Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
790 Commits 8 Branches 1 Tag
40ca0c3046ba2f6682ff3e1335334e6af9a1d6b3
Commit Graph

4 Commits

Author SHA1 Message Date
Hartmut 40ca0c3046 security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51)
CI / Architecture Guardrails (pull_request) Successful in 2m6s
Details
CI / Lint (pull_request) Successful in 7m29s
Details
CI / Typecheck (pull_request) Successful in 8m3s
Details
CI / Unit Tests (pull_request) Successful in 8m11s
Details
CI / Build (pull_request) Successful in 5m24s
Details
CI / E2E Tests (pull_request) Successful in 5m25s
Details
CI / Fresh-Linux Docker Deploy (pull_request) Successful in 6m30s
Details
CI / Release Images (pull_request) Has been skipped
Details
CI / Assistant Split Regression (pull_request) Successful in 3m47s
Details 
Mechanical .max() bounds across 9 router schemas per the convention in
#51: IDs at 64, names at 200, search/filter strings at 500, arrays at
100-5000 depending on domain. Webhook secret bounded at min(16)/max(256).

Reports route now validates startDate/endDate via zod with year bounds
and rejects end<start. SSE timeline route enforces a per-user connection
cap of 8 (returns 429 with Retry-After). tRPC route rejects bodies over
2 MiB via Content-Length check before auth/DB work.

Covers 12 call-sites listed in #51. ESLint rule and zod conventions doc
remain as follow-up.
 2026-04-18 13:31:18 +02:00
Hartmut 3c0179fcec fix(api): wrap audit log writes inside their parent transactions 
Prevents mutations from committing without an audit trail if the
auditLog.create call fails after the main write already succeeded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-09 16:40:10 +02:00
Hartmut a76b173f4b refactor(api): narrow import-export procedure contexts 2026-03-31 22:55:26 +02:00
Hartmut f14d2679cc refactor(api): extract import export procedures 2026-03-31 20:36:46 +02:00