singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/web/app/api
History
Mikael Hugo 2d5a05a48b fix(security): resolve 7 findings from full-repo code review 
- Create web/middleware.ts to authenticate all API routes via bearer token
  and origin checks (previously unauthenticated due to missing middleware file)

- Fix path traversal in browse-directories: replace startsWith with
  realpathSync + relative + isAbsolute containment checks

- Fix XSS in session HTML export: escape raw HTML blocks via marked renderer

- Fix PTY process leak: destroy session on SSE stream cancellation

- Fix unhandled exception in terminal sessions POST: wrap getOrCreateSession
  in try/catch with structured JSON error response

- Fix silent child-process failure in headless dispatch: add exit handler
  to write failed claim when sf headless triage exits non-zero

- Fix TypeError on malformed claim JSON: add Array.isArray guard before
  accessing claim.ids.length

All changes type-check cleanly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-15 02:18:43 +02:00
..
boot style: format repository with biome 2026-05-05 14:31:16 +02:00
bridge-terminal style: format repository with biome 2026-05-05 14:31:16 +02:00
browse-directories fix(security): resolve 7 findings from full-repo code review 2026-05-15 02:18:43 +02:00
captures chore: commit current workspace state 2026-05-05 14:46:18 +02:00
cleanup chore: commit current workspace state 2026-05-05 14:46:18 +02:00
dev-mode style: format repository with biome 2026-05-05 14:31:16 +02:00
doctor chore: commit current workspace state 2026-05-05 14:46:18 +02:00
experimental chore: commit current workspace state 2026-05-05 14:46:18 +02:00
export-data chore: commit current workspace state 2026-05-05 14:46:18 +02:00
files chore: commit current workspace state 2026-05-05 14:46:18 +02:00
forensics chore: commit current workspace state 2026-05-05 14:46:18 +02:00
git chore: commit current workspace state 2026-05-05 14:46:18 +02:00
history chore: commit current workspace state 2026-05-05 14:46:18 +02:00
hooks chore: commit current workspace state 2026-05-05 14:46:18 +02:00
inspect chore: commit current workspace state 2026-05-05 14:46:18 +02:00
knowledge chore: commit current workspace state 2026-05-05 14:46:18 +02:00
live-state chore: commit current workspace state 2026-05-05 14:46:18 +02:00
notifications chore: commit current workspace state 2026-05-05 14:46:18 +02:00
onboarding chore: commit current workspace state 2026-05-05 14:46:18 +02:00
preferences chore: commit current workspace state 2026-05-05 14:46:18 +02:00
projects chore: commit current workspace state 2026-05-05 14:46:18 +02:00
recovery chore: commit current workspace state 2026-05-05 14:46:18 +02:00
remote-questions chore: commit current workspace state 2026-05-05 14:46:18 +02:00
session chore: commit current workspace state 2026-05-05 14:46:18 +02:00
settings-data chore: commit current workspace state 2026-05-05 14:46:18 +02:00
shutdown chore: commit current workspace state 2026-05-05 14:46:18 +02:00
skill-health chore: commit current workspace state 2026-05-05 14:46:18 +02:00
steer chore: commit current workspace state 2026-05-05 14:46:18 +02:00
switch-root chore: commit current workspace state 2026-05-05 14:46:18 +02:00
terminal fix(security): resolve 7 findings from full-repo code review 2026-05-15 02:18:43 +02:00
undo chore: commit current workspace state 2026-05-05 14:46:18 +02:00
update style: format repository with biome 2026-05-05 14:31:16 +02:00
visualizer chore: commit current workspace state 2026-05-05 14:46:18 +02:00
voice chore(web): upgrade all dependencies to latest stable 2026-05-10 11:52:54 +02:00