docs(security): reconcile SEC-6/7/8 status drift with verified code#182
Merged
Conversation
…tate External readers were misled by inconsistent security-status docs. Verified each item against the actual code (importers/wiring, not just file presence): - SEC-7 (plugin worker isolation): DELIVERED + wired — workers/plugin.worker.ts is used by pluginRegistry.ts + workerBusManager.ts with adversarial tests. .github/SECURITY.md was stale (⬜) → now ✅. - SEC-8 (voice WASM download UX): DELIVERED + wired — VoiceModelDownloadModal used by VoiceSettingsSection. .github/SECURITY.md stale (⬜) → now ✅. - SEC-6 (DuckDB OPFS encryption): NOT truly delivered. The module services/duckdb/duckdbEncryption.ts + its unit tests exist, but ALL six exported symbols have 0 production callers — it is not wired into the persistence path, so DuckDB analytics are NOT encrypted at rest. TODO.md and the threat-model checklist over-claimed this as ✅; corrected to a truthful "module exists, integration pending" across .github/SECURITY.md (🟡 Partial), docs/SECURITY-THREAT-MODEL.md (line 44 + checklist), and TODO.md (P0-4). Marking it "complete" would assert an at-rest control that does not exist — the more dangerous drift. Also ran scripts/sync-readme-metrics.mjs (recommended housekeeping): README i18n-key metric 2716 → 2726 (drift fix). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
qnbs
added a commit
that referenced
this pull request
Jun 17, 2026
Command-level companion to docs/CODEANT-REVIEW-LOOP.md for running the loop across multiple open PRs in one combined pass. Captures the live state of the architecture-refactor batch (PRs #177–#182) and #177's in-progress detail (3 findings fixed in c7638f1; 2 to justify; threads to reply/resolve) so a later session can resume and process this plan's PRs together with the next plan's PRs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Owner
Author
|
@CodeAnt-AI review |
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Sequence DiagramThis diagram illustrates how analytics data currently flows to DuckDB storage without at-rest encryption and shows the intended, but not yet integrated, encryption module, matching the reconciled SEC-6 documentation in this PR. sequenceDiagram
participant User
participant App
participant Analytics
participant DuckDBClient
participant DuckDBEncryption
participant OPFSStorage
User->>App: Use features that generate analytics
App->>Analytics: Record analytics event
Analytics->>DuckDBClient: Append analytics data
DuckDBClient->>OPFSStorage: Persist analytics data unencrypted
opt Planned encryption integration SEC-6
DuckDBClient->>DuckDBEncryption: Encrypt analytics payload before write
DuckDBEncryption-->>DuckDBClient: Return encrypted data
end
Generated by CodeAnt AI |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Context
.github/SECURITY.md,docs/SECURITY-THREAT-MODEL.md, andTODO.mddisagreed on the status of three Phase-3 security items, so external readers saw either phantom open gaps or phantom delivered controls. Each item was verified against the actual code (importers + wiring, not just file existence) before changing any status.Findings & fixes
workers/plugin.worker.tsused bypluginRegistry.ts+workerBusManager.ts; adversarial tests.github/SECURITY.md⬜ → ✅VoiceModelDownloadModalused byVoiceSettingsSection.github/SECURITY.md⬜ → ✅services/duckdb/duckdbEncryption.ts+ unit tests exist, but all 6 exported symbols have 0 production callers; not wired into the persistence path → analytics not encrypted at restTODO.md+ threat-model checklist to "module exists, integration pending";.github/SECURITY.md→ 🟡 PartialMarking SEC-6 "complete" would assert an at-rest security control that does not exist — the more dangerous direction of drift — so it is now truthfully represented everywhere.
Also ran
scripts/sync-readme-metrics.mjs(recommended housekeeping): README i18n-key metric 2716 → 2726.Verification
duckdbEncryptionexports; confirmed importers for plugin worker + voice modal).🤖 Generated with Claude Code
CodeAnt-AI Description
Reconcile security status docs with what is actually shipped
What Changed
Impact
✅ Clearer security status for readers✅ Fewer false “open” security gaps✅ Fewer false claims of encrypted analytics at rest💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.