来源

g-zenr

g-zenr/relay-api

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

1. Authentication Hardening

Verify API key is required in production (not empty)
Verify timing-safe comparison (see stack concepts) for all secret comparisons
Verify uniform error messages (no auth enumeration)
Add API key length validation (minimum 16 characters recommended)
Verify health endpoint bypasses auth correctly

2. Input Validation Hardening

All path parameters have constraints (min/max validation)
All request bodies use typed schemas (see stack concepts) with strict validation
Verify no raw objects or untyped/any types in request handling
Add request body size limits if not present

3. Error Response Hardening

All error responses use the error response model
No stack traces in any error response
No internal file paths or class names in responses
Verify 500 errors return generic message, not exception details

4. CORS Hardening

Change default CORS from ["*"] to restrictive origins
Document that ["*"] requires explicit opt-in
Add CORS configuration guidance in env example file

5. Rate Limiting Hardening

Verify rate limiting is enabled in production config
Recommend rate limit value in env example file
Verify 429 response includes Retry-After header
Verify rate limiter is per-client IP, not global

6. Logging Hardening

Verify no secrets logged at any level (search for key, secret, token)
Verify audit log captures all state changes
Verify log level defaults to INFO in production (not DEBUG)

7. Docker Hardening

Non-root user in Dockerfile
No secrets baked into image
HEALTHCHECK instruction present
Minimal base image (slim variant)
Read-only filesystem where possible

8. Dependency Hardening

Run dependency audit — zero known vulnerabilities
Pin exact versions in the requirements file for reproducibility
Remove unused dependencies

Output

For each section, report:

HARDENED: Already secure, no changes needed
FIXED: Issue found and remediated (describe what changed)
MANUAL: Requires manual action (describe what to do)

同仓库更多 Skills

同仓库

add-device

g-zenr/relay-api

Add a new implementation of the primary protocol/interface (Alex Rivera's workflow)

2026-02-130

add-endpoint

g-zenr/relay-api

Add a new API endpoint following all project standards

2026-02-130

add-feature

g-zenr/relay-api

Plan and implement a complete feature end-to-end across all layers

2026-02-130

audit

g-zenr/relay-api

Full codebase audit — dead code, layer violations, concurrency, observability, code quality

2026-02-130

ci-cd

g-zenr/relay-api

Set up or update GitHub Actions CI/CD pipeline (Marcus Chen's workflow)

2026-02-130

cleanup

g-zenr/relay-api

Remove dead code, unused imports, stale files, and fix code quality issues found by /audit

2026-02-130

name	harden
description	Apply production security hardening to the codebase (Janet Moore's workflow)
disable-model-invocation	true

name	harden
description	Apply production security hardening to the codebase (Janet Moore's workflow)
disable-model-invocation	true

harden

1. Authentication Hardening

2. Input Validation Hardening

3. Error Response Hardening

4. CORS Hardening

5. Rate Limiting Hardening

6. Logging Hardening

7. Docker Hardening

8. Dependency Hardening

Output

同仓库更多 Skills

1. Authentication Hardening

2. Input Validation Hardening

3. Error Response Hardening

4. CORS Hardening

5. Rate Limiting Hardening

6. Logging Hardening

7. Docker Hardening

8. Dependency Hardening

Output

同仓库更多 Skills