1cbbc33f20
FASE-01 — Security Hardening: - Remove hardcoded JWT_SECRET and API_KEY_SECRET fallbacks (fail-fast) - Create secretsValidator.js with enforceSecrets() at startup - Create inputSanitizer.js (prompt injection + PII detection) - Integrate sanitizer in chat.js handler pipeline - Add structured logging to silent catch blocks in proxy.js - Remove .passthrough() from Zod updateSettingsSchema - Remove insecure npm fs dependency - Update .env.example with generation commands FASE-02 — CI/CD & Tests: - Create ci.yml workflow (lint, build, test, coverage, e2e) - Fix test scripts (test now runs actual tests) - Add test:unit, test:security, test:coverage (c8), test:all - Add security rules to ESLint (no-eval, no-implied-eval, no-new-func) FASE-03 — Architecture: - Create settingsCache.js (eliminate self-fetch anti-pattern) - Create domain/types.js and domain/responses.js FASE-04 — Observability: - Create correlationId.js (AsyncLocalStorage tracing) - Create circuitBreaker.js (full state machine + registry) - Create requestTimeout.js (per-provider timeouts) FASE-05 — Code Quality: - Create structuredLogger.js (JSON/human-readable logging) FASE-06 — Documentation: - Update SECURITY.md with hardening practices - Create CONTRIBUTING.md with dev setup and PR checklist Tests: 52/52 pass (23 security + 15 observability + 14 integration)