Skip to content

Security, correctness & robustness hardening (no feature removal)#6

Merged
ali-a-malik merged 1 commit into
masterfrom
security-bugfix-hardening
May 23, 2026
Merged

Security, correctness & robustness hardening (no feature removal)#6
ali-a-malik merged 1 commit into
masterfrom
security-bugfix-hardening

Conversation

@ali-a-malik

Copy link
Copy Markdown
Collaborator

Audit-driven fixes across engine, backend, providers, frontend, and infra. Every existing feature is preserved — this PR only fixes bugs, closes security gaps, removes dead/stale code, and hardens config.

Verification

  • Python: 125 passed, 10 xpassed (the §4.6 closed-form xfail oracle discipline is unchanged)
  • Frontend: typecheck clean, vitest green, next build succeeds

Highlights

Correctness bugs (real crashes / wrong results)

  • numba↔pure-Python DP divergence on dead states (engine parity) — fixed + test
  • Edge NameError that 500'd every add_edge what-if — fixed + test
  • lib/types.ts missing brace — the frontend build was broken — fixed
  • empty/safety-blocked Gemini response crash — guarded

Security

  • Per-client token-bucket rate limiting on cost-heavy endpoints (429 + Retry-After)
  • Constant-time auth compare; config-driven CORS (locked in prod)
  • /simulate sample-count DoS cap; blocking work moved off the event loop
  • Broader PII redaction; video file path containment; SQLite concurrency lock
  • Cloud Run gateway no longer allUsers-public (token via Secret Manager); non-root Docker; security headers/CSP

Dead/stale

  • Removed unused deps (networkx, hypothesis, pytest-xdist), stale Cerebras/Tavily install line, dead vars; wired previously-dead disruptionColor in (not removed)

Infra/CI

  • CI now runs backend+providers+parity suites with uv caching; pinned bases + HEALTHCHECK + .dockerignore; Redis bound to localhost

🤖 Generated with Claude Code

Audit-driven fixes across the engine, backend, providers, frontend, and infra.
All existing features preserved; only bugs, security gaps, dead code, and stale
config addressed. Full Python suite 125 passed / 10 xpassed (oracle xfail
discipline unchanged); frontend typecheck + vitest + production build all green.

Engine (packages/zeroforce):
- Fix numba vs pure-Python DP divergence on infinite (dead) states + parity test
- Competition ranking for tied impact scores; O(1) id index + duplicate-id guard
- Validate edge endpoints / focal_node; drop self-loops; consistent EngineInvariantError
- Re-export public API; drop unused deps (networkx, hypothesis, pytest-xdist)

Backend (services/backend):
- Fix Edge NameError in add_edge what-if (+ test); cap /simulate samples (DoS)
- Offload CPU/blocking work to threads; constant-time auth compare
- Config-driven CORS (locked in prod); SQLite concurrency lock
- Broaden PII redaction (space-SSN, Amex); video file path containment
- Stop masking bugs as provider errors; temp/Manim file cleanup
- Per-client token-bucket rate limiting on cost-heavy endpoints (429 + Retry-After)

Providers/schemas:
- Guard empty/blocked Gemini responses; validate graph referential integrity
- Align max_nodes cap (18); cap grounding tokens; add timeouts; non-billable health
- Dedupe citations; mutable-default fixes; fake-graph + gemini-helper tests

Frontend (apps/web):
- Fix WhatIfState missing brace (build was broken); guard JSON.parse + response shapes
- Resilient polling (backoff + AbortController); abort in-flight on unmount/change
- Security headers/CSP; reduced-motion gating; stable list keys; expanded tests

Infra/CI/docs:
- Cloud Run gateway no longer allUsers-public; token via Secret Manager
- Non-root Docker users + HEALTHCHECK + pinned bases; .dockerignore files
- CI runs backend/providers/parity suites with uv caching; Redis bound to localhost
- Bucket public-access-prevention; safer dev.sh; stale-doc/dep cleanup

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@ali-a-malik ali-a-malik merged commit d8b20a1 into master May 23, 2026
4 checks passed
@ali-a-malik ali-a-malik deleted the security-bugfix-hardening branch May 23, 2026 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant