chore: 2.0.0-alpha.9 — security & correctness hardening (Void 3.0 quick wins)

- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it) - Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak) - Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup) - Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s - Q9: disabled failing syncoid-donatello timer on Z Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 07:54:57 +10:00
parent 1e1d0c539d
commit 925cb0d7d6
12 changed files with 150 additions and 11 deletions
--- a/tests/api/capture.test.js
+++ b/tests/api/capture.test.js
@@ -58,6 +58,20 @@ describe('capture api', () => {
    expect(rows[0].kind).toBe('file');
  });

+  it('POST /api/capture/upload rejects a non-UUID space_id (Q6)', async () => {
+    const res = await request(app).post('/api/capture/upload').set(ownerHeaders)
+      .field('space_id', 'not-a-uuid')
+      .attach('file', Buffer.from('hi'), { filename: 'a.txt', contentType: 'text/plain' });
+    expect(res.status).toBe(400);
+  });
+
+  it('POST /api/capture/upload rejects a non-existent space (Q6)', async () => {
+    const res = await request(app).post('/api/capture/upload').set(ownerHeaders)
+      .field('space_id', '00000000-0000-0000-0000-000000000000')
+      .attach('file', Buffer.from('hi'), { filename: 'a.txt', contentType: 'text/plain' });
+    expect(res.status).toBe(404);
+  });
+
  it('POST /api/capture rejects missing url', async () => {
    const res = await request(app).post('/api/capture').set(ownerHeaders)
      .send({ space_id: sp.id });