Skip to content

Add mail-to-ticket safety guards#1312

Open
nonggde wants to merge 1 commit into
Stellar-Mail:mainfrom
nonggde:codex/mail-ticket-security-622
Open

Add mail-to-ticket safety guards#1312
nonggde wants to merge 1 commit into
Stellar-Mail:mainfrom
nonggde:codex/mail-ticket-security-622

Conversation

@nonggde

@nonggde nonggde commented Jul 7, 2026

Copy link
Copy Markdown

Closes #622

Summary

  • add folder-local Mail-to-Ticket Converter guard helpers for untrusted draft input, attachment metadata, history, team candidates, and bounded batches
  • add hostile input fixtures for active content, secret-like text, invalid senders, risky attachments, and oversized attachments
  • document threat assumptions, unsafe inputs, non-goals, and performance limits for future integration
  • add a zero-dependency Node guard test suite covering sanitization, rejection, warnings, attachment limits, batch caps, and docs

Scope

  • only touches tools/v2/team/mail-to-ticket-converter/
  • no app shell, dashboard, routing, auth, wallet, Stellar, database, inbox, mail rendering, notification, ticket provider, assignment write, external service, or design-system integration
  • no production data, live network calls, persistence, secrets, or side effects

Validation

  • node --test tools/v2/team/mail-to-ticket-converter/tests/security-performance-guards.test.mjs
  • npx --yes prettier --check on the changed Mail-to-Ticket Converter security/performance files
  • git diff --check
  • ASCII scan over tools/v2/team/mail-to-ticket-converter

Note

Normal HTTPS git push hung in this environment, so I created the fork branch through the GitHub Git Database API with the same changed file contents.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[V2][team] Mail-to-Ticket Converter - Security and performance hardening

1 participant