[Security] Extract Magic Strings and Hardcoded IPs into Configuration Variables #1418

New Issue

Closed

opened 2026-03-24 13:04:33 +00:00 by Timmy · 1 comment

Timmy commented 2026-03-24 13:04:33 +00:00

Owner

Copy Link

Context: http://143.198.27.163:3000 is repeated across dozens of .sh script literals.

Acceptance Criteria:

• Create .env schema for orchestration loops.
• Refactor all shell bindings to load $GITEA_HOST and $API_BASE_URL securely.

**Context:** `http://143.198.27.163:3000` is repeated across dozens of `.sh` script literals. **Acceptance Criteria:** - Create `.env` schema for orchestration loops. - Refactor all shell bindings to load `$GITEA_HOST` and `$API_BASE_URL` securely.

Timmy commented 2026-03-24 14:46:08 +00:00

Author

Owner

Copy Link

Implementation Plan for Configuration Centralization

Priority: HIGH - Security/maintainability (hardcoded IPs scattered across codebase)

Files to Create/Modify:

1. config/environment.conf - Central configuration file
2. scripts/load-config.sh - Configuration loading utilities
3. Update all .sh scripts with hardcoded IPs/URLs
4. src/infrastructure/config/settings.py - Python config loader

Implementation Steps:

1. Create Central Configuration (config/environment.conf):

   # Gitea Configuration
   GITEA_BASE_URL="http://143.198.27.163:3000"
   GITEA_API_URL="${GITEA_BASE_URL}/api/v1"
   
   # CI Configuration  
   CI_TESTBED_IP="67.205.155.108"
   
   # Repository Configuration
   DEFAULT_REPO="rockachopa/Timmy-time-dashboard"
   
   # Add other discovered magic strings
   

2. Create Config Loader (scripts/load-config.sh):

   load_config() {
       if [[ -f "config/environment.conf" ]]; then
           source "config/environment.conf"
       else
           echo "ERROR: Configuration file not found"
           exit 1
       fi
   }
   

3. Audit and Replace Hardcoded Values:

   • Search for all instances of 143.198.27.163:3000
   • Search for all instances of 67.205.155.108
   • Search for other hardcoded URLs, IPs, ports
   • Replace with environment variables

4. Update All Shell Scripts:

   • Add source scripts/load-config.sh at the top
   • Replace hardcoded values with variables
   • Test each script after modification

5. Create Python Config Module (src/infrastructure/config/settings.py):

   class Config:
       GITEA_BASE_URL = os.getenv('GITEA_BASE_URL', 'http://143.198.27.163:3000')
       GITEA_API_URL = os.getenv('GITEA_API_URL', f'{GITEA_BASE_URL}/api/v1')
       # etc.
   

Discovery Phase (run these commands first):

# Find all hardcoded IPs and URLs
grep -r "143.198.27.163" scripts/ src/ --exclude-dir=.git
grep -r "67.205.155.108" scripts/ src/ --exclude-dir=.git  
grep -r "http://.*:[0-9]" scripts/ src/ --exclude-dir=.git

Key Requirements:

• Backward compatibility during transition
• Environment-specific overrides (dev/staging/prod)
• Proper validation of configuration values
• Clear error messages for missing config
• Documentation of all configuration options

Files Likely Needing Updates:

• scripts/hermes-claim
• scripts/*-loop.sh
• scripts/agent-dispatch.sh
• Any Python files with hardcoded URLs
• CI configuration files

Testing:

• Verify all scripts work with new config system
• Test with missing config file (should fail gracefully)
• Test with invalid configuration values
• Verify no hardcoded strings remain

Acceptance Criteria Met When:

• No hardcoded IPs/URLs in codebase (verified by grep)
• Central configuration file controls all environment settings
• All scripts load configuration properly
• Environment-specific override capability
• Comprehensive documentation
• No functional regressions

This eliminates configuration management tech debt and improves security by centralizing sensitive endpoints.

## Implementation Plan for Configuration Centralization **Priority**: HIGH - Security/maintainability (hardcoded IPs scattered across codebase) **Files to Create/Modify**: 1. `config/environment.conf` - Central configuration file 2. `scripts/load-config.sh` - Configuration loading utilities 3. Update all `.sh` scripts with hardcoded IPs/URLs 4. `src/infrastructure/config/settings.py` - Python config loader **Implementation Steps**: 1. **Create Central Configuration** (`config/environment.conf`): ```bash # Gitea Configuration GITEA_BASE_URL="http://143.198.27.163:3000" GITEA_API_URL="${GITEA_BASE_URL}/api/v1" # CI Configuration CI_TESTBED_IP="67.205.155.108" # Repository Configuration DEFAULT_REPO="rockachopa/Timmy-time-dashboard" # Add other discovered magic strings ``` 2. **Create Config Loader** (`scripts/load-config.sh`): ```bash load_config() { if [[ -f "config/environment.conf" ]]; then source "config/environment.conf" else echo "ERROR: Configuration file not found" exit 1 fi } ``` 3. **Audit and Replace Hardcoded Values**: - Search for all instances of `143.198.27.163:3000` - Search for all instances of `67.205.155.108` - Search for other hardcoded URLs, IPs, ports - Replace with environment variables 4. **Update All Shell Scripts**: - Add `source scripts/load-config.sh` at the top - Replace hardcoded values with variables - Test each script after modification 5. **Create Python Config Module** (`src/infrastructure/config/settings.py`): ```python class Config: GITEA_BASE_URL = os.getenv('GITEA_BASE_URL', 'http://143.198.27.163:3000') GITEA_API_URL = os.getenv('GITEA_API_URL', f'{GITEA_BASE_URL}/api/v1') # etc. ``` **Discovery Phase** (run these commands first): ```bash # Find all hardcoded IPs and URLs grep -r "143.198.27.163" scripts/ src/ --exclude-dir=.git grep -r "67.205.155.108" scripts/ src/ --exclude-dir=.git grep -r "http://.*:[0-9]" scripts/ src/ --exclude-dir=.git ``` **Key Requirements**: - Backward compatibility during transition - Environment-specific overrides (dev/staging/prod) - Proper validation of configuration values - Clear error messages for missing config - Documentation of all configuration options **Files Likely Needing Updates**: - `scripts/hermes-claim` - `scripts/*-loop.sh` - `scripts/agent-dispatch.sh` - Any Python files with hardcoded URLs - CI configuration files **Testing**: - Verify all scripts work with new config system - Test with missing config file (should fail gracefully) - Test with invalid configuration values - Verify no hardcoded strings remain **Acceptance Criteria Met When**: - No hardcoded IPs/URLs in codebase (verified by grep) - Central configuration file controls all environment settings - All scripts load configuration properly - Environment-specific override capability - Comprehensive documentation - No functional regressions This eliminates configuration management tech debt and improves security by centralizing sensitive endpoints.

