singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/packages/coding-agent
History
Mikael Hugo 2d5a05a48b fix(security): resolve 7 findings from full-repo code review 
- Create web/middleware.ts to authenticate all API routes via bearer token
  and origin checks (previously unauthenticated due to missing middleware file)

- Fix path traversal in browse-directories: replace startsWith with
  realpathSync + relative + isAbsolute containment checks

- Fix XSS in session HTML export: escape raw HTML blocks via marked renderer

- Fix PTY process leak: destroy session on SSE stream cancellation

- Fix unhandled exception in terminal sessions POST: wrap getOrCreateSession
  in try/catch with structured JSON error response

- Fix silent child-process failure in headless dispatch: add exit handler
  to write failed claim when sf headless triage exits non-zero

- Fix TypeError on malformed claim JSON: add Array.isArray guard before
  accessing claim.ids.length

All changes type-check cleanly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-15 02:18:43 +02:00
..
scripts feat(web): add error boundaries, expand test coverage, add README 2026-05-10 11:24:40 +02:00
src fix(security): resolve 7 findings from full-repo code review 2026-05-15 02:18:43 +02:00
package.json build: switch full build pipeline to TypeScript 7 native (tsgo) 2026-05-10 11:58:58 +02:00
tsconfig.json sf snapshot: uncommitted changes after 268m inactivity 2026-05-15 02:08:06 +02:00