azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gc-audit): correct Pass B sqlx premise (GC uses runtime sqlx)

Browse Source 
GC's db layer uses runtime sqlx::query()/query_as() throughout - zero
compile-time macros (verified during v2 Task 1; CLAUDE.md's "compile-time
checked queries" line is stale). Pass B now treats a NEW sqlx::query! macro
as a [LOW] deviation (reintroduces the .sqlx-cache footgun + build-time
DATABASE_URL) instead of blessing macros as the GC norm. Fixed both the
intro divergence note and the Pass B check.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-29 18:39:35 -07:00
parent e5ccb6a71a
commit c670471c8a
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.claude/skills/gc-audit/SKILL.md
View File

@@ -28,8 +28,10 @@ file and living docs are updated. No production code is changed.
> **This is GuruConnect, not GuruRMM.** GC diverges from the RMM audit in ways that matter —
> do NOT copy RMM assumptions. The biggest traps, called out where they apply below:
> - **sqlx compile-time macros (`sqlx::query!` / `query_as!`) are the GC NORM and are allowed.**
> RMM bans them; GC does not. Do not flag them as violations.
> - **GC uses runtime `sqlx::query()`/`query_as()` — NOT compile-time `sqlx::query!` macros**
> (verified 2026-05-29; CLAUDE.md's "compile-time checked queries" line is stale, and v2 keeps runtime
> sqlx). This matches RMM. A *new* `query!`/`query_as!` macro is therefore a deviation worth a `[LOW]`
> (it reintroduces the `.sqlx`-cache-regen footgun + a build-time `DATABASE_URL` requirement), not the norm.
> - **Wire format is Protobuf**, not RMM's JSON `AgentMessage`/`ServerMessage` enums. The
> integrity pass chases drift across four artifacts: `proto/guruconnect.proto` →
> prost-generated agent code → prost-generated server code → **hand-written binary decode in
@@ -174,9 +176,11 @@ hashed/short-lived tokens; log auth attempts), `api/response-format` (consistent
- `todo!()` / `unimplemented!()` in non-test production paths.
- `println!` / `eprintln!` used for logging instead of `tracing::` macros.
- `format!()` used to build SQL strings (injection risk — parameterize instead).
- **DO NOT flag `sqlx::query!` / `sqlx::query_as!` compile-time macros.** They are the GC
convention (the codebase relies on compile-time query checking). This is the inverse of the
RMM rule — flagging them here is a false positive.
- **sqlx style:** GC's db layer uses **runtime `sqlx::query()`/`query_as()`** throughout, NOT
compile-time `sqlx::query!` macros (verified 2026-05-29 — CLAUDE.md's "compile-time checked queries"
claim is stale; v2 keeps runtime sqlx, matching RMM). So a **new `sqlx::query!`/`query_as!` macro is a
deviation** worth `[LOW]` (reintroduces the `.sqlx`-cache-regen footgun + build-time `DATABASE_URL`),
not the norm. Still flag `format!()`-built SQL (above) as the real injection risk.
**Auth coverage (server):**
- Read `server/src/api/mod.rs` + `server/src/auth/mod.rs`. Identify which route groups go through