feat: add runtime hardening

[Koopa0]

• Add http.MaxBytesReader (1MB) and content length cap (32KB) to API chat handlers
• Add ErrPathDenied sentinel and deniedPrefixes to security.Path for blocking prompt directory access
• Add MaxKnowledgeContentSize (50KB) validation to knowledge_store tool
• Update NewPath signature across all callers to support denied prefixes
• Add unit tests for all new validation paths

[codereviewbot-ai]

Security/Robustness:
The test TestChatSend_BodyTooLarge verifies the status code and error code, but does not assert that the response body is free from sensitive or unexpected information. To strengthen the test, add assertions to ensure the response body does not contain any partial or leaked data.

Recommended solution:

if strings.Contains(w.Body.String(), "hello") {
    t.Error("send(>1MB body) response should not contain partial content")
}

[codereviewbot-ai]

Middleware Order: CORS and Logging

The CORS middleware is applied before the logging middleware. This means that CORS preflight requests (OPTIONS) may not be logged, potentially omitting important request traces for debugging or auditing. Consider placing the logging middleware as the outermost layer (before CORS) to ensure all requests, including preflight, are logged:

handler = loggingMiddleware(logger)(handler)
handler = corsMiddleware(cfg.CORSOrigins)(handler)

This change will improve observability without affecting CORS behavior.

[codereviewbot-ai]

Potential ambiguity in signature length handling:

The comparison subtle.ConstantTimeCompare(actualSig, expectedSig) will return 0 if the lengths differ, but this is implicit. For clarity and maintainability, consider explicitly checking that len(actualSig) == len(expectedSig) before performing the comparison. This makes the logic clearer and avoids confusion for future maintainers.

Recommended solution:

if len(actualSig) != len(expectedSig) || subtle.ConstantTimeCompare(actualSig, expectedSig) != 1 {
    return ErrCSRFInvalid
}

[codereviewbot-ai]

Potential ambiguity in signature length handling:

As in the user-bound CSRF check, subtle.ConstantTimeCompare(actualSig, expectedSig) will return 0 if the lengths differ, but this is implicit. For clarity and maintainability, explicitly check len(actualSig) == len(expectedSig) before comparison.

Recommended solution:

if len(actualSig) != len(expectedSig) || subtle.ConstantTimeCompare(actualSig, expectedSig) != 1 {
    return ErrCSRFInvalid
}

[codereviewbot-ai]

Error Handling and Test Robustness:
The error handling for security.NewPath is abrupt and does not provide actionable context if the path validator fails. If the failure is due to environmental issues (e.g., os.TempDir() is not writable or accessible), the test will simply fail without guidance. Consider enhancing the error message to include the value of os.TempDir() and possible remediation steps, such as checking directory permissions or environment configuration.

Recommended Solution:

if err != nil {
    t.Fatalf("creating path validator for temp dir '%s': %v. Ensure the directory is writable and accessible.", os.TempDir(), err)
}

[codereviewbot-ai]

Potential directory containment flaw in isPathInAllowedDirs

The use of strings.HasPrefix to check if a path is within an allowed directory can be unsafe if directory names are prefixes of others (e.g., /tmp/foo and /tmp/foobar). This could allow unintended access:

if strings.HasPrefix(absPathWithSep, dirNorm) || absPath == dir {
    return true
}

Recommendation: Use filepath.Rel(dir, absPath) and check that the result does not start with .. or is not equal to ... This provides a more robust containment check and prevents directory traversal attacks.

[codereviewbot-ai]

Denied prefix check missing after symlink resolution

After resolving symlinks with filepath.EvalSymlinks, the code checks if the resolved path is within allowed directories, but does not re-check denied prefixes. This could allow a symlink to bypass denied prefix restrictions:

if realPath != absPath {
    if !v.isPathInAllowedDirs(realPath) {
        // ...
        return "", fmt.Errorf("%w: access denied", ErrSymlinkOutsideAllowed)
    }
    absPath = realPath
}

Recommendation: After symlink resolution, also check isPathDenied(realPath) and return an error if the resolved path matches a denied prefix.

[codereviewbot-ai]

Potential Security and Logic Issue: Error from security.NewPath is Ignored

The example uses a blank identifier for the error returned by security.NewPath:

pathVal, _ := security.NewPath([]string{"/allowed/path"}, nil)

If security.NewPath fails (e.g., due to invalid input), this error will be silently ignored, potentially resulting in a nil or insecure path validator. This could compromise the security guarantees of the file tools.

Recommended Solution:
Always check and handle the error returned by security.NewPath:

pathVal, err := security.NewPath([]string{"/allowed/path"}, nil)
if err != nil {
    return err
}

This ensures that the path validator is correctly initialized and that any initialization errors are surfaced early.

[codereviewbot-ai]

Insufficient validation of constructed object:
The test only checks that ft is non-nil and that no error occurred, but does not verify the properties or state of the constructed File object. This could allow subtle initialization bugs to go undetected.

Recommendation:
Add assertions to verify the expected properties and state of the File object after construction, for example:

if ft.PathValidator != pathVal {
    t.Errorf("PathValidator not set correctly")
}

[codereviewbot-ai]

Skipping the test when the validator cannot be created (t.Skip("could not create validator")) may mask persistent setup or configuration issues, resulting in incomplete test coverage. Instead, consider failing the test with a clear error message to ensure that validator initialization problems are detected early:

t.Fatalf("could not create validator: %v", err)

This approach provides immediate feedback and aids in debugging.