docs: update TODO and CHANGELOG for session work

- TODO: mark completed (SPKI persistence, theme editor, pro components, error handling, marketplace, E2E expansion), add new items (E2E failures, daemon integration) - CHANGELOG: add ThemeEditor, marketplace, 6 commercial modules, AppError enum, E2E daemon, security fixes (5 critical + 14 high)
2026-03-18 05:16:37 +01:00 · 2026-03-18 05:16:37 +01:00 · 0803dc3844
commit 0803dc3844
parent a94158e894
2 changed files with 34 additions and 21 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,15 +8,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]

 ### Added
+- **ThemeEditor** — 26 color pickers (14 Accents + 12 Neutrals), live preview, import/export JSON, custom theme persistence to SQLite
+- **Plugin marketplace** — 13 plugins (8 free, 5 paid), catalog.json, SHA-256 checksum verification, HTTPS-only downloads, path traversal protection
+- **6 commercial Rust modules** — Budget Governor, Smart Model Router, Persistent Agent Memory (FTS5), Codebase Symbol Graph, Git Context Injection, Branch Policy Enforcement
+- **Pro Svelte components wired** — AnalyticsDashboard, SessionExporter, AccountSwitcher, PluginMarketplace, BudgetManager, ProjectMemory, CodeIntelligence integrated into ProjectBox Pro tab
+- **SPKI pin persistence** — relay TLS pins saved to groups.json (TOFU model), survive app restarts
+- **E2E test daemon** — standalone CLI (tests/e2e/daemon/) with ANSI terminal dashboard, smart test caching (3-pass skip), error toast catching, Agent SDK NDJSON bridge
+- **E2E Phase D/E/F specs** — 54 new tests covering settings panel, error states, agent pane, providers, health indicators, metrics, search, LLM-judged quality
 - **Error handling foundation** — `extractErrorMessage(err: unknown)` normalizer, `handleError`/`handleInfraError` dual utilities, error-classifier extended with ipc/database/filesystem types (9 total), toast rate-limiting (max 3 per type per 30s)
+- **AppError enum (Rust)** — 10 typed variants (Database, Auth, Filesystem, Ipc, NotFound, Validation, Sidecar, Config, Network, Internal) replacing Result<T, String> across 28 files
+- **Global unhandled rejection handler** — catches unhandledrejection + error events, routes through handleInfraError
 - **Settings redesign** — 6 modular category components (Appearance, Agents, Projects, Orchestration, Security, Advanced) replacing 2959-line SettingsTab monolith, SettingsPanel shell with horizontal tab bar
 - **Docs reorganization** — 11 new subdirectory files (architecture, production, agents, sidecar, multi-machine, contributing), 6 new reference docs (quickstart, ref-settings, ref-btmsg, ref-bttask, ref-providers, guide-developing, dual-repo-workflow), bterminal references purged

 ### Fixed
+- **5 critical security issues** — fake SHA-256 → real sha2 crate, tar path traversal protection (--no-same-owner + canonicalize), install path traversal (plugin_id validation), SSRF via curl (--proto =https), symbol scanner path traversal (depth + file count limits)
+- **14 high security issues** — git flag injection guards, FTS5 query sanitization (double-quote wrapping), budget TOCTOU (atomic transaction), UTF-8 boundary panic (floor_char_boundary), positional→named column access (5 files)
 - **Theme dropdown** — `$derived.by()` instead of `$derived()` for themeGroups computation, `@html` replaced with proper Svelte elements
+- **E2E port conflict** — dedicated port 9750 for tauri-driver, devUrl port 9710 conflict detection, app identity verification, stale process cleanup
+- **E2E selectors** — 9 spec files updated for redesigned UI (settings panel, agent pane, terminal tabs, project header)
 - **15 Svelte warnings** — a11y_click_events_have_key_events, a11y_consider_explicit_label, css_unused_selector, state_referenced_locally, node_invalid_placement_ssr
 - **Infrastructure bridge error handling** — telemetry-bridge and notifications-bridge empty `.catch(() => {})` replaced with documented console.warn explaining recursion prevention

+### Security
+- **Marketplace hardening** — real SHA-256 (sha2 crate), empty checksum rejection, HTTPS-only URLs (--proto =https), 50MB download limit (--max-filesize), tar --no-same-owner, post-extraction path validation, plugin_id sanitization (rejects .., /, \)
+- **FTS5 injection prevention** — user queries wrapped in double-quotes to prevent operator injection
+- **Memory fragment limits** — per-project 1000 fragment cap, 10000 char content limit, transaction-wrapped multi-updates
+- **Budget index** — added idx_budget_log_project for query performance
+
 ### Changed
 - **Dual-repo commercial structure** — agents-orchestrator/agents-orchestrator private repo as commercial source of truth, DexterFromLab/agent-orchestrator as community mirror. Two git remotes (origin + orchestrator) configured locally
 - **agor-pro plugin crate** — Tauri 2.x plugin for commercial features. Feature-gated via `--features pro`. Registered via `app.handle().plugin(agor_pro::init())` in setup()