CodeRabbit and Codecov surfaced real gaps in UDS framing, peer discovery, mailbox retention, and summary context coverage. This tightens those paths without suppressing review or coverage signals.
Constraint: PR #369 must address CodeRabbit and Codecov findings without warning suppression or fake fallbacks
Rejected: Suppress Codecov or CodeRabbit warnings | leaves real receive-path and test-isolation gaps
Rejected: Add unreachable feature-gated tests | bun:bundle keeps those branches compile-time gated in local tests
Confidence: high
Scope-risk: moderate
Directive: Keep UDS auth-token rejection outside feature flags; do not reintroduce inline token fallbacks
Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run test:all; bun run lint; bun run build; bun run build:vite; bun audit; git diff --cached --check
Not-tested: Remote Codecov/CodeRabbit refreshed reports until pushed
- Trim and normalize target before use
- Validate with validateBridgeId allowlist (same as bridgeApi.ts)
- URL-encode compatTarget to prevent path traversal/injection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
getBridgeAccessToken() provides the OAuth Bearer token, matching
the auth pattern used by bridgeApi.ts and codeSessionApi.ts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- webhookSanitizer: redact before truncate to avoid split secrets at boundary
- webhookSanitizer: return safe placeholder on error instead of raw content
- peerSessions: use discriminated union return type for type safety
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add BRIDGE_MODE to DEFAULT_FEATURES in dev.ts
- Implement peerSessions.ts: cross-session messaging via bridge API
- Implement webhookSanitizer.ts: redact secrets from webhook payloads
- Replace any stubs in controlTypes.ts with Zod schema-inferred types
- Fix tengu_bridge_system_init default to true for app "active" status
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
