Serious notes about security updates.
This commit is contained in:
Scott Idem
@@ -31,6 +31,8 @@ You must follow the safety, testing, and coordination standards defined in:
|
||||
- **Safe Handover (Native):** Rename `.tmp` to `.file` ONLY after SHA-256 verification in Electron.
|
||||
- **Envelopes:** API helpers automatically handle the `{data: ...}` envelope returned by the backend.
|
||||
- **Bootstrap Paradox:** Use unauthenticated bypass (`x-no-account-id: "Nothing to See Here"`) for initial site/domain lookups.
|
||||
- **Sev-1 Incident Recovery (2026-02-13):** Purged redundant/misplaced headers (`x-aether-api-token`, `Access-Control-Allow-Origin`). Unified all CRUD helpers to standard `/v3/crud/...` paths.
|
||||
- **Account ID Scavenging:** Core fetch helpers now proactively read `account_id` from `localStorage` (`ae_loc`) if missing from config. This is the mandatory fix for Svelte 5 hydration race conditions where `onMount` triggers API calls before global stores are synced.
|
||||
|
||||
## 🤝 Coordination & Continuity
|
||||
- **Handshake:** Use the `message` tool to notify the Backend Agent of UI/Data requirements.
|
||||
|
||||
Reference in New Issue
Block a user