lerko/nib-v1
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
50b80f4407259421c1d8ef3870cc6c9022338641
nib-v1/TODO.md
T
lerko 8663beeb96 fix: harden API, DB, and web layer from audit findings 
- Cap list API limit at 200 to prevent unbounded queries
- Sanitize markdown output with DOMPurify to prevent XSS
- Add v4 migration with indexes on deleted_at and modified_at
- Fix v2 migration swallowed ALTER TABLE errors
- Tighten ~/.nib directory permissions to 0o700
2026-05-20 20:41:53 -04:00

937 B
Raw Blame History

Code Hardening — Senior Dev Audit Fixes

Phase 1: Quick Wins (safety + correctness)

  • Cap API list limit at 200
  • Fix markdown XSS — add DOMPurify to sanitize marked output
  • Add missing DB indexes (deleted_at, modified_at) via v4 migration
  • Fix v2 migration error handling (swallowed ALTER TABLE errors)
  • Fix ~/.nib directory permissions (0o755 → 0o700)

Phase 2: CI Pipeline

  • Gitea Actions workflow: test + lint on PR

Phase 3: context.Context in Store

  • Thread context.Context through all Store methods
  • Use context in API handlers (from r.Context())
  • Use context in CLI commands (cobra context)

Phase 4: cmd/ Tests

  • Test add command
  • Test ls command
  • Test promote/demote commands
  • Test delete command
  • Test absorb command

Phase 5: Backup/Export

  • nib export — dump entities to JSON
  • nib backup — safe SQLite backup (handles WAL)
Reference in New Issue View Git Blame Copy Permalink