From ee02881b00069e3900be449ca2c3145f9bbd9d00 Mon Sep 17 00:00:00 2001 From: Ahmet Abdullah Gultekin Date: Thu, 21 May 2026 16:21:23 +0000 Subject: [PATCH] chore(docs): resolve Copilot review comments from PR #67/#69 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Low-risk doc/config polish for items Copilot flagged on PR #67 (and PR #69 where those files reached master). No behavior change to running services; the only executable change is a more-robust docs-site healthcheck path. - archive/.../OPERATOR_ACTIONS_2026-05-12.md: - redact partial live secret (API_KEY_SECRET=fcb06b7… → ) - main update: normal fast-forward `git push origin master:main`, reserve --force-with-lease for documented recovery only - add LOW to the severity legend (items 9-11 use it) - make item-count self-reference consistent (states 11; notes five→11 growth) - grammar: "a deliberately misuse" → "a deliberate misuse" - docs-site/html/identity/index.html: fallback copy now says the OpenAPI spec is publicly available at /identity/openapi.json (it ships public) - landing-website/src/index.css: comment now accurately describes the locale-aware :lang(en) uppercasing; drop the false belt-and-braces / codepoint-forcing claim and the duplicate text-transform line - docs-site/docker-compose.prod.yml: healthcheck probes /health (the dedicated nginx endpoint) instead of / - infra/traefik/README.md: add a Traefik-config dry-run validate step (compose config only validates the Compose file) and note access logs go to /var/log/traefik/access.log per accessLog.filePath, not stdout Co-Authored-By: Claude Opus 4.7 (1M context) --- .../plans/OPERATOR_ACTIONS_2026-05-12.md | 25 ++++++++++++------- docs-site/docker-compose.prod.yml | 2 +- docs-site/html/identity/index.html | 2 +- infra/traefik/README.md | 22 +++++++++++++--- landing-website/src/index.css | 17 ++++++------- 5 files changed, 44 insertions(+), 24 deletions(-) diff --git a/archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md b/archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md index d3a5d50..24f1e8b 100644 --- a/archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md +++ b/archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md @@ -1,14 +1,16 @@ # OPERATOR ACTIONS — 2026-05-12 -Items surfaced by the 2026-05-12 senior reviews (backend, DB, infra, security) -that agents should not autonomously execute. Each is a checklist with explicit -commands, a maintenance-window estimate, and explicit dependencies. Severity -labels: +The 11 items below were surfaced by the 2026-05-12 senior reviews (backend, DB, +infra, security) that agents should not autonomously execute. (This checklist +started as five items in PR #67 and grew to 11 as the 2026-05-12 branch work +landed.) Each is a checklist with explicit commands, a maintenance-window +estimate, and explicit dependencies. Severity labels: - **CRITICAL** — exposes a live, exploitable security or correctness gap. - **HIGH** — drift between deployed config and committed config; reviewers cannot reason about prod from code. - **MEDIUM** — hygiene + cosmetic; safe to defer but easy to land. +- **LOW** — non-urgent follow-up or cleanup; no live failure if deferred. --- @@ -117,7 +119,7 @@ SELECT relname, relrowsecurity, relforcerowsecurity ``` **Blast radius.** -A SQL-injection (or a deliberately misuse of `JdbcTemplate.queryForList`) +A SQL-injection (or a deliberate misuse of `JdbcTemplate.queryForList`) that omits a `tenant_id =` predicate returns rows from every tenant. The admin-IP whitelist on `/swagger-ui` and `/actuator` does not help here — the entry point is the application code itself. @@ -196,8 +198,9 @@ SELECT relname, relforcerowsecurity FROM pg_class Commit `6bdedd2` (2026-04-30 morning, since-rotated) committed the biometric API key plaintext into `web-app/.env.production`. The bio-side key was rotated 2026-04-30 05:05 UTC and confirmed dead — the live value -is now `API_KEY_SECRET=fcb06b7…` (verified by the 2026-05-12 security -review). However the on-disk template at +is now `API_KEY_SECRET=` (verified by the 2026-05-12 security +review; fetch the real value from the host `.env.prod` / secret store, not +this doc). However the on-disk template at `/opt/projects/fivucsas/web-app/.env.production` still contains the leaked literal in `VITE_BIOMETRIC_API_KEY=…` form (2 occurrences, verified today by `grep -c`). @@ -302,8 +305,12 @@ git fetch origin # already on master, so this is a fast-forward). git merge-base --is-ancestor origin/main origin/master \ && echo "OK: main is an ancestor of master, fast-forward safe." -# Apply: -git push origin master:main --force-with-lease +# Apply (normal fast-forward — the ancestor check above guarantees this +# is non-destructive; no force needed): +git push origin master:main +# Reserve `--force-with-lease` ONLY for a documented recovery scenario +# (e.g. main was accidentally advanced and the ancestor check above fails), +# and only when branch protection allows it. ``` **Acceptance check.** diff --git a/docs-site/docker-compose.prod.yml b/docs-site/docker-compose.prod.yml index 098168c..34c84ad 100644 --- a/docs-site/docker-compose.prod.yml +++ b/docs-site/docker-compose.prod.yml @@ -14,7 +14,7 @@ services: - "traefik.http.routers.fivucsas-docs.tls.certresolver=letsencrypt" - "traefik.http.services.fivucsas-docs.loadbalancer.server.port=80" healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://127.0.0.1:80/ || exit 1"] + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://127.0.0.1:80/health || exit 1"] interval: 30s timeout: 10s retries: 3 diff --git a/docs-site/html/identity/index.html b/docs-site/html/identity/index.html index 30437f9..c4de759 100644 --- a/docs-site/html/identity/index.html +++ b/docs-site/html/identity/index.html @@ -234,7 +234,7 @@