Yuriy 65e95a458d feat: мульти-провайдер LLM, тренды дизайна, Snyk/Documatic sync, личная автоматизация

- Мульти-провайдер: PAPAYU_LLM_PROVIDERS — сбор планов от нескольких ИИ (Claude, OpenAI), агрегация
- Тренды дизайна и иконок: вкладка в модалке, поиск по безопасным доменам (Tavily include_domains)
- Snyk Code: PAPAYU_SNYK_SYNC, REST API issues → snyk_findings в agent-sync
- Documatic: architecture_summary из .papa-yu/architecture.md в agent-sync
- Личная автоматизация: capability personal-automation (терминал git/npm/cargo, открытие URL)
- agent_sync расширен: snyk_findings, architecture_summary; analyze_project_cmd и run_batch пишут sync
- Документация: SNYK_AND_DOCUMATIC_SYNC.md, SECURITY_AND_PERSONAL_AUTOMATION.md, обновлён CLAUDE_AND_AGENT_SYNC

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-10 15:05:39 +03:00

770 B

Raw Blame History

ADR-003: Centralized Network Access and SSRF Protection

Context

The application performs external fetch operations based on user or LLM input. Uncontrolled network access introduces SSRF and data exfiltration risks.

Decision

All network access must go through a single module (net) with explicit safety controls.

Controls

Allowlisted schemes (http, https)
Deny private and loopback IP ranges (RFC1918, link-local)
Request size limit (1 MB)
Timeout (15 s)
Reject URL with user:pass@

Consequences

Positive:

Eliminates a large class of security vulnerabilities
Centralized policy enforcement

Negative:

Less flexibility for ad-hoc network calls
Requires discipline when adding new features

770 B Raw Blame History