05cd47dc5d
Phase A — Recherche: - Deep analyse code V1+V2: 29 findings (2 P0, 8 P1, 12 P2, 7 P3) - Veille OSS Lot 11: 22 projets analysés (vLLM, AG-UI, TRL CLI, Prefect...) - Recherche HuggingFace: modèles persona-ready, datasets DPO, outils LoRA Phase B — Correctifs sécurité: - P0 SEC-01: Path traversal node-engine-runner.js (reject absolute + boundary check) - P0 SEC-04: V2 login role self-assignment (viewer default, ADMIN_TOKEN required) - P1 BUG-06: Health endpoint DATABASE_URL leak (redacted to storageMode) - P1 BUG-02: Timeout promise leak (AbortSignal cancel) - P1 SEC-03: Attachment endpoints unauthenticated (requireAdminNetwork) Phase C — Feature parity V2 (10/10): - Recovery on crash + cancel support (worker + storage + API) - Slash commands (11 commands + parser + permissions + 17 tests) - Conversational memory (addToMemory, buildLlmContext, clearMemory) - Status strip, subnet gate, retention sweep, export HTML - Tab completion (nicks + slash commands) - File upload (base64 in Chat.tsx) Phase D — Docker: - Multi-stage Dockerfile (Node 22 alpine, tini) - docker-compose.yml (5 services: app, api, worker, postgres, ollama) - .dockerignore 152 tests (119 backend + 33 React), 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>