fraqtal/agentic-dev
Template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
dd2af0c9024533ab309b3a1955de7fc4f0d8bfcb
agentic-dev/packages
History
Danijel Martinek 96274ba856 feat(core-shared): add security headers module with CSP builder and nonce util 
Adds framework-agnostic security headers module to core-shared/security:
- SecurityHeadersConfig + CspMode types
- generateNonce() using crypto.randomBytes(16)
- buildSecurityHeaders() emitting all six headers (HSTS, X-Frame-Options,
  X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CSP) with
  prod (strict-dynamic + nonce threading) and dev (unsafe-inline/eval +
  ws/localhost) CSP modes; URL validation throwing InvalidSecurityHeadersConfig
  on malformed allowedConnect/Img/FontOrigins
- Full unit test suite (24 tests, 100% coverage on runtime files)
- Exported from core-shared barrel and ./security subpath

Blocks story 07 (framework adapters) and stories 08-09 (app wiring).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 09:33:13 +00:00
..
auth
feat(auth): add signIn rate-limit backfill with dual ip/account budgets
2026-05-20 09:22:41 +00:00
blog
feat(blog): add retention metadata to articles collection
2026-05-18 19:08:04 +00:00
core-analytics
feat(core-analytics): add React provider and useAnalytics hook
2026-05-18 15:54:30 +00:00
core-api
feat(core-api): compose dsrRouter + consentRouter into appRouter
2026-05-19 20:49:20 +00:00
core-audit
refactor: strip Phase/Plan/R-number references from source comments
2026-05-13 09:51:45 +02:00
core-cms
docs: trpc now optional — prerequisite notes + conditional HTML
2026-05-09 14:13:12 +02:00
core-consent
feat(core-consent): add ConsentProvider + useConsent() React subpath
2026-05-19 19:19:47 +00:00
core-dsr
test(core-dsr): cover dsrRouter singleton guard proxy path
2026-05-19 20:36:42 +00:00
core-eslint
feat(auth): add signIn rate-limit backfill with dual ip/account budgets
2026-05-20 09:22:41 +00:00
core-shared
feat(core-shared): add security headers module with CSP builder and nonce util
2026-05-20 09:33:13 +00:00
core-testing
feat(auth): add signIn rate-limit backfill with dual ip/account budgets
2026-05-20 09:22:41 +00:00
core-typescript
test: enforce per-directory coverage thresholds
2026-05-05 19:51:34 +02:00
core-ui
test(core-ui): add axe-core a11y assertions to CookieConsentBanner
2026-05-19 21:36:26 +00:00
marketing-pages
feat(marketing-pages): add retention metadata to pages and site-settings
2026-05-18 19:12:17 +00:00
media
feat(media): add retention metadata to media collection
2026-05-18 19:16:23 +00:00
navigation
feat(navigation): add retention metadata to header global
2026-05-18 19:19:54 +00:00