Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(comment): align mention audience with entity visibility

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 18:50:36 +02:00
parent 34067f1576
commit dd71e8f80b
7 changed files with 616 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/architecture-hardening-backlog.md
+35
View File
@@ -0,0 +1,35 @@
# Architecture Hardening Backlog
**Date:** 2026-03-30
**Purpose:** Keep the remaining cleanup work for the current quality/security scope in a single prioritized list, so small hardening slices can be completed before larger redesign work.
## Recently Completed
- SSE audience model narrowed to canonical `user:*`, `permission:*`, and `resource:*` scopes only
- CI architecture guardrail added for SSE audience scoping
- import boundaries hardened for server dispo workbooks and browser spreadsheet uploads
- AI and SMTP runtime diagnostics sanitized before they reach logs or admin-facing error messages
- transitive audit hotspots for `flatted` and `picomatch` pinned through root `pnpm.overrides`
- `apps/web` export paths migrated from direct `xlsx` usage to a shared `exceljs` workbook export helper
- `packages/application` workbook reading and `packages/engine` XLSX export serialization migrated from `xlsx` to `exceljs`
- `pnpm audit --audit-level=high` no longer reports high-severity dependency findings
- `apps/web` now has focused Vitest coverage for browser spreadsheet parsing and skill-matrix workbook parsing
- cron routes, Redis helpers, reminder scheduling, webhook dispatching, and SSE fallback paths now use structured logger calls instead of raw `console.*`
- `packages/api` now has focused Vitest coverage for reminder scheduler and webhook dispatcher logging failures
- `apps/web` typecheck is now decoupled from generated `.next-e2e` artifacts via a dedicated `tsconfig.typecheck.json`
- comment entity support is now centralized across shared constants, API registry policy, assistant tool metadata, and the web comment target API without pretending a second consumer exists
- `resource` is now onboarded as the second real comment entity, reusing the same ownership and staff-visibility rules as the resource detail route
- comment mention autocomplete now uses a dedicated entity-scoped API route instead of inheriting the narrower `user.listAssignable` audience
## Next Up
No queued hardening slice is currently pinned in this document.
Reassess after the current batch so the next item reflects the then-real highest-risk gap instead of stale cleanup residue.
## Working Rule
For the next batches, prefer work in this order:
1. remove or isolate known-risk runtime dependencies
2. add guardrails and tests around already-hardened code
3. only then expand architecture surface area