Harden Pillow dependency floor to patched range for active image parsing CVEs by Copilot · Pull Request #7 · parkcheolhong/codeAI

Copilot · 2026-05-08T09:50:02Z

Multiple open advisories targeted the project’s Pillow version window, including PSD out-of-bounds writes and FITS GZIP decompression bomb risks. The backend dependency spec allowed vulnerable versions (>=10.4,<12.0) in pyproject.toml.

Dependency constraint hardening
- Raised Pillow in pyproject.toml from >=10.4,<12.0 to >=12.2,<13.0, moving resolution to a range that excludes the reported vulnerable versions.
Dependency source alignment
- Kept project dependency declarations consistent with the already-patched requirements.txt constraint (Pillow>=12.2,<13.0) to avoid split-resolution behavior across install paths.

# pyproject.toml
dependencies = [
  # ...
  "Pillow>=12.2,<13.0",
  # ...
]

Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com>

parkcheolhong

수정 감사합니다

Copilot

Pull request overview

Hardens the backend’s Pillow dependency floor to a patched range to mitigate active image parsing CVEs and prevent divergent dependency resolution between installation methods.

Changes:

Raised Pillow constraint in pyproject.toml from >=10.4,<12.0 to >=12.2,<13.0.
Aligned pyproject.toml dependency range with the existing requirements.txt Pillow pin to avoid split-resolution.

* Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update .github/workflows/codeql.yml 변경 감사합니다 Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Potential fix for pull request finding 커밋합니다. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces (#5) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces 수정해줘 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix profiler backend default host to loopback --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix: harden auth recovery security (#6) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update .github/workflows/codeql.yml 변경 감사합니다 Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Potential fix for pull request finding 커밋합니다. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 변경해주세요, Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces (#5) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces 수정해줘 * Fix profiler backend default host to loopback --------- * fix: harden auth recovery security (#6) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- --------- * Update .github/workflows/codeql.yml 변경 감사합니다 * Potential fix for pull request finding 커밋합니다. * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 --------- * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 변경해주세요, * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 --------- --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix: harden auth recovery security Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update .github/workflows/codeql.yml 변경 감사합니다 Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Potential fix for pull request finding 커밋합니다. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 변경해주세요, Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 병합해주세요 (#16) (#18) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces (#5) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces 수정해줘 * Fix profiler backend default host to loopback --------- * fix: harden auth recovery security (#6) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- --------- * Update .github/workflows/codeql.yml 변경 감사합니다 * Potential fix for pull request finding 커밋합니다. * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 --------- * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 변경해주세요, * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 --------- --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 병합 확인 (#19) * fix: harden auth recovery security Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update .github/workflows/codeql.yml 변경 감사합니다 Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Potential fix for pull request finding 커밋합니다. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 변경해주세요, Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com> * 병합해주세요 (#16) (#18) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces (#5) * Potential fix for code scanning alert no. 2: Binding a socket to all network interfaces 수정해줘 * Fix profiler backend default host to loopback --------- * fix: harden auth recovery security (#6) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/3d52b2c5-9c5a-43f7-91a5-9587bc9ce9a5 * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- * Copilot/fix unauthorized data in path expression (#15) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * 검증확인했습니다, 병합해주세요 (#14) * Harden Pillow dependency floor to patched range for active image parsing CVEs (#7) * chore: raise Pillow minimum version to 12.2 Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 * chore: remove accidental pycache artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 --------- * Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns (#8) * chore: start codeql alert remediation plan Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: remediate CodeQL security and quality findings Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 * fix: finalize CodeQL remediation hardening updates Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/e096e163-c0eb-430e-95b8-006690b13d72 --------- * Sanitize health diagnostic errors to avoid exception detail exposure (#9) * fix: redact health diagnostic exception details Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: make health sanitization checks portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * chore: remove compiled test artifacts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: normalize diagnostic error codes Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * test: share diagnostic error code fixture Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 * refactor: simplify safe diagnostic code map Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/5d18c2d0-8dda-4817-837b-37752598afa6 --------- * Potential fix for code scanning alert no. 4: Information exposure through an exception (#10) * fix(ci): set explicit python-version in codeql workflow (#11) Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/4ea2a28e-7f09-4b9d-a3df-785939fa43ac * fix: webauthn stub in tests, timezone-aware datetimes, Pydantic v2 ConfigDict, add .gitignore (#12) * fix(tests): stub webauthn in auth_router test fixture to fix import failures Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 * fix: stub webauthn in tests, replace datetime.utcnow, fix Pydantic Config, add .gitignore Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/63299979-62f4-489f-a1d2-307336759de9 --------- * Add consolidated design-change report and expanded PR body draft (#13) * docs: add overall design change and PR report Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: make PR report paths portable Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d * docs: clarify bilingual PR report structure Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/82b0addf-4e64-42b9-ac75-63d99a14f84d --------- --------- * Update .github/workflows/codeql.yml 변경 감사합니다 * Potential fix for pull request finding 커밋합니다. * fix: address PR review feedback for auth and progress persistence Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/54ddac5c-9ffc-4dd9-8328-a90404f7b582 --------- * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 수정해주세요 * Potential fix for pull request finding 변경해주세요, * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항에 맞게 수정해주세요. * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 제안 사항 감사합니다, 수정해주세요 * Potential fix for pull request finding 'CodeQL / Uncontrolled data used in path expression' 수정해주세요 * Harden orchestrator progress file paths and profiler bind host policy (#17) * fix: harden path handling and profiler bind defaults for CodeQL alerts Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: address review nits for host and run_id normalization Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * fix: tighten localhost and hostname validation for profiler bind Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 * chore: improve profiler host validation diagnostics Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/320282cc-04c8-415c-bacc-8f409266cde2 --------- --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Copilot AI and others added 2 commits May 8, 2026 09:44

chore: raise Pillow minimum version to 12.2

71a36a7

Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com>

chore: remove accidental pycache artifacts

cdd6616

Agent-Logs-Url: https://github.com/parkcheolhong/codeAI/sessions/9ec743ae-a698-4cc0-aa87-8825771cb8d6 Co-authored-by: parkcheolhong <111139476+parkcheolhong@users.noreply.github.com>

Copilot AI assigned Copilot and parkcheolhong May 8, 2026

Copilot created this pull request from a session on behalf of parkcheolhong May 8, 2026 09:50 View session

parkcheolhong marked this pull request as ready for review May 8, 2026 09:50

Copilot AI review requested due to automatic review settings May 8, 2026 09:50

parkcheolhong merged commit 7852209 into main May 8, 2026
1 check passed

Copilot started reviewing on behalf of parkcheolhong May 8, 2026 09:51 View session

parkcheolhong reviewed May 8, 2026

View reviewed changes

Copilot AI reviewed May 8, 2026

View reviewed changes

parkcheolhong mentioned this pull request May 11, 2026

병합해주세요 (#16) #18

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Harden Pillow dependency floor to patched range for active image parsing CVEs#7

Harden Pillow dependency floor to patched range for active image parsing CVEs#7
parkcheolhong merged 2 commits intomainfrom
copilot/fix-oob-write-error-psd

Copilot AI commented May 8, 2026

Uh oh!

Uh oh!

parkcheolhong left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented May 8, 2026

Uh oh!

Uh oh!

parkcheolhong left a comment

Choose a reason for hiding this comment

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants