Conversation
…rity hardening
Consolidates the v0.8.0-alpha.1 release work for core/api. Module path
migration, new SDK-codegen interfaces, and significant security
hardening across the request boundary.
* Module path migration: forge.lthn.ai/core/api -> dappco.re/go/api.
All sibling dappco.re/go/* deps pinned to v0.8.0-alpha.1; PHP-side
dedoc/scramble bumped ^0.12 -> ^0.13.
* SDK codegen surface (Go side):
- Describable interface — providers expose human-readable metadata
- Renderable interface — renderers expose templates and hints
- StreamGroup interface — SSE endpoints declare event shapes
- Cache-Control hints integrate with RouteGroup
- IsValidMCPServerID validates server identifiers at the boundary
* Security hardening:
- SSRF guard at the doHTTPClientRequest choke point with allow-list
and unit + integration coverage
- PackageName hardened against flag-injection (G204 false-positive
annotated)
- schemaInt bound-checks uint/uint64 -> int coercion (G115)
- newChatCompletionID G404 false-positive annotated
- outbound request cookie path G124 false-positive annotated
- API key auth lookup failure path hardened
- .gitleaksignore added for one documented false-positive
* PHP test infrastructure:
- Pest testbench bootstrap signature corrected
- Stable core module release pinned
* AX-10 scaffold: tests/cli/api/ Taskfile drivers cover the CLI surface.
* Repo hygiene:
- removed previously-tracked .DS_Store under src/php/src/Website
- dropped empty .core/TODO.md
Refs: RFC-CORE-008-AGENT-EXPERIENCE.md (AX-1, AX-6, AX-10)
Co-authored-by: Athena <athena@lthn.ai>
Co-authored-by: Cerberus <cerberus@lthn.ai>
Co-authored-by: Hephaestus <hephaestus@lthn.ai>
Co-authored-by: Cladius Maximus <cladius@lthn.ai>
…close Mantis #931 Both workspace and user resolution returning null fell through to an unscoped SupportTicket::find($id), allowing any actor whose request context fails to resolve to read or reply to ANY ticket by ID enumeration (CWE-639 IDOR, REACHABLE-CRITICAL per Cerberus DREAD). Fix per Cerberus's recommendation: - Throw AuthorizationException (not silent null) when both contexts null - Log fail-open attempts with actor IP for ops alerting - Keep existing scoped-lookup logic intact when context resolves Test triad: - AnonymousAccess_Bad — anonymous request returns 401, not a ticket - FailOpenAttempt_Ugly — log.warning fires with actor_ip + ticket_id - AuthenticatedUser_Good — legitimate access still succeeds Filer: CodeRabbit (PR #3 dAppCore/api) DREAD review: Cerberus (Mantis #931 verdict REACHABLE-CRITICAL) Co-Authored-By: CodeRabbit <noreply@coderabbit.ai> Co-Authored-By: Cerberus <cerberus@lthn.ai> Co-Authored-By: Athena <athena@lthn.ai> Co-Authored-By: Virgil <virgil@lethean.io>
…pace The Go SDK codegen config still pointed at the pre-migration github.com/dappcore/core-go module path. CodeRabbit (PR #3, Mantis #932) flagged it as the only sdk-config/* yaml that wasn't updated during the workspace-wide module rename to dappco.re/go. Pattern matches the api repo's own go.mod (`module dappco.re/go/api`) and the Java/TypeScript SDK configs that already use the dappco.re/re.dappco namespaces. SDK consumers will get a Go module declaration that resolves under the canonical dappco.re proxy. Closes Mantis #932 on PR #3 dAppCore/api. Co-authored-by: Cerberus <cerberus@lthn.ai> Co-authored-by: Hephaestus <hephaestus@lthn.ai>
chore(dev→main): routine PR cadence for CodeRabbit review
v0.9.0 compliance: full upgrade against core/go reference
chore: promote dev to main — api v0.13.0 (Mantis #1217, audit COMPLIANT)
fix(deps): refresh gin-contrib/httpsign@v1.0.3 go.sum hashes to the proxy's current bytes. Unblocks lthn/desktop CI bindings step.
Main moved forward independently while the release branch sat
since the v0.8.0-alpha.1 cut. Main carries the canonical:
- flat namespace `dappco.re/go` (release used `dappco.re/go/core`)
- reorganised `go/`, `go/pkg/provider/`, `php/` paths
(release was still on `./`, `pkg/provider/`, `src/php/`)
- own SSRF guard + Mantis #931 IDOR fix at higher coverage
- sonar BLOCKER clears (#1287) + CI infra (#1217)
- service.go consolidation (#1336)
Conflict resolution policy: accept main's version where main's
work is at-or-ahead of release's parallel implementation
(security hardening, namespace, directory layout). Accept the
deletions main made (proxy.go etc — moved/refactored). Release's
genuinely-new test files moved to their canonical post-reorg
paths.
28 conflicts resolved:
4 modify/delete (release's mods to files main deleted) → accept delete
4 add/add (same path, different content) → main's namespace
1 add unresolved (path rename) → file added at new path
19 both modified (mostly namespace + dir migration) → main's version
release: v0.8.0-alpha.1 — module migration, SDK-codegen surface, security hardening
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Comment |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.