kimi was assigned by Timmy 2026-03-24 14:46:09 +00:00

kimi was unassigned by Timmy 2026-03-24 19:32:18 +00:00

Timmy closed this issue 2026-03-24 21:54:08 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

gemini/issue-892

claude/issue-1342

claude/issue-1346

claude/issue-1351

claude/issue-1340

fix/test-llm-triage-syntax

gemini/issue-1014

gemini/issue-932

claude/issue-1277

claude/issue-1139

claude/issue-870

claude/issue-1285

claude/issue-1292

claude/issue-1281

claude/issue-917

claude/issue-1275

claude/issue-925

claude/issue-1019

claude/issue-1094

claude/issue-1019-v3

fix/flaky-vassal-xdist-tests

fix/test-config-env-isolation

claude/issue-1019-v2

claude/issue-957-v2

claude/issue-1218

claude/issue-1217

test/chat-store-unit-tests

claude/issue-1191

claude/issue-1186

claude/issue-957

gemini/issue-936

claude/issue-1065

gemini/issue-976

gemini/issue-1149

claude/issue-1135

claude/issue-1064

gemini/issue-1012

claude/issue-1095

claude/issue-1102

claude/issue-1114

gemini/issue-978

gemini/issue-971

claude/issue-1074

claude/issue-987

claude/issue-1011

feature/internal-monologue

feature/issue-1006

feature/issue-1007

feature/issue-1008

feature/issue-1009

feature/issue-1010

feature/issue-1011

feature/issue-1012

feature/issue-1013

feature/issue-1014

feature/issue-981

feature/issue-982

feature/issue-983

feature/issue-984

feature/issue-985

feature/issue-986

feature/issue-987

feature/issue-993

claude/issue-943

claude/issue-975

claude/issue-989

claude/issue-988

fix/loop-guard-gitea-api-and-queue-validation

feature/lhf-tech-debt-fixes

kimi/issue-753

kimi/issue-714

kimi/issue-716

fix/csrf-check-before-execute

chore/migrate-gitea-to-vps

kimi/issue-640

fix/utcnow-calm-py

kimi/issue-635

kimi/issue-625

fix/router-api-truncated-param

kimi/issue-604

kimi/issue-594

review-fixes

kimi/issue-570

kimi/issue-554

kimi/issue-539

kimi/issue-540

feature/ipad-v1-api

kimi/issue-506

kimi/issue-512

refactor/airllm-doc-cleanup

kimi/issue-513

kimi/issue-514

kimi/issue-500

kimi/issue-492

kimi/issue-490

kimi/issue-459

kimi/issue-472

kimi/issue-473

kimi/issue-462

kimi/issue-463

kimi/issue-454

kimi/issue-445

kimi/issue-446

kimi/issue-431

GoldenRockachopa

hermes/v0.1

Labels

Clear labels

222-epic

Workshop: Timmy as Presence (Epic #222)

actionable

Has a concrete code/config task extracted

assigned-claude

Issue currently assigned to Claude agent — do not assign to another agent

assigned-gemini

Issue currently assigned to Gemini agent — do not assign to another agent

assigned-groq

assigned-kimi

Issue currently assigned to Kimi agent — do not assign to another agent

assigned-manus

Issue currently assigned to Manus agent — do not assign to another agent

claude-ready

consolidation

Part of a consolidation epic

deprioritized

Keep open but not blocking P0 work

deprioritized

Keep open but not blocking P0 work

duplicate

Duplicate of another issue

gemini-review

Auto-generated by Gemini, needs relevance review

groq-ready

harness

Core product: agent framework, heartbeat, inference, memory

heartbeat

Harness: Agent heartbeat loop

inference

Harness: Inference and model routing

infrastructure

Supporting stage: dashboard, CI/CD, deployment, DNS

kimi-ready

Scoped and ready for Kimi to pick up

memory-session

Harness: Memory and session crystallization

morrowind

Harness: Morrowind embodiment

needs-design

Needs architectural design before implementation

needs-extraction

Philosophy with unextracted engineering work

p0-critical

Priority 0: Must fix now

p1-important

Priority 1: Important, next sprint

p2-backlog

Priority 2: Backlog, do when time permits

philosophy

Philosophical foundation — informs architecture decisions

rejected-direction

Closed: rejected or superseded direction

seed:know-purpose

Three Seeds: KNOW YOUR PURPOSE

seed:serve-real

Three Seeds: SERVE THE REAL

seed:tell-truth

Three Seeds: TELL THE TRUTH

sovereignty

Harness: Sovereignty stack

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Timmy claude grok kimi manus perplexity Rockachopa

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#1418