fix(reports): release hardening for rc.13 (claim, audit, channel validation)#660
Merged
Merged
Conversation
…dation) Pre-release quality + security pass on the Reports surface ahead of v0.2.0-rc.13. Release: - Bump version.env to 0.2.0-rc.13 (Eyrie). - Add the 0.2.0-rc.13 CHANGELOG entry (four report kinds, OSCAL SAR, scheduled email delivery, async rendering + report.ready bell, Ed25519 signing, migrations 0043-0046). Hardening: - Dispatcher now claims due schedules atomically with FOR UPDATE SKIP LOCKED (ClaimDue advances next_run_at in the locked tx; MarkResult records the outcome), so two concurrent dispatchers never double-send a scheduled report. - Emit audit events on report generate and on schedule create / toggle / delete (report.generated, report.schedule.created/.toggled/.deleted). - Reject a non-email (or unknown) delivery channel at schedule create (400) instead of failing silently at dispatch. - CRLF-sanitize report-email subject + attachment filename (header-injection defense, CWE-93). Tests: - freshAPIServer truncates report_schedules / report_snapshots / notification_channels between API tests (isolation gap). - New AC-05 no-double-claim test for ClaimDue; schedule API test asserts the create audit event and the non-email-channel 400. Specs: - system-report-schedule -> 1.1.0 (C-03 atomic claim, C-04 CRLF, C-05 channel validation + audit, AC-04 extended, AC-05 added). - api-reports -> 1.14.0 (C-06 report.generated audit).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pre-release quality + security pass on the Reports surface ahead of
v0.2.0-rc.13, implementing the remediation set chosen from the release
review (Blockers + HIGH + M1 + the quick wins).
Release (B1, B2)
packaging/version.envto0.2.0-rc.13(Eyrie).0.2.0-rc.13CHANGELOG entry: four report kinds, OSCAL SAR,scheduled email delivery, async rendering +
report.readynotificationbell, Ed25519 signing, migrations 0043–0046.
Hardening (H1, H2, M2, L1)
schedules with
FOR UPDATE SKIP LOCKED.ClaimDueadvancesnext_run_atinside the locked transaction;
MarkResultrecords the per-run outcome. Twoconcurrent dispatchers see disjoint sets, so a scheduled report is never
double-generated or double-emailed (mirrors the scan/remediation job queue).
emit audit events (
report.generated,report.schedule.created/.toggled/.deleted).rejected at schedule create (400) instead of failing silently at every
dispatch.
(header-injection defense, CWE-93).
Test isolation (M1)
freshAPIServertruncatesreport_schedules/report_snapshots/notification_channelsbetween API tests (closed isolation gap).Tests + specs
AC-05no-double-claim test forClaimDue; the schedule API testasserts the create audit event (async, polled) and the non-email-channel
400.
system-report-schedule→ 1.1.0 (C-03 atomic claim, C-04 CRLF, C-05channel validation + audit, AC-04 extended, AC-05 added).
api-reports→ 1.14.0 (C-06report.generatedaudit).the dead
ReportsPageComingSoon copy replaced with accurate text.Validation
gofmt/go build ./.../go vetcleanreportschedule,notification,report,auditpackages passinternal/serverAPI surface passes (-parallel 2, 229s)specter check0 errors; structural coverage 100% (--strictness annotation)tsc/eslint/prettier/vitestpassDeferred (fast-follow, per chosen scope)
M3 (host:write vs a report-specific permission), M4 (remaining AC coverage),
L2 / L3 / L5 from the review were intentionally left out of this PR.