Re-license Pry from full Proprietary to a dual-license model: - Core engine, extraction, templates (80+), MCP server, x402 payment rail, CLI, SDK, browser extension, WordPress plugin, Shopify app, and llm_providers: MIT (see LICENSE) - Anti-detection / stealth subset (15 files): BSL 1.1 with Change Date 2029-01-01 (see LICENSE-BSL-STEALTH) BSL files (anti-detection moat): ultimate_scraper.py, stealth_engine.py, stealth_scripts/*.js (6), camoufox_integration.py, tls_fingerprint.py, cookie_warmer.py, behavioral_biometrics.py, adaptive.py, browser_pool.py, network.py, captcha_solver.py, shadow_dom.py, lazy_load.py, signup_automator.py, auth_connector.py This enables community contributions to the core engine (templates, integrations, MCP tools) while protecting the anti-detection techniques that constitute the actual competitive moat. BSL Additional Use Grant permits free non-production use; production deployment requires a commercial license from enterprise@rugmunch.io. Changes: - Replace proprietary LICENSE with MIT LICENSE + new LICENSE-BSL-STEALTH - Add SPDX-License-Identifier headers to 300+ source files - Add docs/adr/0002-dual-licensing.md (ADR documenting the decision) - Update README.md: new License section with BSL Additional Use Grant - Update LICENSING_PRICING_STRATEGY.md: Section 3 (PryScraper) for dual license - Update AGENTS.md: license line in header + new rule 8 (PRs touching BSL rejected) - Update pyproject.toml: license = "MIT AND BSL-1.1" + classifiers + license-files - Update DECISIONS.md index with ADR-0002 - Update STATUS.md (2026-07-03) and PLAN.md sprint goals Refs: ADR-0002
2.4 KiB
2.4 KiB
//: # (Copyright (c) 2026 Rug Munch Media LLC)
SECURITY.md — PryScraper
Threat model, secrets, auth, rate limiting, vuln disclosure.
Threat Model
Assets
- User wallets (private keys never touch our servers — verified by signature)
- API keys (gopass)
- DB credentials (gopass)
- Reputation (RMM LLC brand)
Threats
- Secret leak to git — gitleaks pre-commit hook + history scan on incidents
- SQL injection — SQLAlchemy ORM + parameter binding only
- XSS — React auto-escapes; CSP headers on nginx
- CSRF — SameSite=Strict cookies + Bearer tokens
- DDoS — Cloudflare proxy in front
- Supply chain — renovate keeps deps updated; pip-audit weekly
Secrets
Storage: gopass (rmi/pryscraper/*)
Loading:
- Local dev:
.envfile (gitignored) - Production: docker
--env-file, systemdEnvironmentFile
Rotation:
- API tokens: quarterly
- DB passwords: quarterly
- Signing keys: on personnel change
Audit: any secret leak triggers rotation within 1 hour.
Authentication
- Bearer tokens for API
- OAuth2 (Telegram, etc) for user-facing bots
- x402 micropayments for paid endpoints (signing via Solana/EVM wallet)
Authorization
- RBAC for admin endpoints
- Rate limiting per IP/token (sliding window)
- Admin endpoints require
cfg.admin_keycheck
Input Validation
- Pydantic models for ALL API inputs (no
dict/anytypes) - Length limits, regex validation, enum constraints
- Reject any input containing mainnet addresses/keys (pre-commit hook)
Rate Limiting
- Default: 60 req/min per IP
- Burst: 100 req
- Authenticated: 600 req/min
- Returns 429 with
Retry-Afterheader
Dependencies
pip-auditweekly (CI)safety checkweekly (CI)- Renovate bot for auto-PR updates
Vulnerability Disclosure
Email: security@rugmunch.io (PGP key in gopass) Response within 24 hours. Patch within 7 days for critical, 30 days for medium.
Audit Log
Every state-changing action logged to:
app/state/audit/(JSONL, append-only)- ClickHouse (analytics, 90-day retention)
- WORM storage (R2 with object lock, 7-year retention)
Incident Response
- Detect (alert from monitoring)
- Contain (revoke compromised secrets, block IPs)
- Eradicate (patch vuln, deploy fix)
- Recover (verify systems clean, restore from backup if needed)
- Learn (post-mortem, update SECURITY.md)