singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/web/app
History
Mikael Hugo 2d5a05a48b fix(security): resolve 7 findings from full-repo code review 
- Create web/middleware.ts to authenticate all API routes via bearer token
  and origin checks (previously unauthenticated due to missing middleware file)

- Fix path traversal in browse-directories: replace startsWith with
  realpathSync + relative + isAbsolute containment checks

- Fix XSS in session HTML export: escape raw HTML blocks via marked renderer

- Fix PTY process leak: destroy session on SSE stream cancellation

- Fix unhandled exception in terminal sessions POST: wrap getOrCreateSession
  in try/catch with structured JSON error response

- Fix silent child-process failure in headless dispatch: add exit handler
  to write failed claim when sf headless triage exits non-zero

- Fix TypeError on malformed claim JSON: add Array.isArray guard before
  accessing claim.ids.length

All changes type-check cleanly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-15 02:18:43 +02:00
..
api fix(security): resolve 7 findings from full-repo code review 2026-05-15 02:18:43 +02:00
globals.css chore: commit current workspace state 2026-05-05 14:46:18 +02:00
layout.tsx chore: commit current workspace state 2026-05-05 14:46:18 +02:00
page.tsx style: format repository with biome 2026-05-05 14:31:16 +02:00