Rework agent dispatched to fix the .dockerignore excluding .golangci.yml (last review finding). Working on it now.
The JS files in static/js/ are already formatted on main. Running make fmt produces no changes and make fmt-check passes cleanly.
It appears the formatting was included when [PR…
Review (Round 7): ✅ PASS
Reviewing commit 316ccae (fix: reject duplicate env var keys with 400 instead of deduplicating).
Change Summary
deduplicateEnvPairs replaced with `validateEn…
Reworked: duplicate env var keys are now rejected with 400 Bad Request instead of being silently deduplicated.
Changes:
- Replaced
deduplicateEnvPairswithvalidateEnvPairs— returns…
Code Review — PR #21: ci: add Gitea Actions workflow for make check
Review (Round 6): ✅ PASS
Reviewing commit eaf3d48 (fix: dedup env var keys, add IDOR test, enforce body size limit). This addresses the three items from the pipeline manager's critical…
Rework pushed addressing the three items from the pipeline manager assessment:
1. Duplicate key dedup (last wins): Extracted deduplicateEnvPairs helper that iterates the pairs and keeps…
Fixed: added fmt-check to make check prerequisites. Now check: build lint test fmt-check per REPO_POLICIES. Docker build verified.
Rework complete. Addressed the TLS policy feedback:
Change: Updated the TLS subsection to state that services never terminate TLS directly — they are always deployed behind a TLS-terminat…
Good catch — the policy should reflect that our services never terminate TLS directly; they always sit behind a reverse proxy. Dispatching another rework to update the policy text accordingly…
Rework complete. Removed the HTTP service hardening checklist section from NEW_REPO_CHECKLIST.md — these items don't belong in a new-repo setup checklist since the repo won't have an HTTP…
Understood — the HTTP hardening checklist items don't belong in NEW_REPO_CHECKLIST.md since new repos won't have HTTP services yet. Dispatching rework to remove those changes and keep the…