Harden the last three audit P2s#26
Merged
Merged
Conversation
CI workflow at .github/workflows/ci.yml — install + lint + test on Node 20 and 22, on every PR and push to main. Manual checks before merge stop being the only line of defense. Anthropic SDK maxRetries goes from its default 2 to 4. The SDK already handles 429 / 5xx / network retries internally; the audit suggested wrapping our own retry but that's redundant with existing SDK behavior. Bumping the SDK's own knob covers more transient blips with less code. scan-cache.json gains a cacheVersion field. When we change scan output shape later (new field, renamed key), bumping CACHE_VERSION in src/utils/scan-cache.js makes old caches miss instead of poisoning downstream commands with stale shapes. Closes audit P2 #4, #6, #7. All seven P2s now closed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CI workflow at .github/workflows/ci.yml — install + lint + test on Node 20 and 22, on every PR and push to main. Manual checks before merge stop being the only line of defense.
Anthropic SDK maxRetries goes from its default 2 to 4. The SDK already handles 429 / 5xx / network retries internally; the audit suggested wrapping our own retry but that's redundant with existing SDK behavior. Bumping the SDK's own knob covers more transient blips with less code.
scan-cache.json gains a cacheVersion field. When we change scan output shape later (new field, renamed key), bumping CACHE_VERSION in src/utils/scan-cache.js makes old caches miss instead of poisoning downstream commands with stale shapes.