fix: address CodeRabbit security and validation issues in Fedora docs and backlog plan

Documentation improvements: - Fix GitHub URL placeholder issues in install-fedora.md - GitHub /latest/download/ endpoint doesn't support version substitution, use explicit download URL pattern instead - Improve security in network troubleshooting section: - Change ping target from claude.ai (marketing site) to api.anthropic.com (actual API) - Remove unsafe 'echo \$ANTHROPIC_API_KEY' command that exposes secrets in shell history - Use safe API key check with conditional output instead Code improvements: - apps/server/src/routes/backlog-plan/common.ts: Add Array.isArray() validation for stored plan shape before returning it. Ensures changes is actually an array, not just truthy, preventing downstream runtime errors. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-01-29 22:02:02 +00:00 · 2026-01-16 12:54:45 +05:30
parent 12f2b9f2b3
commit 8b448b9481
2 changed files with 14 additions and 8 deletions
--- a/apps/server/src/routes/backlog-plan/common.ts
+++ b/apps/server/src/routes/backlog-plan/common.ts
@@ -78,7 +78,7 @@ export async function loadBacklogPlan(projectPath: string): Promise<StoredBacklo
    const filePath = getBacklogPlanPath(projectPath);
    const raw = await secureFs.readFile(filePath, 'utf-8');
    const parsed = JSON.parse(raw as string) as StoredBacklogPlan;
-    if (!parsed?.result?.changes) {
+    if (!Array.isArray(parsed?.result?.changes)) {
      return null;
    }
    return parsed;
--- a/docs/install-fedora.md
+++ b/docs/install-fedora.md
@@ -43,18 +43,20 @@ See main [README.md authentication section](../README.md#authentication) for det

 ### Option 2: Install Directly from URL

-Install from GitHub releases URL without downloading first:
+Install from GitHub releases URL without downloading first. Visit [releases page](https://github.com/AutoMaker-Org/automaker/releases) to find the latest version.

 **Fedora:**

 ```bash
-sudo dnf install https://github.com/AutoMaker-Org/automaker/releases/latest/download/Automaker-<version>-x86_64.rpm
+# Replace v0.11.0 with the actual latest version
+sudo dnf install https://github.com/AutoMaker-Org/automaker/releases/download/v0.11.0/Automaker-0.11.0-x86_64.rpm
 ```

 **RHEL/CentOS:**

 ```bash
-sudo yum install https://github.com/AutoMaker-Org/automaker/releases/latest/download/Automaker-<version>-x86_64.rpm
+# Replace v0.11.0 with the actual latest version
+sudo yum install https://github.com/AutoMaker-Org/automaker/releases/download/v0.11.0/Automaker-0.11.0-x86_64.rpm
 ```

 ## Running Automaker
@@ -289,13 +291,13 @@ If Claude API calls fail:

 ```bash
 # Test internet connectivity
-ping claude.ai
+ping -c 3 api.anthropic.com

 # Test API access
 curl -I https://api.anthropic.com

-# Verify API key
-echo $ANTHROPIC_API_KEY
+# Verify API key is set (without exposing the value)
+[ -n "$ANTHROPIC_API_KEY" ] && echo "API key is set" || echo "API key is NOT set"
 ```

 ## Uninstallation
@@ -384,7 +386,11 @@ sudo yum update automaker

 # Or reinstall latest release
 sudo dnf remove automaker
-sudo dnf install https://github.com/AutoMaker-Org/automaker/releases/latest/download/Automaker-<version>-x86_64.rpm
+
+# Download the latest .rpm from releases page
+# https://github.com/AutoMaker-Org/automaker/releases
+# Then reinstall with:
+# sudo dnf install ./Automaker-<VERSION>-x86_64.rpm
 ```

 ## Getting Help