MQL5-Google-Onedrive/.jules/sentinel.md

# Sentinel's Journal

## 2026-02-07 - Telegram Bot Authorization Bypass
**Vulnerability:** The Telegram Deployment Bot (`scripts/telegram_deploy_bot.py`) contained a "Fail Open" vulnerability where omitting the `TELEGRAM_ALLOWED_USER_IDS` environment variable resulted in granting access to *all* Telegram users instead of *none*.
**Learning:** Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
**Prevention:** Ensure all authorization checks explicitly return `False` or throw an exception if the access control list is empty or undefined. Never default to `True` in security-critical paths.

## 2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.

## 2026-02-27 - [Code Quality] Secure Error Logging vs Printing
**Vulnerability:** The Web Dashboard (`scripts/web_dashboard.py`) was leaking raw exception strings to users (`return f"Error: {e}", 500`). While fixing this to return a generic error, the initial fix used `print(e, file=sys.stderr)`.
**Learning:** Using `print` to stderr for exceptions is insufficient for production debugging as it loses the stack trace, making root cause analysis difficult while still hiding details from users.
**Prevention:** Always use `logging.exception("Message")` in `except` blocks. This automatically captures and logs the full stack trace securely to the server logs while allowing the application to return a sanitized, generic error message to the user.
Fix CRITICAL authorization bypass in Telegram Bot - Changed `check_authorized` in `scripts/telegram_deploy_bot.py` to fail closed (deny all) if `TELEGRAM_ALLOWED_USER_IDS` is unset or empty. - Updated `scripts/TELEGRAM_BOT_SETUP.md` and `QUICK_DEPLOY.md` to document that `TELEGRAM_ALLOWED_USER_IDS` is now mandatory for bot access. - Added Sentinel Journal entry in `.jules/sentinel.md` documenting the vulnerability and learning. - Verified fix with reproduction script. 2026-02-07 11:33:43 +00:00			`# Sentinel's Journal`

			`## 2026-02-07 - Telegram Bot Authorization Bypass`
			Vulnerability: The Telegram Deployment Bot (`scripts/telegram_deploy_bot.py`) contained a "Fail Open" vulnerability where omitting the `TELEGRAM_ALLOWED_USER_IDS` environment variable resulted in granting access to all Telegram users instead of none.
			`Learning: Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.`
			Prevention: Ensure all authorization checks explicitly return `False` or throw an exception if the access control list is empty or undefined. Never default to `True` in security-critical paths.
docs: update Cloudflare nameservers and unify domain name - Added daisy.ns.cloudflare.com and rocco.ns.cloudflare.com to Cloudflare guide. - Unified domain name to lengkundee01.org in CNAME and PWA guide. - Verified active domain using dig. - Updated sentinel journal with documentation learnings. 2026-02-13 04:11:32 +00:00
			`## 2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification`
			`- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.`
			`- Unified domain name to lengkundee01.org across CNAME and PWA documentation.`
feat(security): sanitize error responses and add secure logging in web dashboard Replaces raw exception leakage in `scripts/web_dashboard.py` with generic "Internal Server Error" responses to prevent information disclosure. Implements `logging` module to capture full stack traces internally for debugging, ensuring no loss of diagnostic capability for admins. Fixes potential vulnerability where internal paths or logic errors could be exposed to end users. 2026-02-22 23:05:40 +00:00
			`## 2026-02-27 - [Code Quality] Secure Error Logging vs Printing`
			Vulnerability: The Web Dashboard (`scripts/web_dashboard.py`) was leaking raw exception strings to users (`return f"Error: {e}", 500`). While fixing this to return a generic error, the initial fix used `print(e, file=sys.stderr)`.
			Learning: Using `print` to stderr for exceptions is insufficient for production debugging as it loses the stack trace, making root cause analysis difficult while still hiding details from users.
			Prevention: Always use `logging.exception("Message")` in `except` blocks. This automatically captures and logs the full stack trace securely to the server logs while allowing the application to return a sanitized, generic error message to the user.