Summary
GeoSentinel exposes subsystem status routes that report healthy/connected state from hardcoded literals instead of checking the actual AI or satellite integrations.
Evidence
Why this matters
A status endpoint is supposed to reduce uncertainty. These routes do the opposite: they can report a healthy AI/search/satellite stack even when the upstream keys are absent, providers are offline, or the feature is just a placeholder.
Attack or failure scenario
An operator checks the product's status panel during an outage or missing-key deployment. The UI or monitoring path sees CONNECTED / online and keeps routing work through a dead subsystem, delaying diagnosis and eroding trust in every other status signal.
Root cause
Health and status were implemented as static branding responses rather than dependency-aware readiness checks.
Recommended fix
- Replace hardcoded status payloads with explicit dependency probes or feature-disabled states.
- Distinguish configured, reachable, degraded, and unavailable states.
- Remove placeholder provider claims until real integrations exist.
- Add tests that fail when a status route reports healthy state without the required backing dependency.
Acceptance criteria
- Status routes reflect actual dependency configuration and reachability.
- Placeholder integrations no longer report healthy state by default.
- Monitoring/health responses can distinguish misconfiguration from upstream outage.
Suggested labels
- bug
- observability
- production-readiness
- reliability
Priority
P1 (High)
Severity
High — the system lies about subsystem health in routes that operators are likely to trust.
Confidence
Confirmed — the hardcoded success payloads are explicit in source.
Summary
GeoSentinel exposes subsystem status routes that report healthy/connected state from hardcoded literals instead of checking the actual AI or satellite integrations.
Evidence
status: "CONNECTED",engine: "HuggingFace Llama-3.1-8B", andweb_search: "DuckDuckGo_Scraper_Active"without any runtime check.online,UPLINK_ESTABLISHED, andkey_active: Truefrom a static JSON body.Why this matters
A status endpoint is supposed to reduce uncertainty. These routes do the opposite: they can report a healthy AI/search/satellite stack even when the upstream keys are absent, providers are offline, or the feature is just a placeholder.
Attack or failure scenario
An operator checks the product's status panel during an outage or missing-key deployment. The UI or monitoring path sees
CONNECTED/onlineand keeps routing work through a dead subsystem, delaying diagnosis and eroding trust in every other status signal.Root cause
Health and status were implemented as static branding responses rather than dependency-aware readiness checks.
Recommended fix
Acceptance criteria
Suggested labels
Priority
P1 (High)
Severity
High — the system lies about subsystem health in routes that operators are likely to trust.
Confidence
Confirmed — the hardcoded success payloads are explicit in source.