# Sentinel's Journal

## 2026-02-07 - Telegram Bot Authorization Bypass
**Vulnerability:** The Telegram Deployment Bot (`scripts/telegram_deploy_bot.py`) contained a "Fail Open" vulnerability where omitting the `TELEGRAM_ALLOWED_USER_IDS` environment variable resulted in granting access to *all* Telegram users instead of *none*.
**Learning:** Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
**Prevention:** Ensure all authorization checks explicitly return `False` or throw an exception if the access control list is empty or undefined. Never default to `True` in security-critical paths.

## 2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.

## 2026-02-18 - [Telegram Bot Async & Output Safety]
**Vulnerability:** Blocking I/O in async function (`subprocess.run` inside `async def status`) caused DoS by freezing the event loop. Also, unescaped command output injected into Telegram HTML messages (`parse_mode='HTML'`) caused API errors and potential HTML injection.
**Learning:** `subprocess.run` is synchronous and blocks async applications. `parse_mode='HTML'` in Telegram requires escaping of special characters.
**Prevention:** Use `asyncio.create_subprocess_exec` for async subprocesses. Use `html.escape()` for dynamic content in HTML messages.

## 2026-02-28 - Hardcoded GitLab Runner Token
**Vulnerability:** A hardcoded GitLab Runner token was present in `scripts/setup_gitlab_runner.sh` and documented in `docs/GITLAB_INTEGRATION.md` and `config/vault.json.example`. This exposed a sensitive credential to anyone with read access to the repository, creating a severe security risk.
**Learning:** Hardcoding credentials in version control provides a vector for unauthorized access and lateral movement. Tokens and secrets must never be placed directly into codebase scripts or documentation.
**Prevention:** Always rely on environment variables, secure vault storage (e.g., GitHub Actions Secrets, password managers), or command-line arguments to handle credentials. Scripts should fail securely with instructions if required secrets are absent.