to command_guard.rs whitelist - Update CLI with install/remove/status protection commands Security model: - Installation requires root (sudo botserver install protection) - Runtime uses sudoers NOPASSWD for specific commands only - No wildcards in sudoers - exact command specifications - Tools run on host system, not in containers	2026-01-10 09:41:12 -03:00
Rodrigo Rodriguez (Pragmatismo)	00acf1c76e	fix: Add trusted_shell_script_arg for internal scripts ... - shell_script_arg blocks $( and backticks for user input safety - trusted_shell_script_arg allows these for internal installer scripts - Internal scripts need shell features like command substitution - Updated bootstrap, installer, facade, and llm modules	2026-01-09 12:13:35 -03:00
Rodrigo Rodriguez (Pragmatismo)	db267714ca	fix: Allow URL-safe characters in SafeCommand arguments ... - Allow &, ?, = in URL arguments (http:// or https://) - Allow // pattern in URLs (needed for protocol) - These are safe since Command::new().args() doesn't use shell - Fixes Vault health check with query parameters - Add debug logging to safe_curl and vault_health_check	2026-01-09 11:56:11 -03:00
Rodrigo Rodriguez (Pragmatismo)	b674d85583	Fix SafeCommand to allow shell scripts with redirects and command chaining ... - Add shell_script_arg() method for bash/sh/cmd -c scripts - Allow > < redirects in shell scripts (blocked in regular args) - Allow && || command chaining in shell scripts - Update safe_sh_command functions to use shell_script_arg - Update run_commands, start, and LLM server commands - Block dangerous patterns: backticks, path traversal - Fix struct field mismatches and type errors	2026-01-08 23:50:38 -03:00
Rodrigo Rodriguez (Pragmatismo)	5919aa6bf0	Add video module, RBAC, security features, billing, contacts, dashboards, learn, social, and multiple new modules ... Major additions: - Video editing engine with AI features (transcription, captions, TTS, scene detection) - RBAC middleware and organization management - Security enhancements (MFA, passkey, DLP, encryption, audit) - Billing and subscription management - Contacts management - Dashboards module - Learn/LMS module - Social features - Compliance (SOC2, SOP middleware, vulnerability scanner) - New migrations for RBAC, learn, and video tables	2026-01-08 13:16:17 -03:00
Rodrigo Rodriguez (Pragmatismo)	a5dee11002	Security audit: Remove all production .unwrap()/.expect(), add SafeCommand, ErrorSanitizer ... - Phase 1 Critical: All 115 .unwrap() verified in test code only - Phase 1 Critical: All runtime .expect() converted to proper error handling - Phase 2 H1: Antivirus commands now use SafeCommand (added which/where to whitelist) - Phase 2 H2: db_api.rs error responses use log_and_sanitize() - Phase 2 H5: Removed duplicate sanitize_identifier (re-exports from sql_guard) 32 files modified for security hardening. Moon deployment criteria: 10/10 met	2025-12-28 21:26:08 -03:00
Rodrigo Rodriguez (Pragmatismo)	c67aaa677a	feat(security): Complete security infrastructure implementation ... SECURITY MODULES ADDED: - security/auth.rs: Full RBAC with roles (Anonymous, User, Moderator, Admin, SuperAdmin, Service, Bot, BotOwner, BotOperator, BotViewer) and permissions - security/cors.rs: Hardened CORS (no wildcard in production, env-based config) - security/panic_handler.rs: Panic catching middleware with safe 500 responses - security/path_guard.rs: Path traversal protection, null byte prevention - security/request_id.rs: UUID request tracking with correlation IDs - security/error_sanitizer.rs: Sensitive data redaction from responses - security/zitadel_auth.rs: Zitadel token introspection and role mapping - security/sql_guard.rs: SQL injection prevention with table whitelist - security/command_guard.rs: Command injection prevention - security/secrets.rs: Zeroizing secret management - security/validation.rs: Input validation utilities - security/rate_limiter.rs: Rate limiting with governor crate - security/headers.rs: Security headers (CSP, HSTS, X-Frame-Options) MAIN.RS UPDATES: - Replaced tower_http::cors::Any with hardened create_cors_layer() - Added panic handler middleware - Added request ID tracking middleware - Set global panic hook SECURITY STATUS: - 0 unwrap() in production code - 0 panic! in production code - 0 unsafe blocks - cargo audit: PASS (no vulnerabilities) - Estimated completion: ~98% Remaining: Wire auth middleware to handlers, audit logs for sensitive data	2025-12-28 19:29:18 -03:00