Merge pull request #51 from CodeMonkeyCybersecurity/claude/fix-missing-zap-otelzap-011CUzJZAToeAqXJJPg3iB24

CodeMonkeyCybersecurity · web-flow · commit d75db5fe04f6 · 2025-11-13T22:24:44.000+08:00
style(moni): apply gofmt formatting
diff --git a/pkg/moni/constants.go b/pkg/moni/constants.go
@@ -4,11 +4,11 @@ import "time"
 
 // Container names
 const (
-	PostgresContainer     = "bionicgpt-postgres"
-	LiteLLMContainer      = "bionicgpt-litellm"
-	LiteLLMDBContainer    = "bionicgpt-litellm-db"
-	LangfuseDBContainer   = "bionicgpt-langfuse-db"
-	AppContainer          = "bionicgpt-app"
+	PostgresContainer   = "bionicgpt-postgres"
+	LiteLLMContainer    = "bionicgpt-litellm"
+	LiteLLMDBContainer  = "bionicgpt-litellm-db"
+	LangfuseDBContainer = "bionicgpt-langfuse-db"
+	AppContainer        = "bionicgpt-app"
 )
 
 // Service URLs
@@ -50,12 +50,12 @@ const (
 
 // SSL Certificate ownership (Alpine PostgreSQL containers)
 const (
-	CertOwnerUID  = 0   // root
-	CertOwnerGID  = 70  // postgres group in Alpine
-	CertKeyPerms  = 0640
-	CertCrtPerms  = 0644
-	StandardUID   = 999 // Standard PostgreSQL UID
-	TempKeyPerms  = 0600
+	CertOwnerUID = 0  // root
+	CertOwnerGID = 70 // postgres group in Alpine
+	CertKeyPerms = 0640
+	CertCrtPerms = 0644
+	StandardUID  = 999 // Standard PostgreSQL UID
+	TempKeyPerms = 0600
 )
 
 // Certificate strategies
@@ -70,14 +70,14 @@ const (
 // max completion tokens. This prevents API errors when BionicGPT reads this
 // value and sends it as max_tokens in requests.
 const (
-	ModelContextSize       = 16384
-	EmbeddingsContextSize  = 8192
-	ModelTPMLimit          = 50000
-	ModelRPMLimit          = 1000
-	ModelFallbackTPMLimit  = 30000
-	ModelFallbackRPMLimit  = 500
-	EmbeddingsTPMLimit     = 10000
-	EmbeddingsRPMLimit     = 10000
+	ModelContextSize      = 16384
+	EmbeddingsContextSize = 8192
+	ModelTPMLimit         = 50000
+	ModelRPMLimit         = 1000
+	ModelFallbackTPMLimit = 30000
+	ModelFallbackRPMLimit = 500
+	EmbeddingsTPMLimit    = 10000
+	EmbeddingsRPMLimit    = 10000
 )
 
 // RLS table counts
diff --git a/pkg/moni/database.go b/pkg/moni/database.go
@@ -377,8 +377,8 @@ WHERE schemaname = 'public' AND rowsecurity = true;
 			"  • bionic_application user does not exist\n"+
 			"Fix: Ensure PostgreSQL is running and bionic_application user exists", err)
 	} else if isSuperuser == "t" || isSuperuser == "true" {
-		return fmt.Errorf("CRITICAL SECURITY FAILURE: bionic_application is a superuser and will BYPASS all RLS policies\n"+
-			"RLS is completely ineffective when the user is a superuser.\n"+
+		return fmt.Errorf("CRITICAL SECURITY FAILURE: bionic_application is a superuser and will BYPASS all RLS policies\n" +
+			"RLS is completely ineffective when the user is a superuser.\n" +
 			"Fix: Revoke superuser: ALTER USER bionic_application NOSUPERUSER;")
 	} else {
 		logger.Info("Verified: bionic_application is NOT a superuser (RLS will work correctly)")
diff --git a/pkg/moni/types.go b/pkg/moni/types.go
@@ -11,11 +11,11 @@ type WorkerConfig struct {
 	SkipVerification bool
 
 	// Validation only
-	ValidateCertsOnly bool
-	FixCertsOnly      bool
-	VerifyDBOnly      bool
-	VerifyRLSOnly     bool
-	VerifyCSPOnly     bool
+	ValidateCertsOnly  bool
+	FixCertsOnly       bool
+	VerifyDBOnly       bool
+	VerifyRLSOnly      bool
+	VerifyCSPOnly      bool
 	VerifySecurityOnly bool
 
