singularity/singularity-forge

3528 commits 7 branches 0 tags 82 MiB

Author	SHA1	Message	Date
ace-pm	35dc87ef53	chore: sync workspace state after rebrand - Rebrand commits already in history (gsd → forge) - Sync pre-existing doc, docker, and CI config updates - All rebrand artifacts verified in place: * Native crates: forge-engine, forge-ast, forge-grep * Log prefixes: [forge] across 22+ files * Binary: ~/bin/sf-run * Workspace scopes: @sf-run/, @singularity-forge/ * Nix flake: Rust toolchain ready System ready for: nix develop && bun run build:native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 14:54:20 +02:00
Jeremy McSpadden	ab03677567	fix(security): activate auth middleware and harden shutdown/update routes (#4023 ) The Next.js auth middleware (proxy.ts) was never wired in — it exported `proxy` from a file named proxy.ts, but Next.js requires a `middleware` export from middleware.ts. The middleware-manifest.json was empty, leaving all 42 API routes accessible without authentication. Fixes: - Rename web/proxy.ts → web/middleware.ts, export `middleware` not `proxy` - Add defense-in-depth auth-guard to /api/shutdown and /api/update routes - Remove shell: true from update-service spawn (command injection surface) - Update contract tests to verify middleware file name and export Closes #4014 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 07:52:43 -04:00

Author

SHA1

Message

Date

ace-pm

35dc87ef53

chore: sync workspace state after rebrand

- Rebrand commits already in history (gsd → forge)
- Sync pre-existing doc, docker, and CI config updates
- All rebrand artifacts verified in place:
  * Native crates: forge-engine, forge-ast, forge-grep
  * Log prefixes: [forge] across 22+ files
  * Binary: ~/bin/sf-run
  * Workspace scopes: @sf-run/*, @singularity-forge/*
  * Nix flake: Rust toolchain ready

System ready for: nix develop && bun run build:native

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 14:54:20 +02:00

Jeremy McSpadden

ab03677567

fix(security): activate auth middleware and harden shutdown/update routes (#4023 )

The Next.js auth middleware (proxy.ts) was never wired in — it exported
`proxy` from a file named proxy.ts, but Next.js requires a `middleware`
export from middleware.ts. The middleware-manifest.json was empty,
leaving all 42 API routes accessible without authentication.

Fixes:
- Rename web/proxy.ts → web/middleware.ts, export `middleware` not `proxy`
- Add defense-in-depth auth-guard to /api/shutdown and /api/update routes
- Remove shell: true from update-service spawn (command injection surface)
- Update contract tests to verify middleware file name and export

Closes #4014

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-13 07:52:43 -04:00

Renamed from web/proxy.ts (Browse further)

2 commits