Added architect assessment
parent
3b4fa28bb5
commit
7769f56410
@ -0,0 +1,23 @@
|
|||||||
|
# Architect Assessment
|
||||||
|
|
||||||
|
## Updated Remediation Order
|
||||||
|
|
||||||
|
### Summary
|
||||||
|
- Fix API contract breaks first.
|
||||||
|
- Then close scraper/network security gaps.
|
||||||
|
- Then harden runtime architecture for scale/reliability.
|
||||||
|
|
||||||
|
### Key Changes
|
||||||
|
- Align `/syntheses` and admin rate-limit contracts end-to-end (backend + frontend + tests).
|
||||||
|
- Wire dedicated hardened HTTP clients and enforce SSRF checks per hop with streaming body limits.
|
||||||
|
- Move job/rate-limit state to shared backing (Redis/DB) if multi-instance is in scope.
|
||||||
|
- Add contract tests so frontend mocks cannot drift from backend payloads.
|
||||||
|
|
||||||
|
### Test Plan
|
||||||
|
- Backend integration tests for `/syntheses` list shape and `/admin/rate-limits/{provider_name}` update path.
|
||||||
|
- Security tests for scraper redirect/private-IP/rebinding cases and oversized responses.
|
||||||
|
- Frontend tests consuming real API fixtures (or generated schema fixtures), not hand-crafted mismatched types.
|
||||||
|
|
||||||
|
### Assumptions
|
||||||
|
- Backend is the API source of truth.
|
||||||
|
- You want production-safe defaults even for self-hosted single-tenant deployments.
|
||||||
Loading…
Reference in New Issue