Test User 579246dc26 docs: add API security hardening design plan ...

Security improvements identified for the protect-api-with-api-key branch:
- Use short-lived wsToken for WebSocket auth (not session tokens in URLs)
- Add AUTOMAKER_HIDE_API_KEY env var to suppress console logging
- Add rate limiting to login endpoint (5 attempts/min/IP)
- Use timing-safe comparison for API key validation
- Make WebSocket tokens single-use

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-29 17:17:16 -05:00

..

src

docs: add API security hardening design plan

2025-12-29 17:17:16 -05:00

tests

docs: add API security hardening design plan

2025-12-29 17:17:16 -05:00

.env.example

refactor: streamline ALLOWED_ROOT_DIRECTORY handling and remove legacy support

2025-12-20 20:49:28 -05:00

.gitignore

feat: add comprehensive integration tests for auto-mode-service

2025-12-13 13:34:27 +01:00

package.json

docs: add API security hardening design plan

2025-12-29 17:17:16 -05:00

pnpm-lock.yaml

feat: add comprehensive integration tests for auto-mode-service

2025-12-13 13:34:27 +01:00

tsconfig.json

chore: update project management and API integration

2025-12-12 00:23:43 -05:00

tsconfig.test.json

feat: add comprehensive integration tests for auto-mode-service

2025-12-13 13:34:27 +01:00

vitest.config.ts

adjusted minheight logic and fixed tests

2025-12-21 23:13:59 -06:00