Skip to content

Add tenant-aware cache key review skill#2573

Closed
YfengJ wants to merge 1 commit into
UnitOneAI:mainfrom
YfengJ:codex/tenant-cache-key-2416
Closed

Add tenant-aware cache key review skill#2573
YfengJ wants to merge 1 commit into
UnitOneAI:mainfrom
YfengJ:codex/tenant-cache-key-2416

Conversation

@YfengJ

@YfengJ YfengJ commented Jun 14, 2026

Copy link
Copy Markdown

/claim #2416

Summary

  • add a dedicated tenant-aware-cache-key-review skill for multi-tenant applications, cache-backed APIs, shared edge/CDN caches, data-loader caches, and background warmers
  • cover cache-key authority completeness, authorization before cache hits, access-change invalidation, edge/CDN/browser cache controls, background warmer safety, and observability/regression evidence
  • add vulnerable and benign fixtures for cache keys that drop tenant/role context versus tenant-aware scoped caching
  • update index.yaml and quote the existing ISO framework values so the index parses cleanly

Validation

  • RED check before implementation: confirmed the skill file and index entry were missing
  • ruby -ryaml -e 'idx = YAML.load_file("index.yaml"); files = idx.fetch("skills").map { |s| s.fetch("file") }; missing = files.reject { |p| File.file?(p) }; abort "missing files:\n#{missing.join("\n")}" unless missing.empty?; count = idx.fetch("meta").fetch("skill_count"); abort "skill_count #{count} != #{files.size}" unless count == files.size; puts "index ok: #{files.size} skills"'
  • ruby -e 'Dir["skills/**/*.md"].each { |f| n = File.read(f).scan(/^```/).size; abort "#{f}: odd fenced code count #{n}" if n.odd? }; puts "markdown fences ok"'
  • find tests -name '*.json' -print0 | xargs -0 -n1 jq empty && echo 'json fixtures ok'
  • git diff --cached --check

Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.

@YfengJ YfengJ requested a review from kamalsrini as a code owner June 14, 2026 15:51
@YfengJ YfengJ mentioned this pull request Jun 14, 2026
Open
4 tasks
@daviediao-code

daviediao-code commented Jun 14, 2026

Copy link
Copy Markdown

Claim Submitted

PR: https://github.com/daviediao-code/SecuritySkills/pull/1

Skill: tenant-aware-cache-key-review

What I delivered:

  • SKILL.md with OWASP API Security, NIST SP 800-145, RFC 9110 references
  • Detection patterns for tenant-leakage in cache keys
  • Before/after remediation examples
  • Falsifiable verification test
  • 2 false positive patterns + 1 precision trap
  • Test fixtures (1 vulnerable, 1 benign)
  • Updated index.yaml with new skill entry

Requested bounty tier: Intermediate ($350)

Payment details can be provided privately after maintainer acceptance.

@daviediao-code daviediao-code mentioned this pull request Jun 14, 2026
Open
11 tasks
@YfengJ YfengJ force-pushed the codex/tenant-cache-key-2416 branch from c128eaf to 1a1fba9 Compare June 14, 2026 18:02
@YfengJ YfengJ force-pushed the codex/tenant-cache-key-2416 branch from 1a1fba9 to 15d80d9 Compare June 14, 2026 18:30
@YfengJ

YfengJ commented Jun 14, 2026

Copy link
Copy Markdown
Author

Thanks for sharing. To avoid confusing the review thread for maintainers, this PR (#2573) is my submission for the tenant-aware-cache-key-review work. Your linked PR looks like a separate submission and should be evaluated independently. I’ll leave bounty eligibility and merge selection to the maintainers.

@kamalsrini kamalsrini closed this Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kamalsrini kamalsrini Awaiting requested review from kamalsrini kamalsrini is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@YfengJ @daviediao-code @kamalsrini