chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
761 Commits 13 Branches 1 Tag
8a4c870cd9adbe316a3a3c43916be17badcab0a4
Commit Graph

2 Commits

Author SHA1 Message Date
chihlasm
8a4c870cd9 test: add cross-tenant isolation tests for Task 6 UUID audit 
Tests cover:
- Tree GET/PUT returns 404 for cross-account access
- Session GET returns 404 for cross-user access
- AI session GET returns 404 for cross-user access
- AI session retry-psa-push requires ownership
- Upload URL returns 404 for cross-account access
- Share revoke returns 404 for cross-user access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-09 04:02:14 +00:00
chihlasm
057c0abe16 fix: scope analytics/flows/{tree_id} to requesting account 
Any authenticated user could read flow analytics (session counts,
completion rates, CSAT) for any tree UUID. Now returns 404 if the
tree doesn't belong to the requesting account.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-09 03:53:57 +00:00