Skip to content

Instantly share code, notes, and snippets.

@allan-gar2x
allan-gar2x / bike4mind-marketing-overview.md
Last active July 1, 2026 14:27
Bike4Mind — Marketing Overview: Features, Competitor Comparison, Integrations & Pricing

Bike4Mind — Marketing Overview: Features, Competitor Comparison & Pricing

Bike4Mind — The All-in-One AI Platform

"Your bicycle for the mind in the age of AI"

bike4mind.com  |  app.bike4mind.com


@allan-gar2x
allan-gar2x / mongodb-staging-cluster-separation.md
Created May 4, 2026 02:47
MongoDB Staging Cluster Separation (Phase 2 removed — MONGODB_URI only)

Design: Separate MongoDB Atlas Cluster for Bike4Mind Staging

Issue: b4m-infra#107 Date: 2026-04-28 Status: Approved


Problem

@allan-gar2x
allan-gar2x / bootstrap--authenticate-all-profiles.sh.diff
Last active April 28, 2026 07:25
k2kanji-dev + k2kanji-prod AWS account provisioning (OpenTofu)
# Change in infrastructure/bootstrap/scripts/authenticate-all-profiles.sh
# Update the profiles array to include k2kanji profiles:
profiles=("b4m-dev" "b4m-prod" "b4m-web" "b4m-tss" "polaris-prod" "polaris-dev" "onebris-dev" "onebris-prod" "vibestrader-dev" "vibestrader-prod" "starlightpractice-prod" "starlightpractice-dev" "futurum-equities-dev" "futurum-equities-prod" "k2kanji-dev" "k2kanji-prod" "mom")
@allan-gar2x
allan-gar2x / gist:40e6006c44c4eb96a89705c5ab7af1fc
Created April 28, 2026 04:08
Issue #7716: business-links IDOR — analysis, test scripts, and fix plan
# Issue #7716: business-links IDOR — Analysis, Test Scripts & Fix Plan
## Issue Summary
**IDOR vulnerability**: All 5 mutation endpoints on `business-links` and `business-links/category` perform **zero authorization checks**. Any authenticated user can create, update, delete, or bulk-import any research link/category — including ones they didn't create and across all organizations.
---
## Root Cause
@allan-gar2x
allan-gar2x / secops-roadmap-detail.md
Last active April 23, 2026 03:35
lumina5 Security Dashboard — Implementation Roadmap (Phases 5–7 detail)

Security Dashboard — SecOps Expansion Roadmap

Project: lumina5 / app.bike4mind.com
Scope: Security Dashboard (Admin) — Cloud Scan expansion, SecOps Triage wiring, Compliance integration
Planning language: Milestones + phases, no time estimates. Dependencies noted per item.


Quick Summary

@allan-gar2x
allan-gar2x / secops-roadmap.md
Last active April 23, 2026 03:34
lumina5 Security Dashboard — SecOps Expansion Roadmap (Phase 1–3)

lumina5 Security Dashboard — SecOps Expansion Roadmap (Phase 1–3)

lumina5 Security Dashboard — SecOps Expansion Roadmap (Phase 1–3)

Security Dashboard — Full History & Expansion Roadmap

Project: lumina5 / app.bike4mind.com Scope: Admin Security Dashboard — what has been built, what comes next Legend: ✅ Done | 🧪 Implemented, awaiting staging test | 🟧 Implemented, pending merge to main | ⬜ Planned

@allan-gar2x
allan-gar2x / HYDRA-013-7704-implementation-plan.md
Last active April 13, 2026 05:25
HYDRA-013: WebSocket URL exposure + emergency-login architecture (#7704)

HYDRA-013 — WebSocket URL Exposure + Emergency-Login Architecture

Issue: #7704
Severity: LOW (P3) · Category: Information Disclosure
Date: 2026-04-13
Related PR (merged): #7708 — acute risks mitigated
Closed by: #7700 (WebSocket URL portion)


@allan-gar2x
allan-gar2x / HYDRA-008-implementation-plan.md
Last active April 13, 2026 05:14
HYDRA-008: serverConfig auth split — combined implementation + security review

HYDRA-008 — serverConfig Auth Split

Issue: #7700
Severity: MEDIUM (P2) · Category: Information Disclosure
Date: 2026-04-13


Vulnerability Summary

@allan-gar2x
allan-gar2x / aws-cost-investigation-2026-04-10.md
Created April 10, 2026 05:52
AWS Cost Investigation - Budget Alert April 10, 2026

AWS Cost Investigation — April 10, 2026

Triggered by: AWS Budget Notification — "$90/day All Accounts Budget" Account: 806877424398 (MilliononMars management) Budget: $2,700.00/month | Alert threshold: $2,295.00 (85%) | Actual (Apr 1–9): $2,480.72 Investigated: April 10, 2026 at ~12:30 PM


Bottom Line Up Front

@allan-gar2x
allan-gar2x / zap-failure-analysis.md
Last active April 7, 2026 09:51
OWASP ZAP Workflow Failure Analysis — MillionOnMars/lumina5

OWASP ZAP Workflow Failure Analysis — MillionOnMars/lumina5

Workflow: website-owasp-zap.yml (zap-website-scan job) Analysis Date: 2026-04-06 (updated 2026-04-07) Runs Analyzed: 24071373481 (most recent, 2026-04-07), 23993183349 (Sunday 2026-04-05 scheduled), 23992526959 (2026-04-05 manual), 23699538988 (2026-03-29 manual)


Summary