pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

feat: CORS middleware with FRONTEND_ORIGIN env var #189

Closed
pook wants to merge 2 commits from feat/cors-middleware into main
pull from: feat/cors-middleware
merge into: pook:main
Conversation 1 Commits 2 Files changed 6 +474 -2
pook commented 2026-04-09 01:16:00 -04:00
Owner
Copy link

Summary

  • Replaced permissive ALLOWED_ORIGINS default with single FRONTEND_ORIGIN env var
  • When FRONTEND_ORIGIN is unset, all cross-origin requests are rejected (no CORS headers)
  • When set, only that exact origin receives Access-Control-Allow-Origin + Access-Control-Allow-Credentials: true
  • Added 5 unit tests covering preflight and simple requests for matching/mismatched origins, and unset env var

Files changed

  • packages/api/src/index.ts — CORS origin function using FRONTEND_ORIGIN
  • .env.sample — Added FRONTEND_ORIGIN=http://localhost:3000
  • packages/api/tests/e2e/cors.test.ts — New test file (5 tests, all passing)

Test plan

  • bun test packages/api/tests/e2e/cors.test.ts — 5 pass, 0 fail
  • TypeScript type check clean (no new errors)
  • Verify in staging with FRONTEND_ORIGIN set to actual frontend URL

Closes #103

## Summary - Replaced permissive `ALLOWED_ORIGINS` default with single `FRONTEND_ORIGIN` env var - When `FRONTEND_ORIGIN` is unset, all cross-origin requests are rejected (no CORS headers) - When set, only that exact origin receives `Access-Control-Allow-Origin` + `Access-Control-Allow-Credentials: true` - Added 5 unit tests covering preflight and simple requests for matching/mismatched origins, and unset env var ## Files changed - `packages/api/src/index.ts` — CORS origin function using `FRONTEND_ORIGIN` - `.env.sample` — Added `FRONTEND_ORIGIN=http://localhost:3000` - `packages/api/tests/e2e/cors.test.ts` — New test file (5 tests, all passing) ## Test plan - [x] `bun test packages/api/tests/e2e/cors.test.ts` — 5 pass, 0 fail - [x] TypeScript type check clean (no new errors) - [ ] Verify in staging with `FRONTEND_ORIGIN` set to actual frontend URL Closes #103
Replace permissive ALLOWED_ORIGINS default with FRONTEND_ORIGIN.
When unset, all cross-origin requests are rejected. When set,
only that exact origin receives CORS headers with credentials.

Closes #103

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pook commented 2026-04-10 15:04:40 -04:00
Author
Owner
Copy link

Closed 2026-04-10 during pipeline triage.

Why: This PR has merge conflicts with current main and is blocking the CEO agent's view of the backlog. The compliancebot repo had 50 open PRs (most conflicting) and 141 open agent-task issues — CEO couldn't see progress and kept duplicating work.

What was fixed upstream:

  • Git-push race in agent-worker executor (dispatch jobs collided on agent/dispatch/* branch name). RunId now threaded through shim → dispatch → executor for unique branches.
  • Shim /shim/ceo route now injects current open issues/PRs into the CEO prompt + refuses dispatch if backlog exceeds 20.

Reopen / resubmit this PR against current main if the work is still relevant — CEO will now see it and avoid duplicating.

Closed 2026-04-10 during pipeline triage. **Why:** This PR has merge conflicts with current `main` and is blocking the CEO agent's view of the backlog. The compliancebot repo had 50 open PRs (most conflicting) and 141 open agent-task issues — CEO couldn't see progress and kept duplicating work. **What was fixed upstream:** - Git-push race in agent-worker executor (dispatch jobs collided on `agent/dispatch/*` branch name). RunId now threaded through shim → dispatch → executor for unique branches. - Shim `/shim/ceo` route now injects current open issues/PRs into the CEO prompt + refuses dispatch if backlog exceeds 20. **Reopen / resubmit** this PR against current main if the work is still relevant — CEO will now see it and avoid duplicating.
pook closed this pull request 2026-04-10 15:04:47 -04:00

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot!189
No description provided.