# Project Plan: LLM Proxy Enhancements & Security Upgrade

This document outlines the roadmap for standardizing frontend security, cleaning up the codebase, upgrading session management to HMAC-signed tokens, and extending integration testing.

## Phase 1: Frontend Security Standardization
**Primary Agent:** `frontend-developer`

- [x] Audit `static/js/pages/users.js` for manual HTML string concatenation.
- [x] Replace custom escaping or unescaped injections with `window.api.escapeHtml`.
- [x] Verify user list and user detail rendering for XSS vulnerabilities.

## Phase 2: Codebase Cleanup
**Primary Agent:** `backend-developer`

- [x] Identify and remove unused imports in `src/config/mod.rs`.
- [x] Identify and remove unused imports in `src/providers/mod.rs`.
- [x] Run `cargo clippy` and `cargo fmt` to ensure adherence to standards.

## Phase 3: HMAC Architectural Upgrade
**Primary Agents:** `fullstack-developer`, `security-auditor`, `backend-developer`

### 3.1 Design (Security Auditor)
- [x] Define Token Structure: `base64(payload).signature`.
    - Payload: `{ "session_id": "...", "username": "...", "role": "...", "exp": ... }`
- [x] Select HMAC algorithm (HMAC-SHA256).
- [x] Define environment variable for secret key: `SESSION_SECRET`.

### 3.2 Implementation (Backend Developer)
- [x] Refactor `src/dashboard/sessions.rs`:
    - Integrate `hmac` and `sha2` crates (or similar).
    - Update `create_session` to return signed tokens.
    - Update `validate_session` to verify signature before checking store.
- [x] Implement activity-based session refresh:
    - If session is valid and >50% through its TTL, extend `expires_at` and issue new signed token.

### 3.3 Integration (Fullstack Developer)
- [x] Update dashboard API handlers to handle new token format.
- [x] Update frontend session storage/retrieval if necessary.

## Phase 4: Extended Integration Testing
**Primary Agent:** `qa-automation`

- [ ] Setup test environment with encrypted key storage enabled.
- [ ] Implement end-to-end flow:
    1. Store encrypted provider key via API.
    2. Authenticate through Proxy.
    3. Make proxied LLM request (verifying decryption and usage).
- [ ] Validate HMAC token expiration and refresh logic in automated tests.

## Phase 5: Code Quality & Refactoring
**Primary Agent:** `fullstack-developer`

- [x] Refactor dashboard monolith into modular sub-modules (`auth.rs`, `usage.rs`, etc.).
- [x] Standardize error handling and remove `unwrap()` in production paths.
- [x] Implement system health metrics and backup functionality.

---

## Technical Standards
- **Rust:** No `unwrap()` in production code; use proper error handling (`Result`).
- **Frontend:** Always use `window.api` wrappers for sensitive operations.
- **Security:** Secrets must never be logged or hardcoded.