FrenoCorp

Mike/FrenoCorp

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Freno	eab380b76b	Fix FRE-622 security findings: IDOR, auth, markdown injection, email validation H-1: Add createdBy to alertRules, IDOR check on update/delete H-2: Add createdBy to scheduledReports, IDOR check on update H-3: Add createdBy to cohorts, IDOR check on addCohortMember M-1: Change submitNPSResponse to protectedProcedure M-2: Escape Slack Markdown special chars in alert rule names M-3: Change getAllLatestKPIs, getAlertRules, getAlerts, getNPSResponses to protectedProcedure L-2: Add email regex validation to recipients field Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 00:28:01 -04:00
Paperclip Agent	408d94f731	FRE-622: Wire analytics services to tRPC API layer with comprehensive router Create analytics-router.ts with ~30 tRPC endpoints for KPI management, alert rules, scheduled reports, cohort analysis, and NPS survey integration. Register router in index.ts under 'analytics' namespace. Fix pre-existing bugs in service files: snake_case to camelCase conversion, missing non-null assertions, and incorrect DB access patterns. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 22:55:15 -04:00

Author

SHA1

Message

Date

Michael Freno

eab380b76b

Fix FRE-622 security findings: IDOR, auth, markdown injection, email validation

H-1: Add createdBy to alertRules, IDOR check on update/delete
H-2: Add createdBy to scheduledReports, IDOR check on update
H-3: Add createdBy to cohorts, IDOR check on addCohortMember
M-1: Change submitNPSResponse to protectedProcedure
M-2: Escape Slack Markdown special chars in alert rule names
M-3: Change getAllLatestKPIs, getAlertRules, getAlerts, getNPSResponses to protectedProcedure
L-2: Add email regex validation to recipients field

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-29 00:28:01 -04:00

Paperclip Agent

408d94f731

FRE-622: Wire analytics services to tRPC API layer with comprehensive router

Create analytics-router.ts with ~30 tRPC endpoints for KPI management, alert
rules, scheduled reports, cohort analysis, and NPS survey integration.
Register router in index.ts under 'analytics' namespace. Fix pre-existing
bugs in service files: snake_case to camelCase conversion, missing non-null
assertions, and incorrect DB access patterns.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-27 22:55:15 -04:00

2 Commits