Skip to content

Security: audit python/logosdb/* integration adapters (passthrough, paths, secrets) #111

Description

@jose-compu

Summary

Per-adapter security audit of every module under python/logosdb/ that wraps LogosDB or forwards user/network content. MCP and CLI centralize validation in mcp/src/security.ts; Python integrations often call _core directly and may bypass those guards.

Part of #108. Follow-up from #74.

Modules in scope

Module Integration Audit focus
langchain.py LangChain VectorStore User text/metadata passthrough; collection name → namespace
llamaindex.py LlamaIndex Same
haystack.py Haystack Same
openai.py OpenAI embeddings + store API keys in env; request timeouts; text to embed
anthropic.py Claude embeddings Same
cohere.py Cohere Same
mistral.py Mistral Same
huggingface.py HF embeddings Model id trust; local vs remote
mem0.py Mem0 memory layer External memory IDs; text injection
cognee.py Cognee RAG Graph + vector paths
crewai.py CrewAI knowledge Document paths
camel.py CAMEL-AI Memory keys
superlinked.py Superlinked Compute + storage boundary
vibe.py / _vibe_cli.py Mistral Vibe CLI Shell boundaries, config paths
sizing.py Sizing calculator Read-only; confirm no path writes
__init__.py / __main__.py Package entry Re-exports only

(Adjust table if modules are added/removed before audit.)

Checklist (apply to each module)

  • No shell invocation with user-controlled strings (os.system, subprocess without list args).
  • Namespace / collection names restricted to safe charset (align with MCP: [a-zA-Z0-9_\-\.]+) or documented exception.
  • Paths for file ingest resolved and confined if the adapter reads disk.
  • Secrets only from env; never logged in exceptions or debug prints.
  • Network: timeouts on HTTP clients; no SSRF via user-supplied base URLs unless documented.
  • Text limits: document max payload or delegate to core (future shared logosdb.validate_text() if added by Unicode policy issue).

Deliverables

  • Audit matrix (module × checklist) in PR description or docs/security-integrations.md (short).
  • Fixes for any High/Medium findings.
  • Pytest additions where cheap: e.g. invalid namespace raises, oversize text rejected.
  • Cross-link from SECURITY.md “Python integrations” subsection.

Acceptance criteria

  • Every file in the table reviewed; “N/A” justified for read-only helpers.
  • No open High findings without documented risk acceptance for 1.0.0.
  • At least one automated test per adapter that performs writes (or shared parametrized test over adapters).

Out of scope

  • Node.js nodejs/ package (track under #108 core audit section).
  • Third-party framework CVEs (LangChain, etc.) — dependency pinning only.

Related

  • #108
  • #74
  • Unicode policy issue (create separately) — shared text normalization for adapters

Metadata

Metadata

Assignees

No one assigned

    Labels

    reliabilityCrash recovery, durability, consistencytestingTests / test infrastructure

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions