You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR adds two lightweight audit scripts for visible application surfaces:
scripts/check-csp-regressions.py
scripts/audit-user-facing-errors.py
Why
Athen now has a stricter Tauri CSP, a redaction helper, AthenError::user_safe_message(), and secret scanning.
These scripts help prevent regressions around:
frontend CSP compatibility;
raw user-facing error exposure.
Changes
CSP regression checker
Scans frontend/ for CSP-hostile patterns such as:
inline event handlers;
javascript: URLs;
eval(...);
new Function(...);
string-based setTimeout(...) / setInterval(...);
inline <script> blocks without src.
This helps prevent patterns that are incompatible with script-src 'self' from coming back later.
User-facing error audit
Scans Rust code for likely user-facing raw error formatting surfaces, such as:
Telegram replies;
frontend events;
notifications;
UI/toast paths;
user-facing error formatting helpers.
This script is intentionally advisory and exits successfully because not every raw error formatting site is unsafe, and not every error type is AthenError.
Scope
No runtime behavior changed.
No frontend behavior changed.
No Rust production code changed.
Adds audit/check scripts only.
Follow-up
Future PRs can:
wire the CSP checker into CI;
review the user-facing error audit output;
replace selected raw error surfaces with user_safe_message();
make narrower checks blocking once false positives are understood.
This PR adds two small safety/audit scripts for visible application surfaces.
It does not change runtime behavior. The goal is to make future frontend and user-facing error regressions easier to catch and review.
Changes
1. Add scripts/check-csp-regressions.py
This script scans frontend/ for CSP-hostile patterns such as:
inline event handlers;
javascript: URLs;
eval(...);
new Function(...);
string-based setTimeout(...) / setInterval(...);
inline <script> blocks without src.
Athen now uses a stricter Tauri CSP with script-src 'self'. Inline handlers were already removed from the frontend in a recent commit, so this script helps prevent those patterns from coming back.
2. Add scripts/audit-user-facing-errors.py
This script scans Rust code for likely user-facing raw error surfaces.
It looks for candidate locations where raw error formatting may reach external or user-visible surfaces such as:
Telegram replies;
frontend events;
notifications;
toast/UI messages;
user-facing error formatting helpers.
The script is intentionally advisory: it prints candidates for review and exits successfully. Not every raw {e} or .to_string() is unsafe, and not every error type is AthenError, so this should be used as a review aid before making anything blocking.
Why
Athen exposes powerful surfaces: a desktop WebView, Telegram replies, notifications, tool outputs, provider errors, and agent-generated content.
The project already added:
a baseline Tauri CSP;
a redaction helper;
AthenError::user_safe_message();
secret scanning.
This PR adds lightweight tools to help maintain those safety boundaries over time.
Scope
No runtime behavior changed.
No frontend behavior changed.
No Rust production code changed.
Adds audit/check scripts only.
Suggested follow-up
After reviewing the audit output, future PRs can:
wire the CSP checker into CI;
replace selected user-facing raw error surfaces with user_safe_message();
make narrower error-surface checks blocking once false positives are understood.
AtilaVG
changed the title
ci: add frontend CSP regression checker
tools: add CSP and user-facing error safety audits
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do
This PR adds two lightweight audit scripts for visible application surfaces:
scripts/check-csp-regressions.pyscripts/audit-user-facing-errors.pyWhy
Athen now has a stricter Tauri CSP, a redaction helper,
AthenError::user_safe_message(), and secret scanning.These scripts help prevent regressions around:
Changes
CSP regression checker
Scans
frontend/for CSP-hostile patterns such as:javascript:URLs;eval(...);new Function(...);setTimeout(...)/setInterval(...);<script>blocks withoutsrc.This helps prevent patterns that are incompatible with
script-src 'self'from coming back later.User-facing error audit
Scans Rust code for likely user-facing raw error formatting surfaces, such as:
This script is intentionally advisory and exits successfully because not every raw error formatting site is unsafe, and not every error type is
AthenError.Scope
Follow-up
Future PRs can:
user_safe_message();