max / makenotwork

Update MT todo: all fuzz findings resolved Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Max J. <87768334+MaxJMath@users.noreply.github.com> · 2026-04-26 20:20 UTC

Commit: dec98f8179a5f1df56c4892843965b34275d3048

Parent: bbfc2eb

1 file changed, +2 insertions, -2 deletions

M multithreaded/docs/todo.md +2 -2

			@@ -20,8 +20,8 @@ v0.3.4. Audit grade A. 232 tests.
20	20		### Minor
21	21		- [x] `parse_duration` silent default to permanent: now returns error on unrecognized values. (fixed 2026-04-26)
22	22		- [x] `/internal/threads/{id}/stats` unauthenticated: added HMAC verification + signed GET in MNW client. (fixed 2026-04-26)
23		-	- [ ] `auto_hide_if_threshold_met` records the flagger's user_id as `removed_by`, not a system/mod account. Misleading audit trail. (`src/routes/flagging.rs:82`)
24		-	- [ ] `/search` endpoint has no rate limiting (GET in read_routes). Full-text + trigram similarity queries are expensive. Fix: add per-IP rate limit or move to write_routes group. (`src/routes/search.rs`)
	23	+	- [x] `auto_hide_if_threshold_met` audit trail: set `removed_by` to NULL for system-initiated removals; mod log records the event. (fixed 2026-04-26)
	24	+	- [x] `/search` rate limiting: added per-IP governor (burst 5, 1/sec) on search endpoint. (fixed 2026-04-26)
25	25
26	26		---
27	27