Skip to content

fix: viewer security hardening and evolve write ordering#69

Merged
rohitg00 merged 1 commit intomainfrom
fix/remaining-audit-issues
Mar 4, 2026
Merged

fix: viewer security hardening and evolve write ordering#69
rohitg00 merged 1 commit intomainfrom
fix/remaining-audit-issues

Conversation

@rohitg00
Copy link
Copy Markdown
Owner

@rohitg00 rohitg00 commented Mar 4, 2026
edited by coderabbitai Bot
Loading

Summary

Closes

Test plan

  • npm run build passes
  • All 216 tests pass
  • No regressions

Summary by CodeRabbit

Release Notes

  • Security Improvements
    • Strengthened authentication verification mechanisms
    • Added Content Security Policy headers for enhanced viewer security
    • Enforced content-type validation for API and governance requests to prevent malformed submissions
    • Improved request validation for better protection against invalid data

@rohitg00
fix: viewer security hardening and evolve write ordering
169939f 
- Viewer auth: use timing-safe HMAC comparison instead of string equality
- Viewer HTML: add Content-Security-Policy header
- Viewer POST/DELETE: validate Content-Type is application/json (415 on mismatch)
- Evolve: supersede old memory before saving new to prevent dual-latest on partial failure
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 4, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2f1d34f2-632c-4508-a580-a4f8522b0259

📥 Commits

Reviewing files that changed from the base of the PR and between 70999c3 and 169939f.

📒 Files selected for processing (2)
  • src/functions/relations.ts
  • src/viewer/server.ts
📝 Walkthrough

Walkthrough

The pull request reorders memory evolution write operations in the relations flow, then hardens the viewer server with security improvements: timing-safe authentication comparison, Content-Security-Policy headers, and Content-Type validation on POST and DELETE requests.

Changes

Cohort / File(s) Summary
Memory Evolution Reordering
src/functions/relations.ts		 Reorders KV write operations during memory evolution: removes initial write of evolved memory, defers it until after marking existing memory as non-latest, preserving end state consistency.
Viewer Server Security Hardening
src/viewer/server.ts		 Adds timing-safe authentication comparison for Bearer token validation, sets Content-Security-Policy header on HTML responses, and enforces Content-Type validation (application/json) on POST and DELETE requests with 415 error responses.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

Poem

🐰 Whiskers twitching with delight!
Auth now time-safe, policies tight,
Content-Type guards the gate,
Memory writes reordered straight,
Security hops feel just right! 🔐✨

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/remaining-audit-issues

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@rohitg00 rohitg00 merged commit 4a3f1ca into main Mar 4, 2026
1 check was pending
@rohitg00 rohitg00 deleted the fix/remaining-audit-issues branch March 4, 2026 07:33
@coderabbitai coderabbitai Bot mentioned this pull request Mar 18, 2026
Merged
4 tasks
@coderabbitai coderabbitai Bot mentioned this pull request Apr 12, 2026
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Apr 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@rohitg00