curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(03-03): complete per-user document and topic isolation plan

Browse Source 
- 03-03-SUMMARY.md: documents all endpoint auth guards, ownership assertions, namespace isolation pattern, and SQLite compat deviations
- STATE.md: advance to Plan 3/5 complete, add 6 key decisions (get_regular_user, 404-not-403, CASE WHEN, or_/is_(None), AI user namespace)
- ROADMAP.md: mark 03-03-PLAN.md complete
- REQUIREMENTS.md: mark SEC-04 and DOC-04 complete
This commit is contained in:
curo1305
2026-05-23 20:21:14 +02:00
parent 5950a3f5c2
commit aadc69fea0
5 changed files with 203 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.planning/REQUIREMENTS.md
+2 -2
View File
@@ -20,7 +20,7 @@ _Last updated: 2026-05-21_
- [x] **SEC-01**: All state-changing endpoints are protected against CSRF (SameSite=Strict cookie + origin validation)
- [x] **SEC-02**: Auth endpoints (login, register, password reset, TOTP verify) are rate-limited (per-IP and per-account)
- [x] **SEC-03**: All DB queries use parameterized statements / ORM (zero raw string interpolation into queries)
- [ ] **SEC-04**: All file/document access resolved through DB lookup — object keys are never reconstructed from request parameters (prevents path traversal and cross-user access)
- [x] **SEC-04**: All file/document access resolved through DB lookup — object keys are never reconstructed from request parameters (prevents path traversal and cross-user access)
- [x] **SEC-05**: Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options headers set on all responses
- [ ] **SEC-06**: Constant-time comparison used for all token and code verification (prevents timing attacks)
- [ ] **SEC-07**: Admin role verified on every admin endpoint request; admin cannot access document content, extracted text, or cloud credentials in any response
@@ -79,7 +79,7 @@ _Last updated: 2026-05-21_
- [ ] **DOC-01**: User can view document metadata and extracted text for any document in their library
- [ ] **DOC-02**: In-browser PDF preview (PDF.js); document bytes proxied through the app — no presigned URLs exposed to the browser (privacy model)
- [ ] **DOC-03**: AI provider and model assigned by admin per user; user cannot change AI configuration
- [ ] **DOC-04**: System default topics + per-user topic overrides preserved from existing implementation
- [x] **DOC-04**: System default topics + per-user topic overrides preserved from existing implementation
- [ ] **DOC-05**: AI classification uses the user's assigned provider and model (from DB, not from user-supplied settings)
---