Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions .s2s/BACKLOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Vektra Backlog

**Updated**: 2026-04-09
**Updated**: 2026-07-12
**Format**: Single markdown file for tracking work items

---
Expand Down Expand Up @@ -832,9 +832,11 @@ Three near-duplicates is the threshold where extraction starts to pay off (a fou

### DEBT-024: Security hardening — Dependabot + code scanning sweep (post v0.5.0)

**Status**: in_progress | **Priority**: high | **Created**: 2026-05-06 | **Updated**: 2026-07-11
**Status**: completed | **Priority**: high | **Created**: 2026-05-06 | **Updated**: 2026-07-11 | **Completed**: 2026-07-12 (v0.5.1) | **PR**: #80
**Origin**: post-release security review (`gh api repos/.../dependabot/alerts`, `repos/.../code-scanning/alerts`) on 2026-05-06; re-swept 2026-07-11

**Resolution**: PR #80 (merged to develop 2026-07-11, released with v0.5.1): uv.lock re-lock closing 61 of 62 Dependabot alerts (torch low has no patched release, stays open by design), minimal `permissions:` blocks on all workflows (12 code-scanning alerts), `py/cookie-injection` closed by a token-format guard on `POST /admin/login`. Fallout handled in the same PR: starlette 1.x broke starlette-prometheus (unmaintained), replaced with prometheus-fastapi-instrumentator (ARCH-014 updated). Dependabot PRs: #78, #79, #39, #77 merged; #76 closed as superseded. Alert closure happens on the default branch, verified after the v0.5.1 release merge.

**Context**: v0.5.0 closed the critical/high litellm CVEs and the lxml/pillow/pypdf transitive bumps that were active at release time. The original sweep (2026-05-06) found 14 open Dependabot alerts. Two months of inactivity later (2026-07-11) the set has grown to **62 open Dependabot alerts** (1 critical, 15 high, 29 medium, 17 low — all transitive in `uv.lock`) and 13 code-scanning warnings. Priority raised medium → high: the critical litellm alert is an authentication bypass.

**Open Dependabot alerts** (state=open, 2026-07-11, all in `uv.lock`, grouped by package):
Expand Down Expand Up @@ -889,6 +891,22 @@ Three near-duplicates is the threshold where extraction starts to pay off (a fou

---

### DEBT-025: Isolate unit tests from the developer's local .env

**Status**: planned | **Priority**: low | **Created**: 2026-07-12
**Origin**: discovered during the DEBT-024 sweep (PR #80): `make test` fails locally with 4 errors while CI is green.

**Context**: 4 tests in `vektra-shared/tests/test_config.py` (`TestLLMConfig::test_defaults`, `TestQueryPipelineConfig::test_eval_mode_default_false`, `test_debug_log_queries_default_false`, `TestVektraSettings::test_defaults_with_required_only`) assert configuration defaults, but when the full suite runs from the workspace root the developer's `.env` leaks into `os.environ` (something imported during collection loads dotenv, e.g. litellm), so machine-specific values (eval_mode=true, custom port, LLM keys) override the defaults and the assertions fail. CI never sees this because runners have no `.env`. Current workaround: temporarily move `.env` away before `make test`.

**Proposed approach**: a `vektra-shared/tests` (or workspace-level) autouse fixture that snapshots and scrubs `VEKTRA_*` variables from `os.environ` for the default-assertion tests, or `monkeypatch.delenv` on the specific vars. Alternatively point pydantic-settings at a nonexistent env file in tests via `_env_file=None`.

**Acceptance criteria**:
- [ ] `make test` passes on a dev machine with a populated `.env`
- [ ] Default-assertion tests are hermetic (no dependency on ambient `VEKTRA_*` vars)
- [ ] No change to production settings loading behavior

---

### INFRA-005: Docker log persistence across container restarts

**Status**: planned | **Priority**: medium | **Created**: 2026-03-23
Expand Down
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,16 @@ Convention (Keep a Changelog 1.1.0):

<!-- Add entries under: Added, Changed, Deprecated, Removed, Fixed, Security -->

## [0.5.1] - 2026-07-12

Security hardening: DEBT-024 dependency sweep, workflow permissions, admin login hardening.

### Security

- **deps**: re-lock of all transitive dependencies flagged by Dependabot (DEBT-024, 61 of 62 open alerts). Highlights: litellm 1.83.10 → 1.91.2 (critical: authentication bypass via Host header injection), pyjwt 2.11 → 2.13 (public-key JWK accepted as HMAC secret), starlette 0.52 → 1.3.1 with fastapi 0.129 → 0.139 (StaticFiles SSRF/NTLM credential theft), transformers 5.2 → 5.3 (RCE), plus urllib3, cryptography, Mako, python-multipart, soupsieve, aiohttp (×21 advisories), pypdf (×9), idna, onnx, pydantic-settings, python-dotenv, Pygments. The remaining open alert (torch, low) has no patched release yet.
- **ci**: minimal `permissions:` blocks added to all GitHub workflows (`contents: read`), closing the 12 `actions/missing-workflow-permissions` code-scanning alerts.
- **admin**: login hardening: `POST /admin/login` validates the token against the urlsafe-base64 charset before key-store lookup (closes the `py/cookie-injection` code-scanning alert) and strips accidental surrounding whitespace from pasted tokens.
- **deps-dev**: esbuild 0.25 → 0.28 in the widget build toolchain (Dependabot security update); development-dependencies group refresh; GitHub Actions bumps (checkout v7, dorny/paths-filter v4).

### Changed

Expand Down
Loading
Loading