fix(security): add username validation, constant-time login, default credential rejection, and tooling

2026-02-18 19:11:14 +01:00
parent 1521005b62
commit f41b8fd8c2
8 changed files with 393 additions and 1 deletions
--- a/scripts/agent_validate_backend.sh
+++ b/scripts/agent_validate_backend.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+CONTAINER="aegis-backend"
+
+echo "=========================================="
+echo "  Aegis Backend Validation (in-container)"
+echo "=========================================="
+
+echo ""
+echo "[1/2] Linting with ruff..."
+docker exec "$CONTAINER" sh -c "cd /app && /home/appuser/.local/bin/ruff check app/ tests/ --no-fix"
+echo "  ✓ Lint passed"
+
+echo ""
+echo "[2/2] Running tests with pytest..."
+docker exec "$CONTAINER" sh -c "cd /app && python -m pytest tests/ -v --tb=short -q"
+echo "  ✓ Tests passed"
+
+echo ""
+echo "=========================================="
+echo "  ALL CHECKS PASSED"
+echo "=========================================="