Commit 59928cc
fix: resolve QA report issues and implement security enhancements
Fixes from QA-REPORT-2026-02-19:
CRITICAL FIXES:
- Fix authentication middleware session recognition bug
- Add JWT-based middleware auth token for Edge Runtime compatibility
- Password login sessions now work with protected routes
- middleware.ts: verifyMiddlewareToken() checks JWT tokens
SECURITY ENHANCEMENTS:
- Remove JWT_SECRET fallback to SESSION_SECRET (security boundary separation)
- Add JWT verification error logging for security monitoring
- Add input sanitization to Settings API (XSS prevention)
- Add Content-Type validation to POST/PATCH endpoints
- Change cookie sameSite default from 'lax' to 'strict' (CSRF protection)
- Add session ID format validation (cuid format check)
NEW API ENDPOINTS:
- Implement /api/sessions (list user sessions)
- Implement /api/sessions/[sessionId] (revoke session)
- Implement /api/settings (get/update user settings)
- Implement /api/missions (list/create missions)
- Implement /api/missions/[missionId] (get/update/delete missions)
NEW PAGES:
- Add /chat placeholder page with ChatInterface integration
- Add /party placeholder page for multi-agent collaboration
REMOVED:
- Remove duplicate /agents/roster page (use dashboard route instead)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>1 parent cacd428 commit 59928cc
12 files changed
Lines changed: 1312 additions & 24 deletions
This file was deleted.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
60 | 72 | | |
61 | 73 | | |
62 | 74 | | |
| |||
133 | 145 | | |
134 | 146 | | |
135 | 147 | | |
136 | | - | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
137 | 161 | | |
138 | 162 | | |
139 | 163 | | |
| |||
155 | 179 | | |
156 | 180 | | |
157 | 181 | | |
158 | | - | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
159 | 188 | | |
160 | 189 | | |
161 | | - | |
162 | | - | |
| 190 | + | |
| 191 | + | |
163 | 192 | | |
164 | 193 | | |
165 | 194 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
| 17 | + | |
17 | 18 | | |
18 | 19 | | |
19 | 20 | | |
20 | 21 | | |
21 | 22 | | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
22 | 34 | | |
23 | 35 | | |
24 | 36 | | |
| |||
0 commit comments