 	// Cleanup
@@ -61,13 +61,13 @@ type HealthCheckResult struct {
 
 // RLSVerificationResult contains RLS verification results
 type RLSVerificationResult struct {
-	RLSEnabled               bool
-	TablesWithRLS            []string
-	TablesWithoutRLS         []string
-	PoliciesFound            []RLSPolicy
-	CriticalTablesProtected  bool
-	Warnings                 []string
-	Errors                   []string
+	RLSEnabled              bool
+	TablesWithRLS           []string
+	TablesWithoutRLS        []string
+	PoliciesFound           []RLSPolicy
+	CriticalTablesProtected bool
+	Warnings                []string
+	Errors                  []string
 }
 
 // RLSPolicy represents a Row Level Security policy
@@ -91,12 +91,12 @@ type CSPVerificationResult struct {
 
 // DBVerificationResult contains database verification results
 type DBVerificationResult struct {
-	ModelCount  int
-	MoniExists  bool
-	Models      []DBModel
-	Prompts     []DBPrompt
-	Errors      []string
-	Warnings    []string
+	ModelCount int
+	MoniExists bool
+	Models     []DBModel
+	Prompts    []DBPrompt
+	Errors     []string
+	Warnings   []string
 }
 
 // DBModel represents a database model record
@@ -129,13 +129,13 @@ type EnvCheckResult struct {
 
 // SetupResult contains the overall setup result
 type SetupResult struct {
-	Success           bool
-	Phases            []SetupPhase
-	HealthCheck       *HealthCheckResult
-	RLSVerification   *RLSVerificationResult
-	CSPVerification   *CSPVerificationResult
-	DBVerification    *DBVerificationResult
-	StartTime         time.Time
-	EndTime           time.Time
-	CriticalIssues    []string
+	Success         bool
+	Phases          []SetupPhase
+	HealthCheck     *HealthCheckResult
+	RLSVerification *RLSVerificationResult
+	CSPVerification *CSPVerificationResult
+	DBVerification  *DBVerificationResult
+	StartTime       time.Time
+	EndTime         time.Time
+	CriticalIssues  []string
 }
diff --git a/pkg/moni/verification.go b/pkg/moni/verification.go
@@ -382,22 +382,22 @@ func VerifyContentSecurityPolicy(rc *eos_io.RuntimeContext) (*CSPVerificationRes
 
 	// Expected secure CSP directives
 	recommendedDirectives := map[string]string{
-		"default-src":    "'self'",
-		"script-src":     "'self'",
-		"style-src":      "'self' 'unsafe-inline'",
-		"img-src":        "'self' data:",
-		"font-src":       "'self'",
-		"connect-src":    "'self'",
+		"default-src":     "'self'",
+		"script-src":      "'self'",
+		"style-src":       "'self' 'unsafe-inline'",
+		"img-src":         "'self' data:",
+		"font-src":        "'self'",
+		"connect-src":     "'self'",
 		"frame-ancestors": "'none'",
-		"base-uri":       "'self'",
-		"form-action":    "'self'",
+		"base-uri":        "'self'",
+		"form-action":     "'self'",
 	}
 
 	// Dangerous patterns
 	dangerousPatterns := map[string]string{
-		"'unsafe-eval'":                           "Allows eval() - major XSS risk",
-		"* 'unsafe-inline' 'unsafe-eval'":         "Extremely permissive - defeats CSP purpose",
-		"*":                                       "Wildcard allows any source - too permissive",
+		"'unsafe-eval'":                   "Allows eval() - major XSS risk",
+		"* 'unsafe-inline' 'unsafe-eval'": "Extremely permissive - defeats CSP purpose",
+		"*":                               "Wildcard allows any source - too permissive",
 	}
 
 	// Step 1: Check if app is responding
diff --git a/pkg/moni/worker.go b/pkg/moni/worker.go
@@ -290,11 +290,11 @@ func runPhase(rc *eos_io.RuntimeContext, number int, name string, fn func() erro
 	logger.Info("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")
 
 	phase := SetupPhase{
-		Number:      number,
-		Name:        name,
-		StartTime:   time.Now(),
-		Errors:      []string{},
-		Warnings:    []string{},
+		Number:    number,
+		Name:      name,
+		StartTime: time.Now(),
+		Errors:    []string{},
+		Warnings:  []string{},
 	}
 
 	err := fn()
