From 1d14ddcfe7a8131e96640cbcd337488ac2193878 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Sat, 21 Mar 2026 20:37:27 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20Wave=201=20complete=20=E2=80=94=20fix?= =?UTF-8?q?=20merge=20conflicts,=20update=20task=20status=20(#296)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jason Woltje Co-committed-by: Jason Woltje --- apps/gateway/src/chat/chat.gateway.ts | 34 ++++++++++++++++----------- docs/TASKS.md | 8 +++---- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/apps/gateway/src/chat/chat.gateway.ts b/apps/gateway/src/chat/chat.gateway.ts index 1d4916e..3961b6b 100644 --- a/apps/gateway/src/chat/chat.gateway.ts +++ b/apps/gateway/src/chat/chat.gateway.ts @@ -127,14 +127,17 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa // Persist the user message if (userId) { try { - await this.brain.conversations.addMessage({ - conversationId, - role: 'user', - content: data.content, - metadata: { - timestamp: new Date().toISOString(), + await this.brain.conversations.addMessage( + { + conversationId, + role: 'user', + content: data.content, + metadata: { + timestamp: new Date().toISOString(), + }, }, - }); + userId, + ); } catch (err) { this.logger.error( `Failed to persist user message for conversation=${conversationId}`, @@ -257,7 +260,7 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa */ private async ensureConversation(conversationId: string, userId: string): Promise { try { - const existing = await this.brain.conversations.findById(conversationId); + const existing = await this.brain.conversations.findById(conversationId, userId); if (!existing) { await this.brain.conversations.create({ id: conversationId, @@ -341,12 +344,15 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa } this.brain.conversations - .addMessage({ - conversationId, - role: 'assistant', - content: cs.assistantText, - metadata, - }) + .addMessage( + { + conversationId, + role: 'assistant', + content: cs.assistantText, + metadata, + }, + userId, + ) .catch((err: unknown) => { this.logger.error( `Failed to persist assistant message for conversation=${conversationId}`, diff --git a/docs/TASKS.md b/docs/TASKS.md index 196fddb..b0ea84c 100644 --- a/docs/TASKS.md +++ b/docs/TASKS.md @@ -15,12 +15,12 @@ | M1-006 | not-started | sonnet | M1: Persistence | Conversation search: full-text search on messages table via /api/conversations/search | — | #229 | | M1-007 | not-started | sonnet | M1: Persistence | TUI: /history command to display conversation message count and context usage | — | #230 | | M1-008 | not-started | haiku | M1: Persistence | Verify: send messages → kill TUI → resume with -c → agent references prior context | — | #231 | -| M2-001 | not-started | sonnet | M2: Security | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search | — | #232 | -| M2-002 | not-started | sonnet | M2: Security | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights() | — | #233 | +| M2-001 | done | sonnet | M2: Security | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search | #290 | #232 closed | +| M2-002 | done | sonnet | M2: Security | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights() | #290 | #233 closed | | M2-003 | done | sonnet | M2: Security | Audit PreferencesRepo: verify all queries filter by userId | #294 | #234 closed — already scoped | | M2-004 | done | sonnet | M2: Security | Audit agent memory tools: verify memory*search, memory_save*_, memory*get*_ scope to session user | #294 | #235 closed — FIXED userId injection | -| M2-005 | not-started | sonnet | M2: Security | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages | — | #236 | -| M2-006 | not-started | sonnet | M2: Security | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents | — | #237 | +| M2-005 | done | sonnet | M2: Security | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages | #293 | #236 closed | +| M2-006 | done | sonnet | M2: Security | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents | #293 | #237 closed | | M2-007 | not-started | sonnet | M2: Security | Integration test: create two users, populate data, verify cross-user isolation on every query path | — | #238 TDD | | M2-008 | not-started | sonnet | M2: Security | Audit Valkey keys: verify session keys include userId or are not enumerable across users | — | #239 | | M3-001 | not-started | opus | M3: Providers | Refactor ProviderService into IProviderAdapter pattern: register(), listModels(), healthCheck(), createClient() | — | #240 Verify Pi SDK compat |