systemprompt-core

The project emphasizes robust security practices, including strict linting to forbid unsafe code, direct unwrap/panic usage, and `TODO` comments. Secrets (like `JWT_SECRET` and AI API keys) are explicitly managed via environment variables or separate configuration files, never hardcoded in profiles. SQL queries utilize `sqlx` macros for compile-time validation, effectively preventing SQL injection vulnerabilities. Cloud deployment incorporates a secure two-phase provisioning with a shared Docker registry, tenant-scoped image tags, and strict image validation to prevent injection attacks. However, a critical bug exists in the CLI setup process (`crates/entry/cli/src/cloud/tenant_ops/create.rs`) where the external database URL's password is inadvertently replaced with a masked value (`********`) from the API response when enabling external access. This results in a non-functional connection string being stored locally for the user, hindering direct external database access. This is a setup/configuration bug rather than a runtime exploit, but it is a significant usability and management friction point. No `eval` or similar arbitrary code execution patterns were found in the Rust or TypeScript application logic.