kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): add username validation, constant-time login, default credential rejection, and tooling

Browse Source
This commit is contained in:
Kitos
2026-02-18 19:11:14 +01:00
parent 1521005b62
commit f41b8fd8c2
8 changed files with 393 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tasks/lessons.md Normal file
View File

@@ -0,0 +1,21 @@
# Aegis — Lessons Learned
## Architecture
- Domain entities must have ZERO framework imports. If you need SQLAlchemy or FastAPI in an entity, the design is wrong.
- Services should never call `db.commit()`. Use UnitOfWork at the router/use-case level.
- Domain exceptions propagate up and the error_handler middleware maps them to HTTP responses automatically.
- The `from_orm()` / `apply_to()` pattern bridges ORM models and domain entities cleanly.
## Testing
- Use the `db` fixture for repository/integration tests, `client` fixture for API tests.
- SQLite conftest patches PostgreSQL types (UUID, JSONB) — always verify on real PG in CI.
- Pure domain tests need no fixtures at all — just construct entities directly.
## Patterns to Avoid
- Never raise `HTTPException` from services — raise domain exceptions instead.
- Never put business logic in routers — delegate to entities or services.
- Never create DB sessions manually (`SessionLocal()`) outside of background jobs.
- Never swallow exceptions with bare `except: pass` — at minimum log a warning.

26
tasks/todo.md Normal file
View File

@@ -0,0 +1,26 @@
# Aegis — Task Tracker
## In Progress
- [ ] Clean Architecture foundation: domain enums, value objects, entities, repository ports + implementations
## Completed
- [x] Domain exceptions hierarchy (domain/errors.py)
- [x] TestEntity with state machine (domain/test_entity.py)
- [x] Unit of Work (domain/unit_of_work.py)
- [x] Error handler middleware (middleware/error_handler.py)
- [x] Redis-backed token blacklist (auth.py)
- [x] CI pipeline (.github/workflows/ci.yml)
- [x] Heatmap service extracted (services/heatmap_service.py)
- [x] Scoring bulk queries (bulk_technique_scores)
- [x] Architecture skill file (.cursor/rules/aegis-architecture.md)
- [x] Agent validation script (scripts/agent_validate_backend.sh)
## Backlog
- [ ] Application layer use cases
- [ ] Migrate fat routers to use repositories
- [ ] Scoring config persistence (DB instead of mutable settings)
- [ ] Structured JSON logging
- [ ] Frontend type generation from OpenAPI