feat(web): content_policy gates on all idea write-paths (sub-project C, Phase 3) #84
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "feat/copilot-content-policy-web"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Sub-project C, Phase 3 - the AVG content-policy gate on all web/REST idea write-paths. Completes the platform enforcement (Phase 2 covered the MCP path).
What
lib/idea-content-policy.ts-checkIdeaContentAllowed(productId, text): loads the effectiveproduct.content_policy,parseContentPolicy(fail-closed on malformed),checkContentPolicy. One shared helper for all 4 sites.actions/ideas.ts- gatecreateIdeaAction(before the create) +updateIdeaAction(re-check against the target product on a title/description/product_id change).app/api/ideas/route.ts- gatePOST(before the create).app/api/ideas/[id]/route.ts- gatePATCH(re-check against the target product).__tests__/lib/no-ungated-idea-write.test.ts) - fails if any of the 3 write-path files loses itscheckIdeaContentAllowedreference.No submodule bump needed
web
mainalready vendors shared9a0a0bd(via the merged migration PR #83), so@shared/content-policy+ thecontent_policycolumn are already available. This PR is gate code only.Tests
15 new (helper x4, actions x4, REST x4, hardstop x3). Full verify: lint 0 errors, typecheck clean, 1449/1449 tests (178 files).
Deploy
The migration is already live (Scrum4Me #83 deployed by 154), so these gates are deploy-safe. The checker itself was reviewed on scrum4me-shared #16 (3 codex + 3 adversarial rounds); this PR only wires it in (same pattern as the codex-akkoord'd mcp PR #53).
🤖 Generated with Claude Code