Council
|
6f26816277
|
Merge branch 'council/BackendArchitect'
|
2026-04-15 09:18:42 +08:00 |
|
Council
|
11fa6ccfdb
|
council(draft): BackendArchitect - 输出 vr-shopxo-plugin 架构评审报告
发现严重问题:
- onOrderPaid() 无幂等性(并发重复发票)
- verifyTicket() TOCTOU 竞态条件
- QR Secret 默认密钥硬编码
- |raw XSS 漏洞(goods.simple_desc)
- 购票参数无服务端验证
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-15 09:18:34 +08:00 |
|
Council
|
6664be6cc8
|
council(draft): SecurityEngineer - complete security review for vr-shopxo-plugin
Findings: 1 critical (onOrderPaid race condition), 5 medium, 3 low, 4 suggestions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-15 09:17:08 +08:00 |
|
Council
|
852623fc9f
|
docs: 完整开发日志 DEVELOPMENT_LOG.md
- 覆盖 2026-04-13 调研 → 2026-04-15 Phase 0/1 完成全记录
- 需求背景 + 技术栈决策
- ShopXO 插件机制调研结论
- Phase 0 插件骨架(14文件 + 4表 + 测试数据)
- Phase 1 Goods.php 改法 + 浏览器验证截图
- Council 审议记录
- 关键决策固化表
- Phase 2/3/4 下步计划
- 清理废弃 review 文件
|
2026-04-15 09:12:32 +08:00 |
|
Council
|
a052d812ad
|
council(draft): PM - PM Q1-Q4 review output
|
2026-04-14 18:21:32 +08:00 |
|
Council
|
dd538ba08e
|
fix: 明确允许最小范围修改ShopXO源码(MIT协议),以进度为先
|
2026-04-14 14:10:59 +08:00 |
|
Council
|
b713cd73c3
|
council(finalize): backend-reviewer - execute T6/T8/T9, vote YES
- T6: Confirm payment callback hook plugins_service_buy_order_insert_success
- T8: Supplement verifier permission validation (vr_verifiers whitelist)
- T9: Supplement vr_events/vr_sessions DDL (complete, indexed)
- Review pm-reviewer output: concurrent control already covered in 03 §9
- Vote: [CONSENSUS: YES] - docs ready for coding
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-14 14:09:56 +08:00 |