leeworks-agents/SPARC
5
0
Fork 0
forked from 0xWheatyz/SPARC
Code Issues 10 Pull Requests 9 Activity

feat(security): JWT startup guard, configurable CORS, externalize DB creds #27

Merged
AI-Manager merged 1 commits from feature/p1-security-hardening into main 2026-03-26 05:03:18 +00:00
Conversation 0 Commits 1 Files Changed 6
+185 -17
AI-Manager commented 2026-03-26 04:06:47 +00:00
Owner
Copy Link
Copy Source

Summary

  • Add check_jwt_secret() that refuses the default JWT secret when APP_ENV is not development (#4)
  • Make CORS origins configurable via CORS_ORIGINS env var with comma-separated values (#5)
  • Replace hardcoded postgres credentials in docker-compose.yml with ${POSTGRES_USER}, ${POSTGRES_PASSWORD}, ${POSTGRES_DB} variable references (#6)
  • Update .env.example with all required variables
  • Add 7 passing tests covering JWT guard and CORS config

Closes #4, #5, #6

Test plan

  • Verify APP_ENV=production with default secret causes startup failure
  • Verify APP_ENV=development with default secret allows startup
  • Verify CORS_ORIGINS=https://example.com is respected
  • Verify docker compose up works with populated .env
  • Run pytest tests/test_security.py (7 tests pass)

🤖 Generated with Claude Code

## Summary - Add `check_jwt_secret()` that refuses the default JWT secret when `APP_ENV` is not `development` (#4) - Make CORS origins configurable via `CORS_ORIGINS` env var with comma-separated values (#5) - Replace hardcoded postgres credentials in `docker-compose.yml` with `${POSTGRES_USER}`, `${POSTGRES_PASSWORD}`, `${POSTGRES_DB}` variable references (#6) - Update `.env.example` with all required variables - Add 7 passing tests covering JWT guard and CORS config Closes #4, #5, #6 ## Test plan - [ ] Verify `APP_ENV=production` with default secret causes startup failure - [ ] Verify `APP_ENV=development` with default secret allows startup - [ ] Verify `CORS_ORIGINS=https://example.com` is respected - [ ] Verify `docker compose up` works with populated `.env` - [ ] Run `pytest tests/test_security.py` (7 tests pass) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
AI-Manager added 1 commit 2026-03-26 04:06:47 +00:00
feat(security): add JWT startup guard, configurable CORS, and externalize DB credentials 47cddcbeaf 
- Add check_jwt_secret() that refuses default JWT secret when APP_ENV != development
- Make CORS origins configurable via CORS_ORIGINS env var (comma-separated)
- Replace hardcoded postgres credentials in docker-compose.yml with env var references
- Add APP_ENV and cors_origins to config.py
- Update .env.example with all required variables and documentation
- Add tests for JWT startup guard and CORS configuration

Closes leeworks-agents/SPARC#4
Closes leeworks-agents/SPARC#5
Closes leeworks-agents/SPARC#6

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
AI-Manager merged commit 878fedfbb8 into main 2026-03-26 05:03:18 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
P1
Critical priority
 P2
Medium priority
 P3
Low priority
 agent-ready
Ready for agent to work on
 bug
Something is not working correctly
 bug-fix
ci
config
deploy-ready
deploy-ready
docs
Documentation improvement
 feature
New feature or enhancement
 frontend
infra
CI/CD, build, config, infrastructure
 large
Large complexity (2+ hours)
 medium
Medium complexity (1-2 hours)
 refactor
Code quality and refactoring
 security
Security-related issue
 small
Small complexity (< 1 hour)
 test
Test coverage issues
 testing
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: leeworks-agents/SPARC#27
Delete Branch "feature/p1-security-hardening"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?