lerko/nib-v1
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: harden API, DB, and web layer from audit findings

Browse Source 
- Cap list API limit at 200 to prevent unbounded queries
- Sanitize markdown output with DOMPurify to prevent XSS
- Add v4 migration with indexes on deleted_at and modified_at
- Fix v2 migration swallowed ALTER TABLE errors
- Tighten ~/.nib directory permissions to 0o700
This commit is contained in:
Tyler Koenig
2026-05-20 20:41:53 -04:00
parent 1ac4196547
commit 8663beeb96
5 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODO.md
+27
View File
@@ -0,0 +1,27 @@
# Code Hardening — Senior Dev Audit Fixes
## Phase 1: Quick Wins (safety + correctness)
- [ ] Cap API list limit at 200
- [ ] Fix markdown XSS — add DOMPurify to sanitize marked output
- [ ] Add missing DB indexes (deleted_at, modified_at) via v4 migration
- [ ] Fix v2 migration error handling (swallowed ALTER TABLE errors)
- [ ] Fix ~/.nib directory permissions (0o755 → 0o700)
## Phase 2: CI Pipeline
- [ ] Gitea Actions workflow: test + lint on PR
## Phase 3: context.Context in Store
- [ ] Thread context.Context through all Store methods
- [ ] Use context in API handlers (from r.Context())
- [ ] Use context in CLI commands (cobra context)
## Phase 4: cmd/ Tests
- [ ] Test add command
- [ ] Test ls command
- [ ] Test promote/demote commands
- [ ] Test delete command
- [ ] Test absorb command
## Phase 5: Backup/Export
- [ ] nib export — dump entities to JSON
- [ ] nib backup — safe SQLite backup (handles WAL)