cyberrapists/cg_api_secure-webshare
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V0.1.1 release, close to actual release. Bug & security fixes/improvements.

Browse Source
This commit is contained in:
unknown
2026-05-24 19:29:41 +02:00
parent a7b44af91a
commit b004e15948
38 changed files with 3145 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
agent4_batch2.md Normal file
View File

@@ -0,0 +1,107 @@
# Batch 2 QA — Workspace Checks and Regression Verification
**Date:** 2026-05-24
**Agent:** Agent 4 (Docs + QA + Regression)
---
## 1. Build Checks
### `cargo check --workspace`
```
Checking cgcx-content-typing v0.1.0
Checking cgcx-file-pipeline v0.1.0
Checking cgcx-server v0.1.0
Checking cgcx-bot v0.1.0
Finished `dev` profile [unoptimized + debuginfo] target(s) in 6.65s
```
**Result:** PASS
### `cargo test --workspace`
```
Finished `test` profile [unoptimized + debuginfo] target(s) in 17.82s
Running unittests ... (all crates)
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out
Doc-tests: ok (0 tests each)
```
**Result:** PASS
### Frontend Build
```
> cgcx-frontend@0.1.0 build
> vite build
vite v8.0.14 building client environment for production...
✓ 621 modules transformed.
✓ built in 1.70s
dist/index.html 0.42 kB │ gzip: 0.28 kB
dist/assets/index-DTmTBGd6.css 17.31 kB │ gzip: 3.60 kB
dist/assets/lib-CHwV_tJc.js 497.26 kB │ gzip: 125.51 kB
dist/assets/index-C4gnVVS-.js 1,038.17 kB │ gzip: 347.38 kB
```
**Result:** PASS
- Chunk size warnings are pre-existing (not new regressions).
- `frontend/dist/` exists and contains `index.html`, `assets/`, `fonts/`.
---
## 2. Regression Checklist
| # | Item | Status | Evidence |
|---|------|--------|----------|
| 1 | `POST /api/report` endpoint exists and compiles | **FAIL** | No `/api/report` route in `crates/cgcx-server/src/main.rs`. No report handler function exists. |
| 2 | `reqwest` added to `cgcx-server/Cargo.toml` | **FAIL** | `reqwest` is not listed in `crates/cgcx-server/Cargo.toml` dependencies. It only appears as a transitive dependency (via `teloxide` in `cgcx-bot`) in `Cargo.lock`. |
| 3 | Frontend report direct submission calls API instead of Telegram deep link | **FAIL** | `frontend/src/routes/Home.svelte` lines 78 and 83 still use `https://t.me/harmfulmeowbot?start=...` deep links. No `fetch` call to a `/api/report` endpoint exists. |
| 4 | Frontend bot username uses dynamic `BOT_USERNAME` instead of hardcoded value | **PARTIAL** | Main bot link (line 54) correctly uses `{BOT_USERNAME}` imported from `api.js`. However, **both report links** (lines 78 and 83) hardcode `harmfulmeowbot` instead of `{BOT_USERNAME}`. |
| 5 | No build errors in Rust workspace or frontend | **PASS** | `cargo check`, `cargo test`, and `npm run build` all succeed with no errors. |
**Overall Batch 2 Status:** NOT YET IMPLEMENTED
---
## 3. Code Evidence
### Server routes (`crates/cgcx-server/src/main.rs`)
```rust
let app = Router::new()
.route("/api/health", get(health))
.route("/api/content/:cxid", get(get_metadata))
.route("/api/content/:cxid/file/:file_idx", get(serve_file))
.route("/api/content/:cxid/file/:file_idx/raw", get(serve_raw_file))
.merge(password_route)
// No /api/report route present
```
### Frontend report section (`frontend/src/routes/Home.svelte`)
```svelte
<a href="https://t.me/harmfulmeowbot?start=submit" target="_blank" rel="noopener">Report Content via Telegram</a>
...
<a href={`https://t.me/harmfulmeowbot?start=report_${reportCxid}`} target="_blank" rel="noopener">
<button disabled={!reportCxid.trim()}>[ Submit ]</button>
</a>
```
### `BOT_USERNAME` in `frontend/src/lib/api.js`
```javascript
export const BOT_USERNAME = "council_websharingbot";
```
---
## 4. Blockers
None for the QA pass itself. However, **Batch 2 implementation is blocked pending subagent work** on:
1. **Server:** Add `POST /api/report` handler that inserts into the `reports` table and forwards to Telegram review groups via `reqwest`.
2. **Server:** Add `reqwest = "0.12"` (or compatible) to `crates/cgcx-server/Cargo.toml`.
3. **Frontend:** Replace Telegram deep-link report buttons with a direct API call to `POST /api/report`.
4. **Frontend:** Replace hardcoded `harmfulmeowbot` in report links with dynamic `{BOT_USERNAME}`.
---
## 5. Existing Infrastructure Ready for Batch 2
- `reports` table exists in DB schema (`migrations/001_init.sql` line 39).
- `ReportRepo` exists in `crates/cgcx-db/src/repos.rs` with `insert`, `get`, `list`, `resolve` methods.
- `Cargo.lock` already contains `reqwest` (transitive via `cgcx-bot`'s `teloxide`), so adding it explicitly to `cgcx-server` will not introduce new transitive deps.