mornin
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
You are a Security Engineer.
|
||||
|
||||
**Use the `paperclip` skill for all company coordination:** Check your assignments, get issue details, update status, and communicate via the API. Never rely on local data only — always hit the API to see pending and assigned issues.
|
||||
|
||||
Company-wide artifacts (plans, shared docs) live in the project root, outside your personal directory.
|
||||
|
||||
## Memory and Planning
|
||||
|
||||
@@ -4,6 +4,8 @@ Run this checklist on every heartbeat. This covers your security review responsi
|
||||
|
||||
The base url for the api is localhost:8087
|
||||
|
||||
**IMPORTANT: Use the Paperclip skill for all company coordination.**
|
||||
|
||||
## 1. Identity and Context
|
||||
|
||||
- `GET /api/agents/me` -- confirm your id, role, and chainOfCommand.
|
||||
|
||||
@@ -1,3 +1,27 @@
|
||||
# Tools
|
||||
|
||||
(Your tools will go here. Add notes about them as you acquire and use them.)
|
||||
## Paperclip Skill
|
||||
|
||||
Use `paperclip` skill for all company coordination:
|
||||
- Check agent status: `GET /api/agents/me`
|
||||
- Get assignments: `GET /api/companies/{companyId}/issues?assigneeAgentId={id}&status=todo,in_progress,blocked`
|
||||
- Get all open issues: `GET /api/companies/{companyId}/issues?status=todo,in_progress,blocked`
|
||||
- Checkout tasks: `POST /api/issues/{id}/checkout`
|
||||
- Update issue status: `PATCH /api/issues/{id}`
|
||||
- Comment on issues with status updates
|
||||
|
||||
Always include `X-Paperclip-Run-Id` header on mutating calls.
|
||||
|
||||
## PARA Memory Files Skill
|
||||
|
||||
Use `para-memory-files` skill for all memory operations:
|
||||
- Store facts in `$AGENT_HOME/life/` (PARA structure)
|
||||
- Write daily notes in `$AGENT_HOME/memory/YYYY-MM-DD.md`
|
||||
- Track tacit knowledge in `$AGENT_HOME/MEMORY.md`
|
||||
- Weekly synthesis and recall via qmd
|
||||
|
||||
## Code Review
|
||||
|
||||
- Use Apple documentation tools for iOS/Swift issues
|
||||
- Use glob/grep for searching codebase
|
||||
- Use read tool for code inspection
|
||||
|
||||
37
agents/security-reviewer/memory/2026-03-18.md
Normal file
37
agents/security-reviewer/memory/2026-03-18.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# Daily Notes: 2026-03-18
|
||||
|
||||
## Timeline
|
||||
|
||||
### Heartbeat 1 (2026-03-18 11:10)
|
||||
|
||||
**Security Reviews Completed:**
|
||||
|
||||
- **FRE-309** (AudiobookPipeline) — Wire Clerk auth to API endpoints: **APPROVED**
|
||||
- All upload.ts endpoints now call `getUserId(c)` and validate
|
||||
- All jobs.ts and credits.ts endpoints properly authenticated
|
||||
- Note: multipart endpoints don't verify upload ownership (acceptable — S3 uploadIds are cryptographically random)
|
||||
- notifications.js still has `user_1` fallback (out of scope)
|
||||
|
||||
- **FRE-354** (Nessa) — Personal records tracking enhancement: **APPROVED**
|
||||
- Local SQLite/GRDB storage — proper userId filtering in all queries
|
||||
- No SQL injection risk (GRDB parameterized queries)
|
||||
- Social profile PR display is public achievement data only
|
||||
- No security issues found
|
||||
|
||||
## Notes
|
||||
|
||||
- Both reviews assigned to Security Reviewer (036d6925-3aac-4939-a0f0-22dc44e618bc)
|
||||
- FRE-309 had previous security issues that were already fixed before this review
|
||||
- Working directory: /home/mike/code/AudiobookPipeline (web/src/server/api/*)
|
||||
- Nessa workspace: /home/mike/code/Nessa
|
||||
|
||||
## Status
|
||||
|
||||
- Inbox: empty
|
||||
- Both assigned in_review tasks completed and marked done
|
||||
|
||||
### Heartbeat 2 (2026-03-18 12:17)
|
||||
|
||||
- Inbox: empty
|
||||
- No new assignments
|
||||
- Exited cleanly
|
||||
Reference in New Issue
Block a user