6174836b7f
Security: - Fix path traversal via backslash bypass in sync validate_sync_path() - Replace silent HTTP client fallback with proper error propagation - Add 64KB YAML frontmatter size limit to prevent DoS via crafted files Data integrity: - Reorder delete operations: update metadata before removing files to prevent orphaned metadata entries on crash - Fix task deduplication to use file mtime as tiebreaker when versions are equal, preventing non-deterministic data loss - Add rollback on conflict recovery failure (remove orphaned duplicate files when metadata update fails) - Clean up temp files on atomic write rename failure - Add file-based sync lock to prevent concurrent sync operations - Use saturating_add for task version to prevent overflow Error handling: - Surface move_task rollback failures as structured errors instead of silent warnings - Log WebDAV parallel request failures instead of silently swallowing - Emit watcher-error events to frontend instead of only printing to stderr Frontend: - Fix focus listener leak in auto-sync (clean up if stopAutoSync called while promise pending) - Add prefers-reduced-motion CSS media query for accessibility - Add ARIA labels, roles, and keyboard handlers to TaskItem, BottomSheet, and ConfirmDialog components - Replace BottomSheet children: any with Snippet type https://claude.ai/code/session_01AJoK28N4vqLqzskq6ybGri |
||
|---|---|---|
| .. | ||
| src | ||
| src-tauri | ||
| tauri-plugin-credentials | ||
| .gitignore | ||
| index.html | ||
| package-lock.json | ||
| package.json | ||
| svelte.config.js | ||
| tsconfig.json | ||
| vite.config.ts | ||