24 lines
997 B
Markdown
24 lines
997 B
Markdown
# Code Review Report — Gateway Security Hardening
|
|
|
|
## Scope Reviewed
|
|
|
|
- `apps/gateway/src/chat/chat.gateway-auth.ts`
|
|
- `apps/gateway/src/chat/chat.gateway.ts`
|
|
- `apps/gateway/src/conversations/conversations.dto.ts`
|
|
- `apps/gateway/src/chat/__tests__/chat-security.test.ts`
|
|
|
|
## Findings
|
|
|
|
- No blocker findings in the final changed surface.
|
|
|
|
## Review Summary
|
|
|
|
- Correctness: socket auth helper now returns Better Auth session data unchanged, and gateway disconnects clients whose handshake does not narrow to a valid session payload
|
|
- Security: conversation role validation now rejects `system`; conversation content ceiling is 32k; chat request ceiling remains 10k
|
|
- Testing: targeted auth, ownership, and DTO regression tests pass
|
|
- Quality: `pnpm typecheck`, `pnpm lint`, and `pnpm format:check` all pass after the final edits
|
|
|
|
## Residual Risk
|
|
|
|
- `chat.gateway.ts` uses local narrowing around an `unknown` session result because the requested helper contract intentionally returns `unknown`.
|