Skip to content

SECURITY-169-API-39: harden personality approval and revision writers#2923

Merged
fermatmind merged 1 commit into
mainfrom
codex/security-169-api-39-harden-personality-approval-and-revision-writers
Jul 10, 2026
Merged

SECURITY-169-API-39: harden personality approval and revision writers#2923
fermatmind merged 1 commit into
mainfrom
codex/security-169-api-39-harden-personality-approval-and-revision-writers

Conversation

@fermatmind

Copy link
Copy Markdown
Owner

What changed

  • canonicalize and strictly validate approval queue target URLs and keep dry-run handoffs non-writable
  • preserve noindex promotion semantics and ignore projection-only revisions when promoting earlier content drafts
  • normalize Big Five/Enneagram draft package fields and preserve ContentPage Help fields in the revision editor
  • add focused regressions and record inherited Big Five rendered-QA expectation drift as a sidecar

Why

Closes the scoped SECURITY-169 API39 approval, revision, draft compatibility, and editor integrity findings.

Validation

  • php artisan route:list --no-ansi (237 lines)
  • fresh SQLite php artisan migrate --force --no-ansi
  • approval queue + MBTI promotion: 63 tests, 1832 assertions
  • Big Five/Enneagram writer tests: 16 tests passed
  • ContentPage editor checks: 6 tests, 607 assertions
  • Pint, YAML/JSON parse, git diff --check, and scope validation passed
  • full ci_verify_mbti.sh: 1182 passed / 150106 assertions; 4 inherited rendered-QA expectation failures recorded in sidecar

Deferred items

  • Reconcile the pre-existing Big Five rendered-QA tests with their generated artifacts in a separate scoped PR.
  • No staging wait, CMS/search write, manual deploy, or production deploy.

@fermatmind fermatmind merged commit 78d492d into main Jul 10, 2026
15 checks passed
@fermatmind fermatmind deleted the codex/security-169-api-39-harden-personality-approval-and-revision-writers branch July 10, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant