Current Baseline
pnpm audit --audit-level=highmust pass in CI- auth, sharing, and public endpoints are highest sensitivity
Critical Risk Areas
/server/middleware/auth.ts/server/routes/auth.ts/server/routes/public.ts/server/routes/shares.ts/server/routes/external-shares.ts- extension auth token sync logic
Hardening Rules
- never commit credentials or API keys
- validate and sanitize untrusted input
- keep extension permissions least-privilege
- enforce explicit authorization checks
- add negative tests for unauthorized access
Incident Readiness
For every high-risk merge, include:- potential failure mode
- user/data impact
- rollback command/path
- owner for post-release monitoring