Date: 2026-02-17
| Priority | Fix Item | Why It’s High Priority | Evidence | Source |
|---|---|---|---|---|
| Critical | Stop storing plaintext share tokens | DB read access currently reveals valid download links directly. | src/Agora.Domain/Entities/Share.cs:7, src/Agora.Infrastructure/Services/ShareManager.cs:121 |
Codex |
| Critical | Lock down/remove E2E mutation endpoints | If E2E mode is enabled outside isolated test envs, unauthenticated callers can create users and modify share expiry. | src/Agora.Web/Program.cs:305, src/Agora.Web/Program.cs:359 |
Claude + Codex |
| High | Enforce HTTPS + secure cookie posture | Prevent credential/session exposure and downgrade risk if deployment is misconfigured. | src/Agora.Web/Program.cs:51 (cookie config), no explicit UseHttpsRedirection/UseHsts |
Claude + Codex |
| High | Remove sensitive secrets/tokens from logs | Logged passwords/tokens can be replayed by anyone with log access. | src/Agora.Web/Program.cs:126, src/Agora.Web/logs/agora-20260217.log:91 |
Codex (+ Claude for password logging) |
| Fixed in 0.9.1 — rate limiting added for auth, authenticated, and download endpoints. | Codex | |||
| Fixed in 0.9.1 — antiforgery validation on unsafe HTTP methods. | Claude + Codex | |||
| Fixed in 0.9.1 — temporary account lockout after repeated failures. | Claude + Codex |