mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#411): complete 2026-02-17 remediation sweep

Browse Source 
Apply RLS context at task service boundaries, harden orchestrator/web integration and session startup behavior, re-enable targeted frontend tests, and lock vulnerable transitive dependencies so QA and security gates pass cleanly.
This commit is contained in:
Jason Woltje
2026-02-17 14:19:15 -06:00
parent 254f85369b
commit cab8d690ab
22 changed files with 605 additions and 744 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
apps/api/src/tasks/tasks.service.spec.ts
View File

@@ -21,6 +21,7 @@ describe("TasksService", () => {
update: vi.fn(),
delete: vi.fn(),
},
withWorkspaceContext: vi.fn(),
};
const mockActivityService = {
@@ -75,6 +76,9 @@ describe("TasksService", () => {
// Clear all mocks before each test
vi.clearAllMocks();
mockPrismaService.withWorkspaceContext.mockImplementation(async (_userId, _workspaceId, fn) => {
return fn(mockPrismaService as unknown as PrismaService);
});
});
it("should be defined", () => {
@@ -95,6 +99,11 @@ describe("TasksService", () => {
const result = await service.create(mockWorkspaceId, mockUserId, createDto);
expect(result).toEqual(mockTask);
expect(prisma.withWorkspaceContext).toHaveBeenCalledWith(
mockUserId,
mockWorkspaceId,
expect.any(Function)
);
expect(prisma.task.create).toHaveBeenCalledWith({
data: {
title: createDto.title,
@@ -177,6 +186,29 @@ describe("TasksService", () => {
});
});
it("should use workspace context when userId is provided", async () => {
mockPrismaService.task.findMany.mockResolvedValue([mockTask]);
mockPrismaService.task.count.mockResolvedValue(1);
await service.findAll({ workspaceId: mockWorkspaceId }, mockUserId);
expect(prisma.withWorkspaceContext).toHaveBeenCalledWith(
mockUserId,
mockWorkspaceId,
expect.any(Function)
);
});
it("should fallback to direct Prisma access when userId is missing", async () => {
mockPrismaService.task.findMany.mockResolvedValue([mockTask]);
mockPrismaService.task.count.mockResolvedValue(1);
await service.findAll({ workspaceId: mockWorkspaceId });
expect(prisma.withWorkspaceContext).not.toHaveBeenCalled();
expect(prisma.task.findMany).toHaveBeenCalled();
});
it("should filter by status", async () => {
mockPrismaService.task.findMany.mockResolvedValue([mockTask]);
mockPrismaService.task.count.mockResolvedValue(1);