chore(orchestrator): Add review remediation phase to tasks.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -97,18 +97,38 @@
|
||||
| MB-009 | done | Documentation: Matrix bridge setup and architecture | #386 | docs | feature/m12-matrix-bridge | MB-008 | | worker-9 | 2026-02-15T14:38Z | 2026-02-15T14:39Z | 10K | 12K |
|
||||
| MB-010 | done | Sample Matrix swarm deployment compose file | #387 | docker | feature/m12-matrix-bridge | | | | | 2026-02-15 | 0 | 0 |
|
||||
|
||||
| MB-011 | done | Remediate code review and security review findings | #377 | api | feature/m12-matrix-bridge | MB-001..MB-010 | | worker-10 | 2026-02-15T15:00Z | 2026-02-15T15:10Z | 30K | 145K |
|
||||
|
||||
### Phase Summary
|
||||
|
||||
| Phase | Tasks | Description |
|
||||
| ---------------------- | -------------- | -------------------------------- |
|
||||
| 1 - Foundation | MB-001, MB-002 | SDK install, dev infrastructure |
|
||||
| 2 - Module Integration | MB-003, MB-004 | Module registration, DB mapping |
|
||||
| 3 - Core Features | MB-005, MB-006 | Command handling, Herald adapter |
|
||||
| 4 - Advanced Features | MB-007 | Streaming responses |
|
||||
| 5 - Testing | MB-008 | E2E integration tests |
|
||||
| 6 - Documentation | MB-009 | Setup guide, architecture docs |
|
||||
| Phase | Tasks | Description |
|
||||
| ---------------------- | -------------- | --------------------------------------- |
|
||||
| 1 - Foundation | MB-001, MB-002 | SDK install, dev infrastructure |
|
||||
| 2 - Module Integration | MB-003, MB-004 | Module registration, DB mapping |
|
||||
| 3 - Core Features | MB-005, MB-006 | Command handling, Herald adapter |
|
||||
| 4 - Advanced Features | MB-007 | Streaming responses |
|
||||
| 5 - Testing | MB-008 | E2E integration tests |
|
||||
| 6 - Documentation | MB-009 | Setup guide, architecture docs |
|
||||
| 7 - Review Remediation | MB-011 | Fix all code review + security findings |
|
||||
|
||||
### Review Findings Resolved (MB-011)
|
||||
|
||||
| # | Severity | Finding | Fix |
|
||||
| --- | -------- | ---------------------------------------------------------- | -------------------------------------------------------------- |
|
||||
| 1 | CRITICAL | sendThreadMessage hardcodes controlRoomId — wrong room | Added channelId to ThreadMessageOptions, use options.channelId |
|
||||
| 2 | CRITICAL | void handleRoomMessage swallows ALL errors | Added .catch() with logger.error |
|
||||
| 3 | CRITICAL | handleFixCommand: dead thread on dispatch failure | Wrapped dispatch in try-catch with user-visible error |
|
||||
| 4 | CRITICAL | provisionRoom: orphaned Matrix room on DB failure | try-catch around DB update with logged warning |
|
||||
| 5 | HIGH | Missing MATRIX_BOT_USER_ID validation (infinite loop risk) | Added throw in connect() if missing |
|
||||
| 6 | HIGH | streamResponse finally block can throw/mask errors | Wrapped setTypingIndicator in nested try-catch |
|
||||
| 7 | HIGH | streamResponse catch editMessage can throw/mask | Wrapped editMessage in nested try-catch |
|
||||
| 8 | HIGH | HeraldService error log missing provider identity | Added provider.constructor.name to error log |
|
||||
| 9 | HIGH | MatrixRoomService uses unsafe type assertion | Replaced with public getClient() method |
|
||||
| 10 | HIGH | BridgeModule factory incomplete env var validation | Added warnings for missing vars when token set |
|
||||
| 11 | MEDIUM | setup-bot.sh JSON injection via shell variables | Replaced with jq -n for safe JSON construction |
|
||||
|
||||
### Notes
|
||||
|
||||
- #387 already completed in commit 6e20fc5
|
||||
- #377 is the EPIC issue — close when all child issues are done
|
||||
- #377 is the EPIC issue — closed after all reviews remediated
|
||||
- 187 tests passing after remediation (41 matrix, 20 streaming, 10 room, 26 integration, 27 herald, 25 discord, + others)
|
||||
|
||||
Reference in New Issue
Block a user