lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity
Files
0fe5a80a956c4b5b8161e50ab5ae586ff73c03f1
archy/loop
History
Dorian 0fe5a80a95 fix: add session auth to SearXNG web search proxy (FINAL-02) 
Security audit findings — zero critical/high issues:
- Fixed: SearXNG API proxy was missing session cookie check
- Verified: RPC endpoints use session auth + CSRF tokens + rate limiting
- Verified: Cookies use HttpOnly + SameSite=Strict + Secure (prod)
- Verified: Secrets encrypted with AES-256-GCM, 0600 permissions
- Verified: Container isolation with capability dropping, readonly root
- Verified: Nginx has security headers (CSP, X-Frame-Options, etc.)
- Verified: CORS validates against allowlist (no wildcard)
- Low findings documented: legacy plaintext secret fallback, v-html for TOTP QR

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 17:43:25 +00:00
..
Old Plans
fix: prevent My Apps crash when installing apps + add filebrowser to demo
2026-03-09 17:09:59 +00:00
pentest
chore: add security pentest reports and remediation plan
2026-03-06 03:08:14 +00:00
loop.sh
chore: add pentest-fix prompt and wire verification into loop.sh
2026-03-06 03:53:36 +00:00
pentest.yaml
chore: add security pentest reports and remediation plan
2026-03-06 03:08:14 +00:00
plan.md
fix: add session auth to SearXNG web search proxy (FINAL-02)
2026-03-11 17:43:25 +00:00
prepare.sh
feat: AIUI chat mode integration with iframe, context broker, overnight loop
2026-03-04 12:06:20 +00:00
prompt-pentest-fix.md
chore: add pentest-fix prompt and wire verification into loop.sh
2026-03-06 03:53:36 +00:00
prompt.md
fix: add 6 missing apps to first-boot and fix penpot icon path
2026-03-09 00:18:28 +00:00
testing.md
fix: zero-amount invoices, identity.verify DID extraction, tor service permissions
2026-03-09 09:53:36 +00:00