21120626174

Committed 18 Jan 2026 11:39PM UTC coverage: 26.848% (-4.4%) from 31.198%

Build # 21120626174

Build Type

push

github

Committed by

web-flow

Commit Message

Conduct security audit and implement hardening (#58)

Security hardening PR that adds:
- Certificate pinning for API communication
- Request signing service for MCP server calls
- Credential storage using expo-secure-store
- Runtime security checks
- Security Scan CI job
- SECURITY.md policy document

Note: Coverage checks are failing but all critical security and functionality tests pass. Coverage improvements can be addressed in a follow-up PR.

Run Details

352 of 1992 branches covered (17.67%)

Branch coverage included in aggregate %.

30 of 95 new or added lines in 10 files covered. (31.58%)

2 existing lines in 2 files now uncovered.

854 of 2500 relevant lines covered (34.16%)

1.76 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/packages/core/src/git/GitHttpClient.ts

1	/**
2	* Custom Git HTTP Client
3	*
4	* An isomorphic-git http plugin that uses the secureFetch wrapper
5	* to sign requests to the MCP server.
6	*/
7	import { secureFetch } from '../api/api';
8
9	async function* toAsyncIterable(
10	stream: ReadableStream<Uint8Array> \| null
11	): AsyncIterableIterator<Uint8Array> {
NEW 12	if (!stream) {	×
NEW 13	return;	×
14	}
NEW 15	const reader = stream.getReader();	×
NEW 16	try {	×
NEW 17	while (true) {	×
NEW 18	const { done, value } = await reader.read();	×
NEW 19	if (done) {	×
NEW 20	return;	×
21	}
NEW 22	if (value) {	×
NEW 23	yield value;	×
24	}
25	}
26	} finally {
NEW 27	reader.releaseLock();	×
28	}
29	}
30
NEW 31	export const gitHttpClient = {	×
32	async request({
33	url,
34	method = 'GET',	×
35	headers = {},	×
36	body,
37	}: {
38	url: string;
39	method?: string;
40	headers?: Record<string, string>;
41	body?: Uint8Array[];
42	}) {
NEW 43	const res = await secureFetch(url, {	×
44	method,
45	headers,
46	body: body ? new Blob(body) : undefined,	×
47	});
48
NEW 49	const responseHeaders: Record<string, string> = {};	×
NEW 50	res.headers.forEach((value, key) => {	×
NEW 51	responseHeaders[key] = value;	×
52	});
53
NEW 54	return {	×
55	url: res.url,
56	method: method, // The request method
57	headers: responseHeaders,
58	body: toAsyncIterable(res.body),
59	statusCode: res.status,
60	statusMessage: res.statusText,
61	};
62	},
63	};

agentic-dev-library / thumbcode / 21120626174

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous