Skip to content

Revamp Mission Control UI and harden security boundaries#18

Open
mangod12 wants to merge 1 commit into
mainfrom
feat/mission-control-security-hardening
Open

Revamp Mission Control UI and harden security boundaries#18
mangod12 wants to merge 1 commit into
mainfrom
feat/mission-control-security-hardening

Conversation

@mangod12

Copy link
Copy Markdown
Owner

Summary

  • revamp the React frontend into a responsive, high-density Mission Control interface with grouped navigation, route-level code splitting, accessible overlays, and consistent loading/error/empty/degraded states
  • harden authentication, organization and billing authorization, password handling, uploads, outbound integrations, webhook secret storage, and cookie-session lifecycle
  • add security regression coverage and reliable Playwright journeys for desktop, mobile, authentication, degraded dependencies, and the complete operator workflow

Security hardening

  • prevent organization plan and billing entitlement mass assignment
  • reject inactive users and require organization admins for billing mutations
  • move sessions to HttpOnly SameSite cookies with explicit logout while retaining bearer compatibility
  • validate HTTPS outbound destinations and block private, loopback, metadata, reserved, and non-global addresses
  • enforce TLS verification, redirect refusal, request timeouts, upload limits, and bcrypt byte-length limits
  • omit webhook secrets from responses and accept integration updates only through validated JSON bodies

Verification

  • python -m pytest -q — 355 passed
  • npm run build
  • npm run lint
  • npm audit --omit=dev — 0 vulnerabilities
  • Playwright — 30 passed across Chromium desktop/mobile and non-happy paths
  • Bandit medium/high scan — 0 findings
  • Ruff on changed backend/security files
  • git diff --check

Design notes

See PRODUCT.md, DESIGN.md, and docs/plans/2026-07-13-mission-control-revamp.md for the product and implementation rationale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant