[AZ-501] [AZ-502] Cycle 2 Step 14 security audit + inline fixes

Security audit (5 phases) → reports under _docs/05_security/. AZ-501 (F-SAST-1, HIGH): Externalize hardcoded Google Geocode key from mission-planner/src/config.ts to VITE_GOOGLE_GEOCODE_KEY via new GeocodeService.ts; fail-soft warn when unset; STC-SEC1D static deny-list gate; +5 unit tests in tests/mission_planner_geocode.test.ts. AZ-502 (F-DEP-1, HIGH): Force vite>=6.4.2 and postcss>=8.5.10 via package.json overrides in both roots; clean reinstall clears all bun audit advisories. Test-spec sync (Step 12) + Update Docs (Step 13) deltas: AC-43, AC-44, NFT-SEC-09b, FT-P-61, FT-N-17, ripple log, batch_12 report. Pending user actions: revoke Google + OWM keys (AC-6 / AZ-499 AC-7). 229 PASS / 13 SKIP / 0 FAIL on static + fast suites. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-22 10:31:10 +00:00 · 2026-05-12 05:31:11 +03:00
parent b016fd8207
commit f7dd6c98d8
32 changed files with 1833 additions and 502 deletions
@@ -199,7 +199,8 @@ function main() {
    kind === 'legacy_integrations' ||
    kind === 'concurrent_edit_patterns' ||
    kind === 'alert_calls' ||
-    kind === 'owm_key_in_source'
+    kind === 'owm_key_in_source' ||
+    kind === 'google_key_in_source'
  ) {
    hits = checkSourceTree(section, root, ['src', 'mission-planner'])
  } else if (kind === 'destructive_surfaces') {