Commit Graph

3 Commits

Author SHA1 Message Date
Antigravity
45297da333 fix: images, couverture, slash, agents, wizard, Stripe et admin
- Collage/accès images: ownership path userId + meta legacy, 403 non caché
- Couverture note: explicite (choix/aucune), plus d’auto depuis le corps
- Éditeur: suppression image TipTap, sync immédiate, toolbar réordonnée
- Slash: listes par titre (plus d’index), keywords nettoyés
- Agents: nextRun à la réactivation, cron sans stampede null
- Wizard: titres courts + mode Expert plus robuste
- Stripe checkout hosted fiable; admin métriques live; dark mode IA/settings
- Indexation notes courtes + test unit aligné
2026-07-16 16:58:07 +00:00
Antigravity
4d96605144 fix(security): Phase 1 P0 hardening from cross-project audit
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m42s
CI / Deploy production (on server) (push) Successful in 33s
Close open uploads, image-proxy SSRF, fail-open AI quotas in production,
auth gaps on app routes, and MCP tenant isolation issues.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-20 16:53:19 +00:00
0fbb8aa599 fix: serve uploaded images via API route (public/ is read-only in production)
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 42s
Next.js bakes public/ at build time — dynamically uploaded files were
never served in Docker standalone mode. Store uploads in data/uploads/
and serve via /api/uploads/ with a rewrite for backward compatibility.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-27 22:56:22 +02:00