Security, correctness & robustness hardening (no feature removal)#6
Merged
Conversation
Audit-driven fixes across the engine, backend, providers, frontend, and infra. All existing features preserved; only bugs, security gaps, dead code, and stale config addressed. Full Python suite 125 passed / 10 xpassed (oracle xfail discipline unchanged); frontend typecheck + vitest + production build all green. Engine (packages/zeroforce): - Fix numba vs pure-Python DP divergence on infinite (dead) states + parity test - Competition ranking for tied impact scores; O(1) id index + duplicate-id guard - Validate edge endpoints / focal_node; drop self-loops; consistent EngineInvariantError - Re-export public API; drop unused deps (networkx, hypothesis, pytest-xdist) Backend (services/backend): - Fix Edge NameError in add_edge what-if (+ test); cap /simulate samples (DoS) - Offload CPU/blocking work to threads; constant-time auth compare - Config-driven CORS (locked in prod); SQLite concurrency lock - Broaden PII redaction (space-SSN, Amex); video file path containment - Stop masking bugs as provider errors; temp/Manim file cleanup - Per-client token-bucket rate limiting on cost-heavy endpoints (429 + Retry-After) Providers/schemas: - Guard empty/blocked Gemini responses; validate graph referential integrity - Align max_nodes cap (18); cap grounding tokens; add timeouts; non-billable health - Dedupe citations; mutable-default fixes; fake-graph + gemini-helper tests Frontend (apps/web): - Fix WhatIfState missing brace (build was broken); guard JSON.parse + response shapes - Resilient polling (backoff + AbortController); abort in-flight on unmount/change - Security headers/CSP; reduced-motion gating; stable list keys; expanded tests Infra/CI/docs: - Cloud Run gateway no longer allUsers-public; token via Secret Manager - Non-root Docker users + HEALTHCHECK + pinned bases; .dockerignore files - CI runs backend/providers/parity suites with uv caching; Redis bound to localhost - Bucket public-access-prevention; safer dev.sh; stale-doc/dep cleanup Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit-driven fixes across engine, backend, providers, frontend, and infra. Every existing feature is preserved — this PR only fixes bugs, closes security gaps, removes dead/stale code, and hardens config.
Verification
next buildsucceedsHighlights
Correctness bugs (real crashes / wrong results)
EdgeNameError that 500'd everyadd_edgewhat-if — fixed + testlib/types.tsmissing brace — the frontend build was broken — fixedSecurity
Retry-After)/simulatesample-count DoS cap; blocking work moved off the event loopallUsers-public (token via Secret Manager); non-root Docker; security headers/CSPDead/stale
disruptionColorin (not removed)Infra/CI
.dockerignore; Redis bound to localhost🤖 Generated with Claude Code