stack/apps/api/src at 7ead8b107604fdb15cb7152a5ec02bfcf8160282 - stack - Mosaic Gitea

mosaic/stack

Files

History

Jason Woltje 7ead8b1076 fix(#411 ): remediate backend review findings — COOKIE_DOMAIN, TRUSTED_ORIGINS validation, verifySession

- Wire COOKIE_DOMAIN env var into BetterAuth cookie config
- Add URL validation for TRUSTED_ORIGINS (rejects non-HTTP, invalid URLs)
- Include original parse error in validateRedirectUri error message
- Distinguish infrastructure errors from auth errors in verifySession
  (Prisma/connection errors now propagate as 500 instead of masking as 401)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-16 12:31:53 -06:00

..

fix(tests): Correct pipeline test failures (#239 )

2026-02-06 11:57:47 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

fix(#411 ): remediate backend review findings — COOKIE_DOMAIN, TRUSTED_ORIGINS validation, verifySession

2026-02-16 12:31:53 -06:00

fix(SEC-API-19+20): Validate brain search length and limit params

2026-02-06 13:29:03 -06:00

fix(#377 ): remediate code review and security findings

2026-02-15 03:00:53 -06:00

feat(#165 ): Implement BullMQ module setup

2026-02-01 21:01:25 -06:00

fix: replace flaky timing-based test with deterministic assertion

2026-02-15 19:11:15 -06:00

completion-verification

feat(#136 ): build Completion Verification Engine

2026-01-31 13:44:23 -06:00

continuation-prompts

feat(#137 ): create Forced Continuation Prompt System

2026-01-31 13:51:46 -06:00

coordinator-integration

fix(tests): Resolve pipeline #243 test failures

2026-02-06 12:15:21 -06:00

fix(api): import AuthModule in CredentialsModule for DI resolution

2026-02-11 21:14:20 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

chore: Clear technical debt across API and web packages

2026-01-30 18:26:41 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

fix(api): make federation config validation non-fatal at startup

2026-02-15 01:08:09 -06:00

fix(SEC-API-24): Sanitize error messages in global exception filter

2026-02-05 19:24:07 -06:00

fix(#377 ): remediate code review and security findings

2026-02-15 03:00:53 -06:00

fix(#196 ): fix race condition in job status updates

2026-02-02 12:51:17 -06:00

fix(api,orchestrator): fix remaining dependency injection issues

2026-02-08 22:24:37 -06:00

fix(api,orchestrator): fix remaining dependency injection issues

2026-02-08 22:24:37 -06:00

fix(SEC-REVIEW-4-7): Address remaining MEDIUM security review findings

2026-02-06 14:51:22 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

fix(SEC-API-27): Scope RLS context to transaction boundary

2026-02-06 15:07:49 -06:00

merge: resolve conflicts with develop (telemetry + lockfile)

2026-02-15 12:12:43 -06:00

feat(#351 ): Implement RLS context interceptor (fix SEC-API-4)

2026-02-07 12:25:50 -06:00

fix(SEC-API-28): Replace MCP console.error with NestJS Logger

2026-02-06 15:11:41 -06:00

mosaic-telemetry

merge: resolve conflicts with develop (telemetry + lockfile)

2026-02-15 12:12:43 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

feat(#130 ): add Personality Prisma schema and backend

2026-01-31 12:44:50 -06:00

fix(api): resolve Docker startup failures (secrets, Redis, Prisma)

2026-02-14 11:04:04 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

quality-gate-config

feat(#135 ): implement Quality Gate Configuration System

2026-01-31 13:33:04 -06:00

quality-orchestrator

docs: Add overlap analysis for non-AI coordinator patterns

2026-01-31 14:47:59 -06:00

rejection-handler

feat(#139 ): build Gate Rejection Response Handler

2026-01-31 14:01:42 -06:00

fix(api,orchestrator): fix dependency injection and Docker build issues

2026-02-08 21:59:19 -06:00

fix(#388 ): address PR review findings — fix WebSocket/REST bugs, improve error handling, fix types and comments

2026-02-15 03:44:33 -06:00

fix(tests): Resolve pipeline #243 test failures

2026-02-06 12:15:21 -06:00

feat(#93 ): implement agent spawn via federation

2026-02-03 14:37:06 -06:00

feat(#312 ): Implement core OpenTelemetry infrastructure

2026-02-04 12:52:20 -06:00

fix: address code review issues and cleanup QA reports

2026-01-31 15:01:18 -06:00

chore: Clear technical debt across API and web packages

2026-01-30 18:26:41 -06:00

fix(CQ-API-4): Remove Redis event listeners in onModuleDestroy

2026-02-05 19:16:37 -06:00

feat(#353 ): Create VaultService NestJS module for OpenBao Transit

2026-02-07 16:13:05 -06:00

fix(#338 ): Add tests verifying WebSocket timer cleanup on error

2026-02-05 18:50:19 -06:00

feat(#52 ): implement Active Projects & Agent Chains widget

2026-02-03 19:17:13 -06:00

workspace-settings

fix(api): Add AuthModule import to modules using AuthGuard

2026-02-01 01:48:09 -06:00

app.controller.test.ts

feat(#3 ): Add comprehensive tests and improve Prisma seed script

2026-01-28 16:24:25 -06:00

app.controller.ts

fix: exempt health endpoint from rate limiting

2026-02-16 03:21:46 -06:00

app.module.ts

merge: resolve conflicts with develop (M10-Telemetry + M12-MatrixBridge)

2026-02-15 12:31:08 -06:00

app.service.ts

feat(#1 ): Set up monorepo scaffold with pnpm workspaces + TurboRepo

2026-01-28 13:31:33 -06:00

cors.spec.ts

fix(SEC-API-25+26): Enable strict ValidationPipe + tighten CORS origin

2026-02-06 15:02:55 -06:00

main.ts

docs(#414 ): add TRUSTED_ORIGINS and COOKIE_DOMAIN to .env.example

2026-02-16 11:27:26 -06:00