Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(config): enforce runtime auth secret policy

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 23:40:00 +02:00
parent 7bcc831b5c
commit a7362f17bd
8 changed files with 181 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/architecture-hardening-backlog.md
+3 -3
View File
@@ -21,6 +21,7 @@
- `resource` is now onboarded as the second real comment entity, reusing the same ownership and staff-visibility rules as the resource detail route
- comment mention autocomplete now uses a dedicated entity-scoped API route instead of inheriting the narrower `user.listAssignable` audience
- runtime secret handling is now environment-first end to end: admin updates no longer persist new operational secrets, runtime status is surfaced explicitly, and legacy database secret copies can be cleared through a dedicated cleanup path
- production auth runtime config now fails fast when `AUTH_SECRET`/`NEXTAUTH_SECRET` is missing or left on a known development placeholder, and local compose no longer hardcodes that secret
- `apps/web` system settings UI is now decomposed into section components with shared secret/runtime helpers, bringing all files in that slice back under the file-size guardrail
- the first API-side `assistant-tools` extraction is in place: settings, system-role config, webhooks, audit log access, and shoring ratio now live in a dedicated domain module with shared assistant-tool types
- the advanced timeline assistant toolset now lives in its own domain module, keeping the high-risk read/mutation pairings out of the monolithic router without changing the assistant contract
@@ -61,9 +62,8 @@ That extraction work is now effectively complete for the current assistant-tool
The small hardening slices are effectively exhausted.
The remaining work is now structural rather than another quick batch:
1. secrets and runtime configuration policy
2. oversized router decomposition
3. performance hotspot reduction
1. oversized router decomposition
2. performance hotspot reduction
## Working Rule
docs/security-architecture.md
+1
View File
@@ -67,6 +67,7 @@ publicProcedure
- Admin settings reads expose only presence flags (`hasApiKey`, `hasSmtpPassword`, `hasGeminiApiKey`) instead of returning secret values to the browser, and those flags also reflect environment-backed runtime overrides
- The admin settings mutation no longer persists new secret values into `SystemSettings`; secret inputs must be provisioned through environment or a deployment-time secret manager, and legacy database copies can be cleared explicitly
- The admin UI now exposes runtime secret source/status plus an explicit "clear legacy DB secrets" cleanup path so operators can complete the migration without direct database writes
- Production startup now validates Auth.js runtime configuration and refuses to boot if `AUTH_SECRET`/`NEXTAUTH_SECRET` is missing, left on a known development placeholder, or paired with a non-HTTPS public auth URL
### Anonymization