Skip to content

Harden screening API and deployment defaults#16

Open
jsg-claude wants to merge 2 commits into
mainfrom
security/harden-screening-api
Open

Harden screening API and deployment defaults#16
jsg-claude wants to merge 2 commits into
mainfrom
security/harden-screening-api

Conversation

@jsg-claude

Copy link
Copy Markdown
Collaborator

Summary

  • protect /search, /api/screen, /api/status, and docs endpoints with Basic Auth, rate limiting, and stricter response headers
  • move the search UI from GET to POST, add no-store caching controls, and replace the external Tailwind CDN dependency with inline styles and a CSP
  • remove insecure default Neo4j credentials, enable Elasticsearch auth in compose files, and require explicit secret injection
  • make external LLM fallback opt-in only, run the container as a non-root user, and sanitize status/backend error leakage
  • add regression coverage for auth, no-store headers, threshold bounds, and status sanitization

Testing

  • git diff --check
  • not run: pytest (not installed in this environment)
  • not run: ruff (not installed in this environment)
  • not run: docker compose config / container smoke tests (docker unavailable in this environment)

Notes

  • Basic Auth is enabled by default for sensitive endpoints via BEYOND_AI_AUTH_REQUIRED=true; deployments must set BEYOND_AI_BASIC_AUTH_USER and BEYOND_AI_BASIC_AUTH_PASSWORD.
  • Elasticsearch now requires YENTE_ES_PASSWORD, and Neo4j startup now fails fast if NEO4J_PASSWORD is missing.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 20847831bb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread sanctions/src/main.py
Comment on lines +684 to +685
q: Annotated[str, Form()] = "",
threshold: Annotated[float, Form(ge=0.0, le=1.0)] = 0.7,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Declare python-multipart for form parsing

The new /search POST handler introduces Form() parameters, which makes FastAPI require python-multipart at runtime when the route is registered. This commit did not add that package to runtime dependencies, so an environment installed from the current requirements.txt can fail at application startup with the form-data dependency error. Add python-multipart to dependencies (or avoid Form() inputs) to keep deployments bootable.

Useful? React with 👍 / 👎.

Comment thread sanctions/src/main.py
Comment on lines +226 to +227
limited, retry_after = await _rate_limit_exceeded(request)
if limited:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Rate-limit requests before auth rejection

The middleware performs the Basic Auth check and returns 401 before executing the rate limiter, so repeated invalid-credential requests to protected endpoints are never throttled. In production this undermines the hardening goal by allowing unlimited brute-force attempts and high-rate unauthenticated probing from the same client. Apply rate limiting before the auth early-return (or add a dedicated failed-auth limiter).

Useful? React with 👍 / 👎.

endvater
endvater previously approved these changes Apr 22, 2026

@endvater endvater left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants