FrenoCorp

Mike/FrenoCorp

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Freno	67c3881dcf	Add waitlist schema for marketing (FRE-635) - Created waitlist_signups and waitlist_events tables - Supports email, name, source tracking, and status management - Enables VIP supporter list for Product Hunt launch - Migration 0002_chemical_shocker.sql generated - Fixed brand color in product-hunt-assets-brief.md (#518ac8)	2026-04-26 06:21:20 -04:00
Michael Freno	754fce269f	fix: implement critical security remediation for authentication and authorization - Add Clerk token verification to tRPC context (server/trpc/index.ts) - Remove client-controlled authorId/reviewedById from revisions router - Require JWT_SECRET environment variable, remove hardcoded fallback - Add table name validation to prevent SQL injection in backup logic - Fix TRPCContext type to use better-sqlite3 instead of LibSQL - Update revisions router tests to use proper tRPC v11+ API - Add resetInMemoryState function for test isolation Security fixes address: - Critical: Authentication bypass via missing token verification - Critical: User impersonation via client-controlled IDs - High: Insecure WebSocket defaults with hardcoded secrets - High: SQL injection vulnerability in backup logic All tests passing (24/24).	2026-04-25 08:24:45 -04:00
Michael Freno	ccbf3039d9	FRE-594: Implement revision tracking and version history system Add complete revision tracking system for scripts with: - Database schema for revisions and revision_changes tables - Diff engine with color-coded change types (addition/deletion/modification) - tRPC router with 14 endpoints (create/list/compare/rollback/branch/merge) - SolidJS components: RevisionTimeline, DiffViewer, RevisionReview - Unit tests for diff engine and router Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-24 05:54:06 -04:00

Author

SHA1

Message

Date

Michael Freno

67c3881dcf

Add waitlist schema for marketing (FRE-635)

- Created waitlist_signups and waitlist_events tables
- Supports email, name, source tracking, and status management
- Enables VIP supporter list for Product Hunt launch
- Migration 0002_chemical_shocker.sql generated
- Fixed brand color in product-hunt-assets-brief.md (#518ac8)

2026-04-26 06:21:20 -04:00

Michael Freno

754fce269f

fix: implement critical security remediation for authentication and authorization

- Add Clerk token verification to tRPC context (server/trpc/index.ts)
- Remove client-controlled authorId/reviewedById from revisions router
- Require JWT_SECRET environment variable, remove hardcoded fallback
- Add table name validation to prevent SQL injection in backup logic
- Fix TRPCContext type to use better-sqlite3 instead of LibSQL
- Update revisions router tests to use proper tRPC v11+ API
- Add resetInMemoryState function for test isolation

Security fixes address:
- Critical: Authentication bypass via missing token verification
- Critical: User impersonation via client-controlled IDs
- High: Insecure WebSocket defaults with hardcoded secrets
- High: SQL injection vulnerability in backup logic

All tests passing (24/24).

2026-04-25 08:24:45 -04:00

Michael Freno

ccbf3039d9

FRE-594: Implement revision tracking and version history system

Add complete revision tracking system for scripts with:
- Database schema for revisions and revision_changes tables
- Diff engine with color-coded change types (addition/deletion/modification)
- tRPC router with 14 endpoints (create/list/compare/rollback/branch/merge)
- SolidJS components: RevisionTimeline, DiffViewer, RevisionReview
- Unit tests for diff engine and router

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-24 05:54:06 -04:00

3 Commits