stack

🔴 [P0] Implement CSRF protection on state-changing endpoints p0 security web

#278 by jason.woltje was closed 2026-02-04 02:35:10 +00:00

🔴 [P0] Add comprehensive audit logging for security events api api p0 security

#277 by jason.woltje was closed 2026-02-04 02:27:53 +00:00

🔴 [P0] Add workspace authorization on incoming connections api api p0 security

#276 by jason.woltje was closed 2026-02-04 02:25:16 +00:00

🔴 [P0] Fix silent connection initiation failures api api p0

#275 by jason.woltje was closed 2026-02-04 02:21:49 +00:00

🔴 [P0] Sanitize agent spawn command payloads (command injection risk) api api p0 security

#274 by jason.woltje was closed 2026-02-04 02:18:10 +00:00

🔴 [P0] Implement capability enforcement for federation commands api api p0 security

#273 by jason.woltje was closed 2026-02-04 01:58:08 +00:00

🔴 [P0] Add rate limiting to all federation endpoints (DoS vulnerability) api api p0 security

#272 by jason.woltje was closed 2026-02-04 00:59:07 +00:00

🔴 [P0] Implement OIDC token validation (authentication bypass) api api p0 security

#271 by jason.woltje was closed 2026-02-04 01:31:33 +00:00 0 / 6

Enhance WikiLink XSS protection with comprehensive validation p2 security web

#201 by jason.woltje was closed 2026-02-04 05:00:23 +00:00

Enhance Mermaid XSS protection with DOMPurify and input sanitization p2 security web

#200 by jason.woltje was closed 2026-02-04 05:00:21 +00:00

Implement RLS context helpers consistently across all services api api database database p1 security

#195 by jason.woltje was closed 2026-02-04 04:45:23 +00:00 0 / 11

Fix workspace ID transmission mismatch between API and client api api p1 web

#194 by jason.woltje was closed 2026-02-04 04:38:52 +00:00 0 / 10

Align authentication mechanism between API and web client api api auth p1 web

#193 by jason.woltje was closed 2026-02-04 04:30:28 +00:00 0 / 12

M7.1-Remediation (0.0.8)