Skip to content

Commit 20ff3a3

Browse files
devopamclaude
andauthored
docs(security-hardening): correct stale "Queued" note (#254)
The section intro claimed only 'Pluggable secrets backend' remained queued, but that shipped (✅). The two genuinely-remaining items are the NL->SQL prompt-injection hardening and the EXPLAIN dry-run pre-flight (both ⬜, both scoped to translate_nl_to_sql). Flag them as the current top security priority and a natural single focused PR. Claude-Session: https://claude.ai/code/session_0122yLZLJ8t4W43sdN6BmTZc Co-authored-by: Claude <noreply@anthropic.com>
1 parent 3ea8e65 commit 20ff3a3

1 file changed

Lines changed: 6 additions & 3 deletions

File tree

docs/security-hardening.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -122,9 +122,12 @@ left in place.
122122

123123
## Queued (next focused PRs)
124124

125-
> Most of this section has now shipped. Only **Pluggable secrets
126-
> backend** remains queued; the rest are marked ✅ with the landing
127-
> note inline.
125+
> Most of this section has now shipped (each marked ✅ with the
126+
> landing note inline). Two items remain, both small and both scoped
127+
> to `translate_nl_to_sql` / `mcpg.nl2sql`: **NL→SQL prompt-injection
128+
> hardening** and **NL→SQL EXPLAIN dry-run pre-flight** (the two ⬜
129+
> entries below). They're the current top security priority and a
130+
> natural single focused PR.
128131
129132
### ✅ HTTP hardening (request limits + security headers + CORS + timeout)
130133
**Shipped.** Security headers + request-size limit + CORS allowlist

0 commit comments

Comments
 (0)