mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#180): Update pnpm to 10.27.0 in Dockerfiles

Browse Source 
Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity
vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926).

Changes:
- apps/api/Dockerfile: line 8
- apps/web/Dockerfile: lines 8 and 81

Fixes #180
This commit is contained in:
Jason Woltje
2026-02-01 20:52:43 -06:00
parent 6c065a79e6
commit a5416e4a66
15 changed files with 7175 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
docs/reports/m4.2-implementation-plan.md Normal file
View File

@@ -0,0 +1,186 @@
# M4.2-Infrastructure Implementation Plan
**Milestone:** M4.2-Infrastructure (0.0.4)
**Date:** 2026-02-01
**Orchestrator:** Claude Opus 4.5
## Issue Summary
| Issue | Title | Phase | Priority | Depends On | Est. Tokens | Model |
| ----- | ------------------------------------------------- | ----- | -------- | ---------- | ----------- | ------ |
| #162 | [EPIC] Mosaic Component Architecture | - | - | All | 0 | manual |
| #163 | [INFRA-001] Add BullMQ dependencies | 1 | p0 | none | 15,000 | haiku |
| #164 | [INFRA-002] Database schema for job tracking | 1 | p0 | none | 40,000 | sonnet |
| #165 | [INFRA-003] BullMQ module setup | 1 | p0 | #163 | 45,000 | sonnet |
| #166 | [INFRA-004] Stitcher module structure | 2 | p0 | #165 | 50,000 | sonnet |
| #167 | [INFRA-005] Runner jobs CRUD and queue submission | 2 | p0 | #164, #165 | 55,000 | sonnet |
| #168 | [INFRA-006] Job steps tracking | 2 | p0 | #164, #167 | 45,000 | sonnet |
| #169 | [INFRA-007] Job events and audit logging | 2 | p0 | #164, #167 | 55,000 | sonnet |
| #170 | [INFRA-008] mosaic-bridge module for Discord | 3 | p1 | #166 | 55,000 | sonnet |
| #171 | [INFRA-009] Chat command parsing | 3 | p1 | #170 | 40,000 | sonnet |
| #172 | [INFRA-010] Herald status updates | 3 | p1 | #169, #170 | 50,000 | sonnet |
| #173 | [INFRA-011] WebSocket gateway for job events | 4 | p1 | #169 | 45,000 | sonnet |
| #174 | [INFRA-012] SSE endpoint for CLI consumers | 4 | p1 | #169 | 40,000 | sonnet |
| #175 | [INFRA-013] End-to-end test harness | 5 | p0 | Phase 1-4 | 65,000 | sonnet |
| #176 | [INFRA-014] Integration with M4.1 coordinator | 5 | p0 | All M4.2 | 75,000 | opus |
| #179 | fix(security): Update Node.js dependencies | - | HIGH | none | 12,000 | haiku |
| #180 | fix(security): Update pnpm in Dockerfiles | - | HIGH | none | 10,000 | haiku |
| #181 | fix(security): Update Go stdlib in postgres | - | HIGH | none | 15,000 | haiku |
**Total Estimated Tokens:** ~712,000
## Dependency Graph
```
Phase 1: Core Infrastructure (Foundation)
┌───────────────────────────────────────────────────────────────┐
│ │
│ #163 BullMQ deps ──────┬──► #165 BullMQ module │
│ │ │
│ #164 Database schema ──┼──────────────────────────────────►│
│ │ │
│ #179,#180,#181 ◄───────┴─── Security (parallel anytime) │
│ │
└───────────────────────────────────────────────────────────────┘
Phase 2: Stitcher Service
┌───────────────────────────────────────────────────────────────┐
│ │
│ #165 ──► #166 Stitcher module ──────────────────────────► │
│ │
│ #164,#165 ──► #167 Runner jobs CRUD ──┬──► #168 Job steps │
│ │ │
│ └──► #169 Job events │
│ │
└───────────────────────────────────────────────────────────────┘
Phase 3: Chat Integration Phase 4: Real-time Status
┌──────────────────────────┐ ┌────────────────────────────┐
│ │ │ │
│ #166 ──► #170 Bridge │ │ #169 ──► #173 WebSocket │
│ │ │ │ │ │
│ ▼ │ │ └──► #174 SSE │
│ #171 Parser │ │ │
│ │ │ │ │
│ └──┬──► #172 │ │ │
│ #169 ─────┘ Herald │ │ │
│ │ │ │
