From 4bc0aa8185a4d2b68f8f5babd7a55dc844820762 Mon Sep 17 00:00:00 2001 From: Tian1996 <40369357+Tian1996@users.noreply.github.com> Date: Sat, 13 Jun 2026 08:31:05 +0800 Subject: [PATCH 1/4] [agent] test: add web security header validation --- apps/web/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/web/package.json b/apps/web/package.json index cf96fe438..9b7189b56 100644 --- a/apps/web/package.json +++ b/apps/web/package.json @@ -6,6 +6,7 @@ "scripts": { "dev": "next dev", "test": "echo \"No web tests configured yet\"", + "test:security-headers": "node scripts/validate-security-headers.mjs", "lint": "next lint" }, "dependencies": { From 8d5f2ad98ea3364c6c4d0a533e95656fe72371a0 Mon Sep 17 00:00:00 2001 From: Tian1996 <40369357+Tian1996@users.noreply.github.com> Date: Sat, 13 Jun 2026 08:32:04 +0800 Subject: [PATCH 2/4] [agent] fix: configure web security headers --- apps/web/next.config.mjs | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 apps/web/next.config.mjs diff --git a/apps/web/next.config.mjs b/apps/web/next.config.mjs new file mode 100644 index 000000000..206a5963b --- /dev/null +++ b/apps/web/next.config.mjs @@ -0,0 +1,31 @@ +const securityHeaders = [ + { + key: "X-Frame-Options", + value: "DENY" + }, + { + key: "X-Content-Type-Options", + value: "nosniff" + }, + { + key: "Referrer-Policy", + value: "strict-origin-when-cross-origin" + }, + { + key: "Permissions-Policy", + value: "camera=(), microphone=(), geolocation=()" + } +]; + +const nextConfig = { + async headers() { + return [ + { + source: "/:path*", + headers: securityHeaders + } + ]; + } +}; + +export default nextConfig; From db0048d4f8b7db8d607562eb885d82ae6d29fddf Mon Sep 17 00:00:00 2001 From: Tian1996 <40369357+Tian1996@users.noreply.github.com> Date: Sat, 13 Jun 2026 08:32:57 +0800 Subject: [PATCH 3/4] [agent] test: validate web security headers --- .../web/scripts/validate-security-headers.mjs | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 apps/web/scripts/validate-security-headers.mjs diff --git a/apps/web/scripts/validate-security-headers.mjs b/apps/web/scripts/validate-security-headers.mjs new file mode 100644 index 000000000..39c1f56bd --- /dev/null +++ b/apps/web/scripts/validate-security-headers.mjs @@ -0,0 +1,27 @@ +import assert from "node:assert/strict"; + +import nextConfig from "../next.config.mjs"; + +const requiredHeaders = new Map([ + ["X-Frame-Options", "DENY"], + ["X-Content-Type-Options", "nosniff"], + ["Referrer-Policy", "strict-origin-when-cross-origin"], + ["Permissions-Policy", "camera=(), microphone=(), geolocation=()"] +]); + +assert.equal(typeof nextConfig.headers, "function", "next.config.mjs must define headers()"); + +const routes = await nextConfig.headers(); +const allRoutes = routes.find((route) => route.source === "/:path*"); + +assert.ok(allRoutes, "security headers must apply to all routes"); + +const configuredHeaders = new Map( + allRoutes.headers.map((header) => [header.key, header.value]) +); + +for (const [key, value] of requiredHeaders) { + assert.equal(configuredHeaders.get(key), value, `${key} header is missing or incorrect`); +} + +console.log("Security headers configuration is valid."); From b185de213abc1246038b8a423a1cfeb006be432a Mon Sep 17 00:00:00 2001 From: Tian1996 <40369357+Tian1996@users.noreply.github.com> Date: Sat, 13 Jun 2026 08:33:50 +0800 Subject: [PATCH 4/4] [agent] chore: register Codex contributor metadata --- contributors/agents.json | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/contributors/agents.json b/contributors/agents.json index a3fbd7156..685ea7594 100644 --- a/contributors/agents.json +++ b/contributors/agents.json @@ -1,5 +1,12 @@ { - "agents": [], - "last_updated": "2026-06-03", - "total_contributions": 0 + "agents": [ + { + "name": "OpenAI Codex", + "model": "GPT-5", + "platform": "Codex", + "first_contribution": "2026-06-13" + } + ], + "last_updated": "2026-06-13", + "total_contributions": 1 }