onyx-tasks

History

Claude 6174836b7f Fix critical and high-severity issues from project audit Security: - Fix path traversal via backslash bypass in sync validate_sync_path() - Replace silent HTTP client fallback with proper error propagation - Add 64KB YAML frontmatter size limit to prevent DoS via crafted files Data integrity: - Reorder delete operations: update metadata before removing files to prevent orphaned metadata entries on crash - Fix task deduplication to use file mtime as tiebreaker when versions are equal, preventing non-deterministic data loss - Add rollback on conflict recovery failure (remove orphaned duplicate files when metadata update fails) - Clean up temp files on atomic write rename failure - Add file-based sync lock to prevent concurrent sync operations - Use saturating_add for task version to prevent overflow Error handling: - Surface move_task rollback failures as structured errors instead of silent warnings - Log WebDAV parallel request failures instead of silently swallowing - Emit watcher-error events to frontend instead of only printing to stderr Frontend: - Fix focus listener leak in auto-sync (clean up if stopAutoSync called while promise pending) - Add prefers-reduced-motion CSS media query for accessibility - Add ARIA labels, roles, and keyboard handlers to TaskItem, BottomSheet, and ConfirmDialog components - Replace BottomSheet children: any with Snippet type https://claude.ai/code/session_01AJoK28N4vqLqzskq6ybGri	2026-04-06 11:03:11 +00:00
..
src	Fix critical and high-severity issues from project audit	2026-04-06 11:03:11 +00:00
Cargo.toml	security: harden credential management in onyx-core	2026-04-03 10:11:40 -07:00

Fix critical and high-severity issues from project audit

Security:
- Fix path traversal via backslash bypass in sync validate_sync_path()
- Replace silent HTTP client fallback with proper error propagation
- Add 64KB YAML frontmatter size limit to prevent DoS via crafted files

Data integrity:
- Reorder delete operations: update metadata before removing files to
  prevent orphaned metadata entries on crash
- Fix task deduplication to use file mtime as tiebreaker when versions
  are equal, preventing non-deterministic data loss
- Add rollback on conflict recovery failure (remove orphaned duplicate
  files when metadata update fails)
- Clean up temp files on atomic write rename failure
- Add file-based sync lock to prevent concurrent sync operations
- Use saturating_add for task version to prevent overflow

Error handling:
- Surface move_task rollback failures as structured errors instead of
  silent warnings
- Log WebDAV parallel request failures instead of silently swallowing
- Emit watcher-error events to frontend instead of only printing to stderr

Frontend:
- Fix focus listener leak in auto-sync (clean up if stopAutoSync called
  while promise pending)
- Add prefers-reduced-motion CSS media query for accessibility
- Add ARIA labels, roles, and keyboard handlers to TaskItem, BottomSheet,
  and ConfirmDialog components
- Replace BottomSheet children: any with Snippet type

https://claude.ai/code/session_01AJoK28N4vqLqzskq6ybGri

2026-04-06 11:03:11 +00:00

src

Fix critical and high-severity issues from project audit

2026-04-06 11:03:11 +00:00

Cargo.toml

security: harden credential management in onyx-core

2026-04-03 10:11:40 -07:00