Commit Graph

5 Commits

Author SHA1 Message Date
Gan, Jimmy 8c30fb7a3a chore: remove hardcoded secrets from configuration template
Replace real secrets in tmp_remote/configuration.yml with __ROTATE_*__
placeholders. All leaked values have already been rotated.

Also add .claude/, .codex/, and security_artifacts/ to .gitignore.
2026-02-28 22:22:23 +08:00
Gan, Jimmy 394a1aa367 security: harden dashboard (SSH keys, auth, uploads, CORS, non-root)
Remove SSH private keys from git, add SECRET_KEY validation, move WS
auth from query string to first message, add session limits/idle timeout,
PBKDF2 Fernet key, refresh token rotation, TOTP replay protection,
file upload size limit + filename sanitization, symlink safety check,
restrict CORS methods, IP-gate OpenClaw token, run container as non-root,
rate-limit refresh/passkey endpoints, sanitize Gitea path params.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-26 17:22:25 +08:00
Gan, Jimmy a10cb50ca0 Add __pycache__ to gitignore and remove duplicates 2026-02-22 10:05:37 +08:00
Gan, Jimmy dd3e8e0d2c security: remove hardcoded secrets, add health endpoint, add security headers 2026-02-20 22:04:01 +08:00
Gan, Jimmy 70aa421d7f Add NAS dashboard MVP: Docker mgmt, Gitea, Files, Terminal 2026-02-19 01:59:50 +08:00