[Security] Harden the AI/LLM client — block cleartext egress, enforce TLS verification, add timeouts #145
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Part of #144. Decision legend: M must-do, C could-do, W won't-do (this cycle); investigate = verify the problem is real / scope it before implementing.
Subtasks & findings
T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts
Owner: Dev1 (AI) · Decision: M · Effort: ~0.5–1d · Investigate: investigate EXT-01 reachability first
Shared curl setopt sites; merges CIS-08.
cmd_funcs.c:7019; ai_client.c:388,811-815,1596-1601ai_client.c:815,1601Checklist
T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts
Notes