mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 22:41:09 +02:00
a2598b9c57
The encryption registry was a plain Record<string, EncryptionConfig> with bare string[] fields — a typo in a field name (e.g. 'messagetext' instead of 'messageText') silently shipped that field in plaintext forever. No compile error, no runtime error, just quietly-leaked data. This was flagged as the #1 silent-failure mode in the architecture audit (Concern 1). Two additive layers: 1. `entry<T>(fields, opts?)` helper - Takes the Local* row type as a type parameter - `fields` is `keyof T & string` — TypeScript rejects any name that isn't actually on the row type - Migrated the 6 highest-value entries as examples: messages, conversations, chatTemplates, notes, journalEntries, dreams, dreamSymbols, memos. Remaining entries keep the old object-literal shape and compile as before — migration is opportunistic, not a big-bang rewrite. 2. Dev-only runtime shape check in `encryptRecord` - Gated on `import.meta.env.DEV` so production builds pay zero cost (Vite strips the call at build time) - Case-insensitive near-miss detection: warns when a registered field isn't on the record but its lowercased form matches an existing key — catches typos for untyped legacy entries too - "no registered field present at all" warning catches wrong-tableName call sites - Throttled per (table, field) so liveQuery loops don't spam Verification: svelte-check: 0 errors, 29 pre-existing warnings (unrelated) vitest crypto suite: 77/78 pass (1 pre-existing failure on meditateSettings empty-fields assertion, not touched here) Phase C (build-time audit script enforcing every Dexie table is either registered or explicitly allowlisted as plaintext) is the bigger win but requires seeding the allowlist from current state — deferred. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| api | ||
| calc/packages/shared | ||
| calendar | ||
| cards | ||
| chat | ||
| citycorners | ||
| contacts | ||
| context | ||
| docs | ||
| food | ||
| guides | ||
| inventory | ||
| mana | ||
| manavoxel | ||
| memoro | ||
| moodlit | ||
| mukke | ||
| news | ||
| photos | ||
| picture | ||
| plants | ||
| presi | ||
| questions | ||
| quotes/packages/content | ||
| skilltree | ||
| storage | ||
| times | ||
| todo | ||
| traces | ||
| uload | ||