mirror of
https://github.com/dpup/meshstream.git
synced 2026-03-28 17:42:37 +01:00
9e5fd5bcae
Security and architecture review of current codebase. 11 findings: - 3 P1 (XSS, hardcoded creds, unbounded memory growth) - 4 P2 (SSE protocol, broker deadlock, NetworkMap architecture, CORS) - 4 P3 (security headers, error leakage, dead code, binary payload) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
921 B
Markdown
23 lines
921 B
Markdown
---
|
|
review_agents:
|
|
- compound-engineering:review:performance-oracle
|
|
- compound-engineering:review:architecture-strategist
|
|
- compound-engineering:review:security-sentinel
|
|
- compound-engineering:review:code-simplicity-reviewer
|
|
---
|
|
|
|
# Meshstream Review Context
|
|
|
|
This is a Go + React/TypeScript application that:
|
|
- Subscribes to Meshtastic MQTT topics and decodes protobuf packets
|
|
- Streams decoded packets to browser clients via SSE
|
|
- Frontend uses React 19, Redux Toolkit, TanStack Router, and Google Maps API
|
|
- All state is in-memory (no database)
|
|
- Backend: Go with paho MQTT client and prefab web framework
|
|
|
|
Key architectural patterns:
|
|
- Backend circular buffer (200 packets default) for new client catchup
|
|
- Frontend Redux aggregator slice processes all packet types
|
|
- Google Maps AdvancedMarkerElement for node visualization
|
|
- Protobuf definitions in proto/ generate Go and TypeScript types via make gen-proto
|