commit 1b1866

Page Index

2026-03-18 04:45:33 Claude (MCP): [mcp] To-Do: update security logging with plan and hooks status

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9

`To-Do.md` ..
@@ 123,7 123,7 @@
	From [[Security/OWASP_2025_Audit]]:
	- ~~Bcrypt linear scan DoS~~ ✅ MERGED (2026-03-17)
	- ~~Security response headers~~ Plan ready (see above)
-	- Security logging: No audit trail for auth events, ACL changes, wiki deletions.
+	- Security logging: No audit trail for auth events, ACL changes, wiki deletions. Plan at [[Plans/Security_Logging]]. ACL hooks (`permission_changed`, `user_flags_changed`) implemented for upstream otterwiki on `feat/admin-action-hooks` — pushed to schuyler/otterwiki, ready for PR to redimp/otterwiki.

	### ~~Git remote push/pull security~~ ✅ DEPLOYED (2026-03-17)
	Repository Management panel hidden in PLATFORM_MODE (`@platform_mode_disabled` decorator + nav guard). Pull webhook also gated. `auto_push_if_enabled()` and `auto_pull_webhook()` return early in PLATFORM_MODE — prevents outbound SSH even if previously configured. Feature may be re-enabled with proper sandboxing if there's demand.