└──────────────────────────┘ └────────────────────────────┘
Phase 5: Integration
┌───────────────────────────────────────────────────────────────┐
│ │
│ All Phase 1-4 ──► #175 E2E test harness │
│ │
│ All M4.2 ──► #176 Integration with M4.1 coordinator │
│ │
│ All complete ──► #162 EPIC (close) │
│ │
└───────────────────────────────────────────────────────────────┘
```
## Execution Plan (2 Parallel Agents Max)
### Wave 0: Security (Can run first, independent)
| Agent A | Agent B |
| ----------------- | --------------------- |
| #179 Node.js deps | #180 pnpm Dockerfiles |
| #181 Go stdlib | - |
### Wave 1: Foundation (Phase 1)
| Agent A | Agent B |
| ------------------ | -------------------- |
| #163 BullMQ deps | #164 Database schema |
| #165 BullMQ module | (wait for #163) |
### Wave 2: Stitcher Core (Phase 2, Part 1)
| Agent A | Agent B |
| -------------------- | --------------------- |
| #166 Stitcher module | #167 Runner jobs CRUD |
### Wave 3: Stitcher Events (Phase 2, Part 2)
| Agent A | Agent B |
| -------------- | --------------- |
| #168 Job steps | #169 Job events |
### Wave 4: Chat + Real-time (Phase 3 + 4)
| Agent A | Agent B |
| ------------------- | ---------------------- |
| #170 Bridge module | #173 WebSocket gateway |
| #171 Command parser | #174 SSE endpoint |
### Wave 5: Herald + E2E Setup
| Agent A | Agent B |
| ------------------- | ----------------------------- |
| #172 Herald updates | #175 E2E test harness (start) |
### Wave 6: Integration (Phase 5)
| Agent A | Agent B |
| ----------------- | --------------------- |
| #175 E2E complete | #176 M4.1 integration |
### Wave 7: Closure
| Agent A | Agent B |
| --------------- | ------------------ |
| Close #162 EPIC | Final verification |
## Quality Gates (Mandatory - Cannot Be Bypassed)
Every issue must pass:
1. **Unit Tests** - TDD required, minimum 85% coverage
2. **Type Check** - `pnpm typecheck` must pass
3. **Lint** - `pnpm lint` must pass
4. **Build** - `pnpm build` must pass
5. **Code Review** - Independent agent review before merge
6. **QA Verification** - Functional testing by separate agent
## Agent Protocol
1. **Before starting:** Read issue details, check dependencies are complete
2. **Create scratchpad:** `docs/scratchpads/{issue#}-{short-name}.md`
3. **Follow TDD:** Write tests first (RED), implement (GREEN), refactor
4. **Commit format:** `<type>(#{issue}): description`
5. **Quality gates:** Run all gates before marking complete
6. **Code review:** Request independent review
7. **Close issue:** Add completion comment with summary
## Orchestrator Checkpoints
- [ ] Wave 0 complete (security)
- [ ] Wave 1 complete (foundation)
- [ ] Wave 2 complete (stitcher core)
- [ ] Wave 3 complete (stitcher events)
- [ ] Wave 4 complete (chat + real-time)
- [ ] Wave 5 complete (herald + E2E setup)
- [ ] Wave 6 complete (integration)
- [ ] Wave 7 complete (closure)
- [ ] All issues closed
- [ ] EPIC #162 closed
- [ ] Token tracking report finalized
## Risk Mitigation
1. **Dependency conflicts:** BullMQ + existing ioredis - Agent must verify compatibility
2. **Schema migrations:** Test on dev database before production
3. **Discord API rate limits:** Implement proper throttling in bridge module
4. **WebSocket scaling:** Design for horizontal scaling from start
5. **Integration complexity:** Phase 5 may require opus-level reasoning
## Notes
- Maximum 2 parallel agents to prevent merge conflicts
- All agents must pull latest before starting work
- Coordinate via git commits, not direct communication
- Security issues are HIGH priority but don't block feature work