letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
491 Commits 8 Branches 0 Tags
a7d0dd95e2b3385361bccecb8bbc46b990f8cee1
Commit Graph

4 Commits

Author SHA1 Message Date
Matt
a7d0dd95e2 audit: append Context7-assisted dependency upgrade analysis (§34) 
Companion to the deps-auditor report. Per-major pros/cons informed by
upstream changelogs queried via Context7. Sequencing:

- Tier A (patches + esbuild minor) → do now
- Zod 4 + @hookform/resolvers 5 → couple together, codemod-able
- Next 15 → 16 (incl. middleware → proxy.ts rename) → 2-4 weeks
- Tailwind 4 → afternoon project, visual review pages
- Defer indefinitely: archiver 8 (failed last try), react-day-picker 10

Top-line baseline: 0 known vulns; no GPL/AGPL; lockfile reproducible.
Everything below is dev-experience/perf, not security-blocker.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 17:23:19 +02:00
Matt
0baca41693 audit: Tier 0 quick wins — EMAIL_REDIRECT_TO prod guard + storage routing + metadata masking 
Tier 0.2: src/lib/env.ts now refuses boot when NODE_ENV=production AND
EMAIL_REDIRECT_TO is set. Sendmail logs the rewrite at warn (was debug)
so dev/staging windows where someone forgets to unset are immediately
visible.

Tier 0.6: backup_jobs.storage_path added to TABLES_WITH_STORAGE_KEYS in
src/lib/storage/migrate.ts. Flipping the storage backend used to
silently orphan every pg_dump artefact — last-resort recovery path is
now actually portable.

Tier 1.7: createAuditLog now runs metadata through maskSensitiveFields
(was only applied to old/new value diffs). Portal-auth, crm-invite,
hard-delete and email-accounts services were writing raw emails into
this column unbounded.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 17:02:10 +02:00
Matt
bdc9c019a8 audit: append storage-pathing report — all 33 agents now inlined 
docs/AUDIT-2026-05-12.md now contains every audit verbatim
(6488 lines). Last to land was the S3-vs-internal-DB routing audit
covering the storage-backend boundary, presigned-URL round-trip,
magic-byte verification on both paths, migrate-storage coverage,
and orphan-blob risk on transaction failure.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 16:53:16 +02:00
Matt
4b9743a594 audit: 33-agent comprehensive audit + critical fixes 
Full team audit run, all reports verbatim in docs/AUDIT-2026-05-12.md
(5900+ lines, 30+ critical findings). Already-fixed this commit:
- permission-overrides PUT: self-target block + RolePermissions allow-list + cross-tenant guard
- /api/auth/resolve-identifier: rate-limit + synthetic miss-email kill enumeration
- admin email-change: rotates account.accountId + revokes sessions
- middleware: token-gated email confirm/cancel routes whitelisted
- NAV_CATALOG: 10 dead-link sweeps to existing /admin/<x> targets

Feature work landing same commit: optional username sign-in
(migration 0054), per-user permission overrides (0055) with three-state
matrix tabbed inside UserForm, user disable button, role + outcome +
stage label normalisation across the platform, admin email-change
with auto-notification template.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 16:52:35 +02:00