feat(hub): i3X external ID columns + python-multipart CVE bump#1180
Merged
Conversation
0.0.28 caps multipart boundary length at 256 bytes (Kludex/python-multipart#282), patching the HIGH-severity DoS where a crafted boundary forces O(n²) tail scans. 0.0.27 added header limits but did not bound the boundary scan itself. Affects mira-ingest (POST /ingest/photo) and mira-mcp (POST /ingest/pdf) — both accept multipart uploads from untrusted callers. CRA-252. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds 7 nullable TEXT columns to cmms_equipment so a MIRA asset can
round-trip with adjacent systems (cmms_id, plc_tag, scada_path,
manufacturer_part_number, uns_topic_path, erp_asset_id, drawing_reference).
serial_number already existed and is unchanged.
- migration 013_external_ids.sql (NOT auto-run — Mike approves)
- /api/assets/by-tag returns externalIds {} on the asset payload
- /m/[tag] renders a collapsed "External IDs" section, hidden when empty
(only shown when at least one field is populated — keeps the
glove-friendly main view uncluttered)
- seed-stardust-racers populates plc_tag / scada_path / uns_topic_path /
manufacturer_part_number for SR-SUMP-001 for the May 21 demo
CRA-258.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🤖 AI Code ReviewReview by: groq (llama-3.3-70b-versatile) Review🔴 IMPORTANT: Security vulnerabilities
🔴 IMPORTANT: Missing error handling on network/IO operations
🟡 WARNING: Logic bugs or incorrect assumptions
🟡 WARNING: Missing input validation at API boundaries
🔵 SUGGESTION: Code quality improvements, naming, maintainability
✅ GOOD: Noteworthy good practices found
Generated by the MIRA automated code review pipeline (Groq → Cerebras → Gemini cascade) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
🤖 Generated with Claude Code