Files
Codex Local 05cd47dc5d Lot 11: feature parity V2, correctifs sécurité P0/P1, Docker, veille OSS
Phase A — Recherche:
- Deep analyse code V1+V2: 29 findings (2 P0, 8 P1, 12 P2, 7 P3)
- Veille OSS Lot 11: 22 projets analysés (vLLM, AG-UI, TRL CLI, Prefect...)
- Recherche HuggingFace: modèles persona-ready, datasets DPO, outils LoRA

Phase B — Correctifs sécurité:
- P0 SEC-01: Path traversal node-engine-runner.js (reject absolute + boundary check)
- P0 SEC-04: V2 login role self-assignment (viewer default, ADMIN_TOKEN required)
- P1 BUG-06: Health endpoint DATABASE_URL leak (redacted to storageMode)
- P1 BUG-02: Timeout promise leak (AbortSignal cancel)
- P1 SEC-03: Attachment endpoints unauthenticated (requireAdminNetwork)

Phase C — Feature parity V2 (10/10):
- Recovery on crash + cancel support (worker + storage + API)
- Slash commands (11 commands + parser + permissions + 17 tests)
- Conversational memory (addToMemory, buildLlmContext, clearMemory)
- Status strip, subnet gate, retention sweep, export HTML
- Tab completion (nicks + slash commands)
- File upload (base64 in Chat.tsx)

Phase D — Docker:
- Multi-stage Dockerfile (Node 22 alpine, tini)
- docker-compose.yml (5 services: app, api, worker, postgres, ollama)
- .dockerignore

152 tests (119 backend + 33 React), 0 failures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 06:38:45 +01:00
..