Promote develop-auto security-review campaign + landing video → develop (#856)#857
Open
chronoai-shining wants to merge 21 commits into
Open
Promote develop-auto security-review campaign + landing video → develop (#856)#857chronoai-shining wants to merge 21 commits into
chronoai-shining wants to merge 21 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promote
develop-auto→develop(security-review campaign + landing video)Closes #856
Promotes the autonomous security-review campaign plus the landing hero video from
develop-autointodevelop, in preparation for the next release.develop-auto=v0.9.1+ 20 commits, 0 behinddevelop, 0 merge conflicts.What's included (20 commits)
Security hardening
./..in GitHub owner/repo identifiers ([Bug] Reject traversal/dot segments in GitHub owner/repo identifiers (mirror + pull) #818)POST /playground/chat([Bug] Add a per-user rate limit to POST /playground/chat #809); key anon limits on a trusted client IP not raw XFF ([Bug] Key anonymous rate limits on a trusted client IP, not raw XFF #813); shared-store contract ([Misc] Back the rate limiter with a shared store (per-pod/restart-reset today) #814)skip()([Bug] Bound pagination page to stop unbounded MongoDB skip() #810)503 org_membership_unavailablevs resolved-not-member →403 not_org_member([Bug] setSkillPermissions returns spurious 403 when org memberships are unresolved (follow-up to #815) #842)token/accessToken/userAccessToken/clientSecret/privateKeyacross all Pino roots ([Misc] Redact token/clientSecret/privateKey/accessToken in Pino logs #817)ENCRYPTION_KEYdoc correctness ([Docs] Correct the stale ENCRYPTION_KEY dev-sentinel claim in config doc #821); remove deadrequireOwnerOrAdminhelper ([Misc] Remove the unused requireOwnerOrAdmin authz helper #820)timeout_secsto advertised 1–600 ([Bug] Clamp playground sandbox timeout_secs to the advertised 1-600 range #819)Feature
Every commit carries a changeset (21 changesets present), so the
develop → mainrelease flow will version correctly (→ next minor/patch).Validation — full A/B regression vs v0.9.1 on local k8s (
ornn-cluster)Built and deployed both versions to the live cluster (docker-desktop) and ran an identical suite against each.
In-repo suite on the integrated
develop-autoHEAD (595b883) — all green:ornn-apibun testornn-webvitestHeroVideo.test.tsx)Live A/B (deployed v0.9.1 baseline vs deployed develop-auto):
/livez,/me,/me/orgs,/me/quota,/me/models,skill-search(empty + query), skill get +/json,skill-format/rules, manifest schema,users/search,admin/skills, 404 contract, unauth-gate.429s; ornn-api logs showrateLimit key=user:<id> label=playground-chat count=21..25 max=20 → 429 "Retry in 60s".user:<id>; correctly admin-bypassed by design (service.ts:514 if (!actor.isPlatformAdmin)), so the live admin token returns 200; the gate for non-admins is proven by the 964-test suite.user:<id>only, no bearer/secret in plaintext.ENCRYPTION_KEYfail-fast does not crash with the deployed secret).Web (landing hero video, #318):
<video autoplay muted loop playsInline>with posterornn-intro-poster.jpg+ sourceornn-intro.mp4, readyState 4, playing, 1920×1080, assets served (200), no console errors. Absent in v0.9.1.Known deferred (not blocking this promotion)
/users/search+/users/resolvedid not land (PR [Misc] Gate/scope user-directory enumeration on /users/search and /users/resolve #845 is red on an env-at-import test flake; root cause diagnosed in follow-up(#816): /auto could not converge #846). It is not a regression — those endpoints behave exactly as in v0.9.1 (live parity confirmed). Decide whether to land follow-up(#816): /auto could not converge #846's fix before cuttingdevelop → main.Merge notes
develop. Merge with a merge commit (not squash) to preserve the per-issue history + changesets.develop → main+ changeset-release flow consumes the 21 changesets and bumps the version.