harness/PROGRESS.json at master · mastersof-ai/harness · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
  "task": "Fix CodeQL security alerts",
  "created": "2026-03-17",
  "updatedAt": "2026-03-17",
  "status": "complete",
  "items": [
    {
      "name": "Path injection: add validation module",
      "status": "completed",
      "files": [
        "src/path-safety.ts",
        "src/sessions.ts",
        "src/message-store.ts",
        "src/agent-context.ts",
        "src/privacy.ts"
      ],
      "validation": [
        "All path construction uses validated inputs ✓",
        "`npx tsc --noEmit` exits 0 ✓",
        "83/83 tests pass ✓"
      ]
    },
    {
      "name": "Missing rate limiting: add @fastify/rate-limit",
      "status": "completed",
      "files": ["src/serve.ts", "package.json"],
      "validation": ["All HTTP routes rate-limited via @fastify/rate-limit plugin ✓", "`npx tsc --noEmit` exits 0 ✓"]
    },
    {
      "name": "Incomplete sanitization: fix tag stripping",
      "status": "completed",
      "files": ["src/sessions.ts"],
      "validation": ["Tag stripping loops until no tags remain ✓"]
    }
  ]
}