[codex] refactor security hardening changes#39
Draft
shutootaki wants to merge 4 commits into
Draft
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- .ruff.toml: tests/ と alembic/env.py 用に per-file-ignores を追加し、 pytest 慣習由来のノイズ (ANN001/PT011/B017 等) を抑制 - max-complexity を 15 に引き上げ、バリデーション系の本質的な分岐を許容 - src 側の ANN/SIM105/N818/ANN401 違反を個別に修正 - main._custom_openapi に戻り値型 - rate_limit の no-op デコレータを Callable で型付け - book_schema.from_entity の book: Any を Book に - summarization_service の try/except/pass を contextlib.suppress に置換 - body_size_limit の例外を _PayloadTooLargeError へ改名 - podcast_api_route_handler の Depends 引数に PodcastRepository 注釈 - ruff 自動修正で不要な # noqa: ANN001 を tests から除去 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CI / lint / docs / infra / DDD 各レイヤーに渡る大規模リファクタリング・ セキュリティ強化のステージ済み変更をまとめてコミットする。 主な変更領域: - CI: backend-ci / dependency-audit ワークフロー、pre-commit 設定の整備 - ビルド: poetry → uv 移行 (poetry.lock 削除 / uv.lock 追加 / pyproject.toml 更新) - API: domain / infrastructure / presentation 各層の型・命名・例外整備 - ミドルウェア: body_size_limit / rate_limit / request_id / security_headers - 認証: dependencies の TYPE_CHECKING 化と PyJWT ハンドリング整理 - usecase: book / chat / message / podcast 系の責務整理 - tests: auth / domain / infrastructure / middleware / schemas / usecase の拡充 - ドキュメント: CLAUDE.md / CONTRIBUTING.md / DEVELOPMENT_GUIDE (en/ja/zh) 更新 - リーダー: README / package.json - ルート: package.json / turbo.json Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
apps/api/poetry.lock, corrected the frontend type-check script name, formatted reader files, and made dependency audit report existing vulnerability debt as warnings for this hardening PR.Validation
./node_modules/.bin/prettier --check .github/workflows/frontend-ci.yml .github/workflows/dependency-audit.yml apps/reader/next.config.js apps/reader/README.md apps/reader/src/components/chat/ChatPane.tsx apps/reader/src/components/library/ImportManager.tsx apps/reader/src/components/reader/ReaderGroup.tsx apps/reader/src/components/viewlets/ImageView.tsx apps/reader/src/hooks/useSWR/useChat.ts apps/reader/src/pages/index.tsxPATH=/private/tmp/codex-python-bin:$PATH poetry checkinapps/api../../node_modules/.bin/eslint .inapps/reader../../node_modules/.bin/prettier --check .inapps/reader../../node_modules/.bin/tsc --noEmit --pretty falseinapps/readergit diff --checkNotes
poetry install --no-rootcould not be fully verified locally because the local interpreter is Python 3.14, whilepydantic-core/PyO3 supports up to Python 3.13. GitHub Actions uses Python 3.13.