project-alena

Controlled Subprocess Execution: The `codex_runner.py` uses `subprocess.run` to invoke the `codex` CLI. While it attempts to sandbox with `--sandbox workspace-write` for `--apply` actions, any external CLI invocation carries inherent risks if the CLI itself or the prompt input can be exploited for arbitrary command execution. The project states "No shell execution (safe subprocess calls)" but this relies on the `codex` CLI's own sandboxing. Hardcoded Repository Whitelist: The `modules/core/controller/safety.py` module includes `ALLOWED_REPOS = ["/Users/lionelchong/sandbox"]` which is a hardcoded path. This is a critical security control to prevent agents from accessing arbitrary filesystem locations, but it must be made configurable by the user or dynamically determined to be practical and secure in different deployment environments. As it stands, it severely limits usability and is a significant setup friction. Default Wildcard CORS: The FastAPI backend for the voice assistant (`modules/voice-assistant/backend/app/main.py`) uses `allow_origins=["*"]` for CORS by default. While common for local development, this poses a security risk if the server is exposed to the internet, as it allows any domain to make cross-origin requests. Secrets Management: `modules/mcp/google-calendar/secrets/README.md` explicitly instructs users not to commit `credentials.json` or `token.json` and details secure handling, which is good practice. Environment variables are supported for custom paths.