CapaKraken

Files

T

Hartmut 0e119cfe73 security: close audit findings #19–#23 and harden Docker setup (#24 )

#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request
#20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch
#21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth
#22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds
#23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request

#24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob;
    run db:migrate:deploy on container start so a fresh checkout boots without manual steps

Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap)

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-04-01 18:19:21 +02:00

__tests__

test(api): widen resource capacity edge coverage

2026-04-01 07:52:40 +02:00

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

lib

security: close audit findings #19–#23 and harden Docker setup (#24 )

2026-04-01 18:19:21 +02:00

middleware

refactor(api): add redis-backed rate limiting fallback

2026-03-30 23:23:56 +02:00