indifferentketchup 9c7d80e2d8 fix(security): scope checkpoint routes to session — close 2 IDORs (v2.7.2) ...

Flagged by the automated push security review on v2.7.1.

- GET /checkpoints?chat_id= : the chat_id branch filtered by chat_id alone
  (any session's chat_id read its checkpoints). Now joins chats and gates on
  chats.session_id.
- restoreCheckpoint scope guard was fail-open: `cp.session_id && cp.session_id
  !== sessionId` fell through on a null denormalized session_id, allowing a
  cross-session restore (worktree reset + transcript trim). Now resolves the
  owning session via the checkpoint's chat and denies on missing/mismatch.
- Adds a DB-integration regression for the null-session_id cross-session case.

Both scope authoritatively through chats.session_id (checkpoints.session_id is
a nullable hint). Coder suite 234 passing; 7/7 checkpoint tests (incl. the
regression) against live postgres+git; typecheck clean. Hotfix on v2.7.1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-01 12:15:54 +00:00

..

src

fix(security): scope checkpoint routes to session — close 2 IDORs (v2.7.2)

2026-06-01 12:15:54 +00:00

web

v2.3.0-sampling-params-ask-user: agent sampling params, ask_user_input in CoderPane, UX polish

2026-05-26 21:02:21 +00:00

.env.host

coder(providers): v2.3 provider-lifecycle phase 1 — config-backed registry

2026-05-29 04:09:34 +00:00

Dockerfile

v2.0.1: ACP dispatch + PTY fallback + worktree management

2026-05-25 04:10:46 +00:00

package.json

feat: relicense AGPL-3.0 → MIT (v2.7.0)

2026-06-01 08:16:03 +00:00

tsconfig.json

v2.0.0-alpha: BooCoder foundation — container, schema, DB rename

2026-05-25 01:20:29 +00:00

vitest.config.ts

v2.0.0-beta: write tools, pending-changes queue, inference loop, API routes

2026-05-25 01:53:38 +00:00