Added architect assessment
parent
3b4fa28bb5
commit
7769f56410
@ -0,0 +1,23 @@
|
||||
# Architect Assessment
|
||||
|
||||
## Updated Remediation Order
|
||||
|
||||
### Summary
|
||||
- Fix API contract breaks first.
|
||||
- Then close scraper/network security gaps.
|
||||
- Then harden runtime architecture for scale/reliability.
|
||||
|
||||
### Key Changes
|
||||
- Align `/syntheses` and admin rate-limit contracts end-to-end (backend + frontend + tests).
|
||||
- Wire dedicated hardened HTTP clients and enforce SSRF checks per hop with streaming body limits.
|
||||
- Move job/rate-limit state to shared backing (Redis/DB) if multi-instance is in scope.
|
||||
- Add contract tests so frontend mocks cannot drift from backend payloads.
|
||||
|
||||
### Test Plan
|
||||
- Backend integration tests for `/syntheses` list shape and `/admin/rate-limits/{provider_name}` update path.
|
||||
- Security tests for scraper redirect/private-IP/rebinding cases and oversized responses.
|
||||
- Frontend tests consuming real API fixtures (or generated schema fixtures), not hand-crafted mismatched types.
|
||||
|
||||
### Assumptions
|
||||
- Backend is the API source of truth.
|
||||
- You want production-safe defaults even for self-hosted single-tenant deployments.
|
||||
Loading…
Reference in New Issue