Files
OmniRoute/.github
diegosouzapw 1cbbc33f20 feat(security): FASE-01 to FASE-06 security hardening
FASE-01 — Security Hardening:
- Remove hardcoded JWT_SECRET and API_KEY_SECRET fallbacks (fail-fast)
- Create secretsValidator.js with enforceSecrets() at startup
- Create inputSanitizer.js (prompt injection + PII detection)
- Integrate sanitizer in chat.js handler pipeline
- Add structured logging to silent catch blocks in proxy.js
- Remove .passthrough() from Zod updateSettingsSchema
- Remove insecure npm fs dependency
- Update .env.example with generation commands

FASE-02 — CI/CD & Tests:
- Create ci.yml workflow (lint, build, test, coverage, e2e)
- Fix test scripts (test now runs actual tests)
- Add test:unit, test:security, test:coverage (c8), test:all
- Add security rules to ESLint (no-eval, no-implied-eval, no-new-func)

FASE-03 — Architecture:
- Create settingsCache.js (eliminate self-fetch anti-pattern)
- Create domain/types.js and domain/responses.js

FASE-04 — Observability:
- Create correlationId.js (AsyncLocalStorage tracing)
- Create circuitBreaker.js (full state machine + registry)
- Create requestTimeout.js (per-provider timeouts)

FASE-05 — Code Quality:
- Create structuredLogger.js (JSON/human-readable logging)

FASE-06 — Documentation:
- Update SECURITY.md with hardening practices
- Create CONTRIBUTING.md with dev setup and PR checklist

Tests: 52/52 pass (23 security + 15 observability + 14 integration)
2026-02-14 18:21:47 -03:00
..