fix+test(scratchnode): host public-write verification (002) + public/private boundary tests (003)#469
Closed
HomenShum wants to merge 3 commits into
Closed
fix+test(scratchnode): host public-write verification (002) + public/private boundary tests (003)#469HomenShum wants to merge 3 commits into
HomenShum wants to merge 3 commits into
Conversation
…oken (goal scratchnode/002)
snPromoteFaq + snPublishWiki used the weak _snReadHostOwnerKey() (falls back to sessionId);
every other host mutation uses the strict _snRequireVerifiedHostOwnerKey(). Make the two
public-WRITE actions consistent: strict helper + early-return on null. Backend requireHost
already gated these (no breach), but the frontend now fails cleanly ("Host verification
required") instead of attempting a doomed mutation as a guest.
+ e2e regression: guest cannot trigger events:promoteAnswerToFaq / events:publishWiki. 8/8 green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
…c-write-verification
✅ Dogfood Visual QA Gate: PASSED
ArtifactsDownload the Generated by Dogfood QA Gate |
…ode/003 core) SN-LIVE-007: a private-mode send creates NO events:sendMessage (asserts on the Convex mock-mutation log, not UI text). SN-LIVE-008: the private note is captured privately (notebook count grows). + a public control proving public sends DO fire events:sendMessage. 10/10 honesty+contract green. 006/009/010/012 (trace/role/wiki private-exclusion) need rendered answers + a published wiki the live route-mock doesn't produce — honestly scoped to the demo (home-v5-output-contract) spec rather than faked here. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
HomenShum
changed the title
Owner
Author
|
Superseded by #500 — rebuilt fresh on current main (this branch went DIRTY/CONFLICTING while the self-improvement loop shipped ~10 changes to home-v5.html). #500 carries the identical host-write fix (snPromoteFaq + snPublishWiki -> _snRequireVerifiedHostOwnerKey + early-return) plus the same 3 boundary tests, verified 27/27 on current main. Closing to keep the queue honest. |
auto-merge was automatically disabled
June 3, 2026 21:22
Pull request was closed
HomenShum
added a commit
that referenced
this pull request
Jun 3, 2026
…ipping (#501) Operational lesson from today's loop run: reviewable PRs left open against hot files (home-v5.html, events.ts, honesty spec) go DIRTY as the daily loop squash-merges past them. #469 had to be rebuilt fresh as #500. Rule: land or rebase hot-file PRs within one working day; serialize >=2 PRs on the same hot file (strict:true makes the 'behind main' ping-pong explicit). Co-authored-by: hshum <hshum@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Executes goal scratchnode/002. snPromoteFaq/snPublishWiki now use the strict _snRequireVerifiedHostOwnerKey() + early-return (vs weak _snReadHostOwnerKey -> sessionId). Backend requireHost already gated these (no breach; this is frontend consistency + defense-in-depth). + e2e: guest cannot fire promoteAnswerToFaq/publishWiki. 8/8 honesty+contract green. 🤖 Generated with Claude Code