CapaKraken

Author	SHA1	Message	Date
Hartmut	17471af7f8	security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51 , PR #59 ) CI / Architecture Guardrails (push) Successful in 3m38s Details CI / Assistant Split Regression (push) Successful in 4m40s Details CI / Lint (push) Successful in 5m17s Details CI / Typecheck (push) Successful in 5m46s Details CI / Build (push) Successful in 7m1s Details CI / Unit Tests (push) Failing after 9m41s Details CI / Release Images (push) Has been cancelled Details CI / Fresh-Linux Docker Deploy (push) Has been cancelled Details CI / E2E Tests (push) Has started running Details Closes #51 (ESLint rule + conventions doc remain as follow-up). Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>	2026-04-18 13:53:28 +02:00
Hartmut	1833182e90	fix(security): harden input validation schemas and fix SSR sanitize bypass - blueprint rolePresets: cap array at 100 items to prevent storage abuse - notification CreateManagedNotification: add .max() on title (500), body (2000), type (100), entityType/entityId (200), link (1000), taskAction (200) - settings: add .max() on all string config fields; add regex allowlist (/^[a-zA-Z0-9._-]+$/) on model name fields (geminiModel, azureDalleDeployment, azureOpenAiDeployment) to prevent path manipulation - sanitizeHtml: fix SSR bypass — server-side branch now strips HTML tags instead of returning the raw string unchanged Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-09 21:38:16 +02:00
Hartmut	8c5be51251	feat(platform): checkpoint current implementation state	2026-04-01 07:42:03 +02:00
Hartmut	6e84b022c3	fix(api): harden notification assignee persistence	2026-03-31 22:52:09 +02:00
Hartmut	4111b7b661	refactor(api): split notification procedure support	2026-03-31 21:56:15 +02:00

5 Commits