lerko
8663beeb96
- Cap list API limit at 200 to prevent unbounded queries - Sanitize markdown output with DOMPurify to prevent XSS - Add v4 migration with indexes on deleted_at and modified_at - Fix v2 migration swallowed ALTER TABLE errors - Tighten ~/.nib directory permissions to 0o700
28 lines
937 B
Markdown
28 lines
937 B
Markdown
# Code Hardening — Senior Dev Audit Fixes
|
|
|
|
## Phase 1: Quick Wins (safety + correctness)
|
|
- [ ] Cap API list limit at 200
|
|
- [ ] Fix markdown XSS — add DOMPurify to sanitize marked output
|
|
- [ ] Add missing DB indexes (deleted_at, modified_at) via v4 migration
|
|
- [ ] Fix v2 migration error handling (swallowed ALTER TABLE errors)
|
|
- [ ] Fix ~/.nib directory permissions (0o755 → 0o700)
|
|
|
|
## Phase 2: CI Pipeline
|
|
- [ ] Gitea Actions workflow: test + lint on PR
|
|
|
|
## Phase 3: context.Context in Store
|
|
- [ ] Thread context.Context through all Store methods
|
|
- [ ] Use context in API handlers (from r.Context())
|
|
- [ ] Use context in CLI commands (cobra context)
|
|
|
|
## Phase 4: cmd/ Tests
|
|
- [ ] Test add command
|
|
- [ ] Test ls command
|
|
- [ ] Test promote/demote commands
|
|
- [ ] Test delete command
|
|
- [ ] Test absorb command
|
|
|
|
## Phase 5: Backup/Export
|
|
- [ ] nib export — dump entities to JSON
|
|
- [ ] nib backup — safe SQLite backup (handles WAL)
|