mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
b5d600e39bd6f3ab2e4e3ea8f2a770ec25cd9485
stack/packages
History
Jason Woltje b5d600e39b
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
fix(memory): scope InsightsRepo operations to userId — M2-001/002 
Security audit findings and fixes:

M2-001 — searchByEmbedding: confirmed already user-scoped via WHERE user_id
M2-002 — findByUser: confirmed already user-scoped
M2-002 — decayOldInsights: was global (no userId filter); now requires userId
  param and scopes UPDATE to eq(insights.userId, userId). Added decayAllInsights
  as a separate system-only method for cron tier management.

Additional unscoped operations fixed:
- findById: added userId param + AND eq(userId) to prevent cross-user read
- update: added userId param + AND eq(userId) to prevent cross-user write
- remove: added userId param + AND eq(userId) to prevent cross-user delete
- memory.controller getInsight/removeInsight: now pass user.id for ownership
- summarization.service: switched tier-management cron to decayAllInsights

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-21 15:16:24 -05:00
..
agent
fix: Phase 0 verification — CI gates green (P0-009) (#70)
2026-03-13 02:28:38 +00:00
auth
feat(auth): add WorkOS and Keycloak SSO providers (rebased) (#220)
2026-03-21 12:57:07 +00:00
brain
perf: gateway + DB + frontend optimizations (P8-003)
2026-03-18 21:26:45 -05:00
cli
fix(cli): TUI polish — Ctrl+T, React keys, clipboard, version (#205)
2026-03-17 02:40:18 +00:00
coord
fix: coord review remediations (path traversal, JSON parse, race condition) (#81)
2026-03-13 03:43:49 +00:00
db
perf: gateway + DB + frontend optimizations (P8-003)
2026-03-18 21:26:45 -05:00
design-tokens
feat(web): scaffold Next.js 16 dashboard with design system and auth client (#82)
2026-03-13 13:18:09 +00:00
log
feat(Phase 4): Memory & Intelligence — memory, log, summarization, skills (#91)
2026-03-13 13:56:50 +00:00
memory
fix(memory): scope InsightsRepo operations to userId — M2-001/002
2026-03-21 15:16:24 -05:00
mosaic
feat(cli): add prdy, quality-rails, and wizard subcommands (#104)
2026-03-15 01:05:31 +00:00
prdy
feat(prdy): migrate @mosaic/prdy from v0 to v1 (#101)
2026-03-15 00:44:02 +00:00
quality-rails
feat(quality-rails): migrate @mosaic/quality-rails from v0 to v1 (#100)
2026-03-15 00:23:56 +00:00
queue
feat: auth middleware, brain data layer, Valkey queue (P1-002/003/004) (#71)
2026-03-13 02:37:56 +00:00
types
feat(types): CommandDef, CommandManifest, slash command socket events (#174)
2026-03-16 01:41:39 +00:00