fetch_ml

History

Jeremie Fraeys 412d7b82e9 security: implement comprehensive secrets protection Critical fixes: - Add SanitizeConnectionString() in storage/db_connect.go to remove passwords - Add SecureEnvVar() in api/factory.go to clear env vars after reading (JWT_SECRET) - Clear DB password from config after connection Logging improvements: - Enhance logging/sanitize.go with patterns for: - PostgreSQL connection strings - Generic connection string passwords - HTTP Authorization headers - Private keys CLI security: - Add --security-audit flag to api-server for security checks: - Config file permissions - Exposed environment variables - Running as root - API key file permissions - Add warning when --api-key flag used (process list exposure) Files changed: - internal/storage/db_connect.go - internal/api/factory.go - internal/logging/sanitize.go - internal/auth/flags.go - cmd/api-server/main.go		2026-02-18 16:18:09 -05:00
..
api-server	security: implement comprehensive secrets protection	2026-02-18 16:18:09 -05:00
configlint	ci: align workflows, build scripts, and docs with current architecture	2026-01-05 12:34:23 -05:00
data_manager	refactor(dependency-hygiene): Move path functions from config to storage	2026-02-17 21:15:23 -05:00
db-utils	ci: align workflows, build scripts, and docs with current architecture	2026-01-05 12:34:23 -05:00
errors	feat: implement research-grade maintainability phases 1,3,4,7	2026-02-18 15:27:50 -05:00
performance-regression-detector	chore(build): update build system, scripts, and additional tests	2026-02-12 12:05:55 -05:00
profiler	chore(build): update build system, scripts, and additional tests	2026-02-12 12:05:55 -05:00
tui	docs: clean up verbose comments in TUI main.go	2026-02-18 14:45:44 -05:00
user_manager	Fix multi-user authentication and clean up debug code	2025-12-06 12:35:32 -05:00
worker	feat(worker): add integrity checks, snapshot staging, and prewarm support	2026-01-05 12:31:13 -05:00