docs: code review snapshot of master @ 114f89a by upsetbit · Pull Request #66 · c3-oss/prosa

upsetbit · 2026-06-05T19:53:08Z

Summary

8 parallel reviewer agents covered go idioms, security, importers, store, cli, panel/server, testing, and architecture.
Each report carries severity-ranked findings with file:line citations and concrete fixes (~26k words total).
review/README.md indexes cross-cutting headlines where multiple reviewers converged, plus a Top-10 actions-by-ROI list.

Cross-cutting headlines

Fakes mascarando contrato de produção — inMemSink em 5 dos 6 importers ainda não implementa SkipCache; mesmo padrão que produziu o bug de FK no commit 114f89a.
Path traversal via session ID controlado por atacante — filepath.Join(rawRoot, sessionID+ext) aceita IDs vindos de JSONL/SQLite externos.
Analytics bifurcado entre internal/store/analytics.go (SQLite) e internal/server/handlers/analytics.go (Postgres), com shapes divergentes mascarados por normalizeRemoteAnalyticsResult.
CSRF + security headers ausentes no panel.
internal/cli/sync.go virou orquestrador de 701 linhas com 5 responsabilidades misturadas.

Posture saudável (calibração)

Boundaries pkg/internal/binaries respeitadas (sem critical em arquitetura).
SQL parametrizado em todo lugar; FTS5 bound; PKCE/state/sha256; html/template + goldmark com unsafe desligado.
260 sites de fmt.Errorf("...: %w", ...); vet limpo; zero //nolint.
Disciplina de ProjectionVersion v6→v7→v8 elogiada como exemplar.
gen/ limpo; migration ownership clean.

Intent

Este PR não é documentação durável do prosa — é um audit point-in-time
no 114f89a. Os achados devem virar issues/PRs separados. Considerar
deletar review/ ou movê-lo para docs/reviews/2026-06-05/ antes de
mergear, dependendo de como você quer tratar relatórios de auditoria.

Test plan

markdownlint-cli2 --fix aplicado em todos os arquivos
Pre-commit hooks passaram (markdownlint, gitleaks, commitlint)
Pre-push gate passou (lint-links, agnix, gitleaks, npm-check)
Reviewer humano para decidir se o conteúdo vira issues/PRs e onde os reviews ficam guardados

🤖 Generated with Claude Code

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

Multi-agent review across 8 dimensions (go idioms, security, importers, store, cli, panel/server, testing, architecture). Each report carries severity-ranked findings with file:line citations and concrete fixes. README.md indexes cross-cutting headlines where reviewers converged. Intended as a point-in-time audit to drive action items, not durable prosa documentation — see review/README.md "Top-10 ações por ROI" for the prioritized followups. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: code review snapshot of master @ 114f89a#66

docs: code review snapshot of master @ 114f89a#66
upsetbit wants to merge 1 commit into
masterfrom
docs/code-review-master

upsetbit commented Jun 5, 2026 •

edited by blacksmith-sh Bot

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

upsetbit commented Jun 5, 2026 • edited by blacksmith-sh Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Cross-cutting headlines

Posture saudável (calibração)

Intent

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

upsetbit commented Jun 5, 2026 •

edited by blacksmith-sh Bot

Loading