92 lines
3.6 KiB
Plaintext
92 lines
3.6 KiB
Plaintext
Work in the `platform` repo and continue from the current remediation state.
|
|
|
|
Use Gitea issues as the source of truth:
|
|
- `#1` umbrella
|
|
- `#5` Gateway Trust Model
|
|
- `#8` Dependency Security
|
|
- `#9` Performance Hardening
|
|
|
|
Important instruction:
|
|
- Do NOT rotate or change the admin password during this pass.
|
|
|
|
First, re-verify the repo state before changing anything. Do not trust prior summaries blindly.
|
|
|
|
Current verified status:
|
|
- Completed: `#2`, `#3`, `#4`, `#6`, `#7`, `#10`
|
|
- Partial: `#5`, `#8`, `#9`
|
|
|
|
Remaining work by issue:
|
|
|
|
`#5 Gateway Trust Model`
|
|
Current state:
|
|
- Token validation is improved and uses protected endpoints.
|
|
- Inventory `/debug-nocodb` has been removed.
|
|
- Inventory search sanitization is better.
|
|
- The gateway still has a service-global trust model for gateway-key services.
|
|
|
|
What remains:
|
|
- Re-check whether the current gateway-key service model is acceptable as-is or should be narrowed further.
|
|
- If it stays, document it precisely and avoid claiming it was eliminated.
|
|
- Review inventory and similar internal services for any remaining permissive/debug/admin-style surfaces.
|
|
- Review whether service-global access should be limited at route level, method level, or by explicit allowlist.
|
|
- Make sure issue comments and final summary describe the trust model accurately, not optimistically.
|
|
|
|
Acceptance bar:
|
|
- No remaining accidental debug endpoint exposure.
|
|
- Remaining gateway-key trust assumptions are explicit, minimal, and documented.
|
|
- No false claim that per-user auth exists where it does not.
|
|
|
|
`#8 Dependency Security`
|
|
Current state:
|
|
- Budget dependency audit is clean.
|
|
- `.gitea/workflows/security.yml` exists.
|
|
|
|
What remains:
|
|
- Review the workflow for correctness and realism.
|
|
- Tighten the workflow if needed so repo-side enforcement is actually meaningful.
|
|
- Verify whether secret scanning and dependency checks cover the important paths.
|
|
- Do not mark this issue complete if a Gitea Actions runner is still required for execution.
|
|
- Clearly separate "repo-side complete" from "operationally active".
|
|
|
|
Acceptance bar:
|
|
- Workflow file is committed and sane.
|
|
- Remaining runner dependency is clearly documented.
|
|
- Issue remains partial or blocked if execution infrastructure is missing.
|
|
|
|
`#9 Performance Hardening`
|
|
Current state:
|
|
- Gateway dashboard response is cached.
|
|
- Budget summary is cached.
|
|
- Inventory `/issues` and `/needs-review-count` no longer full-scan all rows.
|
|
|
|
What remains:
|
|
- Re-check inventory endpoints for any other repeated full-table fetches.
|
|
- Re-check budget endpoints for repeated account fan-out, especially `/transactions/recent`.
|
|
- If Actual Budget API forces per-account queries, document that constraint explicitly.
|
|
- Prefer targeted improvements such as short-TTL caching, narrower query windows, or reused lookups over broad refactors.
|
|
- Do not mark this issue complete unless the remaining hot paths are either fixed or clearly bounded and documented.
|
|
|
|
Acceptance bar:
|
|
- The worst remaining repeated-scan or repeated-fan-out paths are either reduced or documented with clear justification.
|
|
- Final status does not overstate completion.
|
|
|
|
Instructions:
|
|
- Make minimal, production-oriented fixes.
|
|
- Preserve unrelated user changes.
|
|
- After each issue-sized change:
|
|
- verify it with direct checks
|
|
- comment on the relevant Gitea issue with:
|
|
- what changed
|
|
- files touched
|
|
- verification performed
|
|
- what remains
|
|
- Do not close `#5`, `#8`, or `#9` unless the actual code and behavior support it.
|
|
- If an issue is still partial, say so directly.
|
|
- Avoid renaming something and then claiming the underlying architectural concern is solved.
|
|
|
|
Final output format:
|
|
- `Completed:`
|
|
- `Partial:`
|
|
- `Blocked:`
|
|
- `Manual ops actions:`
|