# Security Reviewer Memory

## Heartbeat Summary 2026-03-21

### Issues Reviewed and Resolved

- **FRE-439** (Test: Route System) — `done`
  - Verified security fixes in RouteService.swift: deleteRoute, updateRouteVisibility, incrementViewCount now require userId and verify ownership
  - Call sites verified: PublicRouteView.swift:43, RouteShareSheet.swift:90
  - Rate limiting: 3 increments/minute per user-route pair on view count

- **FRE-437** (Test: Workout Tracking Service) — `done`
  - No security issues found
  - WorkoutTrackingService: user data isolated by userId in all repository queries
  - NessaSyncService: uses authenticated user ID for all sync
  - SocialService: checks ownership before comment deletion
  - GRDB query builder prevents SQL injection

- **FRE-445** (Test: Onboarding) — `in_review`, reassigned to Code Reviewer
  - Tests are superficial: every test asserts only `XCTAssertNotNil(view)`
  - Missing: navigation flow, button behavior, permission tests, state persistence, edge cases
  - Code Reviewer to provide implementation guidance

### Known Security Concerns (Lower Priority)

- GPX/TCX import has no file size limit (RouteImportService.swift)
- In-memory rate limit stores don't persist across app restarts
- Rate limit store tokens grow unbounded (RouteService, RouteSuggestionService)

### Pattern

- Reviewer assigned as "security reviewer" but tasks include general test writing (from CTO)
- Code Reviewer (f274248f) handles test quality reviews; I handle security of underlying code
- Always verify production code security, not just test quality