openclawd/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DocFast session 96: 130 tests, security util extraction

Browse source
This commit is contained in:
Hoid 2026-02-25 19:05:56 +00:00
parent 052bf8519f
commit 486f77557a
8 changed files with 135 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

9
projects/business/memory/bugs.md
View file

@ -1,3 +1,12 @@
## BUG-087: OpenAPI spec empty on staging — swagger-jsdoc 7.0.0-rc.6 regression
- **Date:** 2026-02-25
- **Severity:** HIGH
- **Issue:** Session 93 upgraded swagger-jsdoc from 6.2.8 to 7.0.0-rc.6 to fix a minimatch ReDoS vuln. The RC is broken — `swaggerJsdoc()` returns `{}` (empty object, 0 paths). The `/docs` page on staging shows no API endpoints. `/openapi.json` returns `{}`.
- **Root cause:** swagger-jsdoc 7.0.0-rc.6 does not parse `@openapi` JSDoc annotations from glob-matched files.
- **Impact:** Staging has no API documentation. Production (v0.4.5) is unaffected (still on 6.2.8 build).
- **Fix:** Reverted to swagger-jsdoc 6.2.8. Added 2 regression tests verifying OpenAPI spec has paths and includes key endpoints. npm audit still shows 0 vulnerabilities.
- **Status:** ✅ FIXED — commit 288d6c7, deploying to staging
## BUG-080: Landing page still shows Free tier after v0.4.0 "removal"
- **Date:** 2026-02-20
- **Severity:** HIGH