Petr 485ac0a742 Security fixes: sanitize dev_docs, harden sudoers and config validation ... H1 - Sanitize dev_docs/ for public release: - Replace all real employee names with generic placeholders (padak->admin1, matejkys->admin2, dasa->admin3, petr->john, etc.) - Replace GCP project ID (kids-ai-data-analysis -> your-gcp-project) - Replace server hostname (data-broker-for-claude -> your-server) - Replace real IP address (34.88.8.46 -> YOUR_SERVER_IP) - Replace internal FQDN with placeholder - Covers: security.md, server.md, disaster-recovery.md, desktop-app.md, session_explore.md, plan-rsync-fix.md, draft/*.md H3 - webapp-setup.sh: validate sudoers syntax BEFORE copying to /etc/sudoers.d - Prevents broken sudo if syntax is invalid - Uses install -m 440 for atomic copy with correct permissions M1 - setup.sh: deploy user created with /usr/sbin/nologin instead of /bin/bash - CI/CD service account does not need interactive shell M2 - config/loader.py: warn on missing env vars, validate webapp_secret_key - _resolve_env_refs now logs warnings for unset ${ENV_VAR} references - _validate_config checks auth.webapp_secret_key is non-empty - Prevents Flask signing sessions with empty secret key All 118 tests pass.		2026-03-09 08:06:45 +01:00
..
services-integration-claude.md	Security fixes: sanitize dev_docs, harden sudoers and config validation	2026-03-09 08:06:45 +01:00
services-integration-codex.md	Initial commit: OSS data distribution platform	2026-03-08 23:31:28 +01:00
services-integration.md	Security fixes: sanitize dev_docs, harden sudoers and config validation	2026-03-09 08:06:45 +01:00