docs(qa): B16 execution — log QA-B16-01 (version check "optional" but no opt-out)

Ran the quick B16 checks: encryption-key lifecycle safe (hasKey guard + v2
db-key fallback → graceful, no plaintext), migrations idempotent. Found: the
privacy policy calls the update/version check "optional" but there is no opt-out
setting, and it hits a hardcoded host on About/Status/version load. Logged S4.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
null 2026-07-03 09:55:58 -05:00
parent 9876207781
commit e8190170dc
1 changed files with 2 additions and 2 deletions

View File

@ -104,7 +104,7 @@ before cross-cutting; regression last). Update **Status** and **Findings** every
| B13 | API / backend direct | all `/api/*`: auth, CSRF, validation, rate limits, error shape, IDOR, cents | via HTTP client | ✅ | 0 / 1 |
| B14 | Non-functional | a11y, performance, PWA/offline, XSS/secrets, timezone/DST | large + adversarial | ✅ | 0 / 4 |
| B15 | Regression & sign-off | full smoke on **production build**, exit criteria | seeded | ✅ | 0 / 0 |
| B16 | Migrations, secrets & deploy | migration idempotency/rollback/fresh==migrated, encryption-key lifecycle, `docker-entrypoint` (perms/first-run/migrate), update-check phone-home | scratch + docker | ⬜ | 0 / 0 |
| B16 | Migrations, secrets & deploy | migration idempotency/rollback/fresh==migrated, encryption-key lifecycle, `docker-entrypoint` (perms/first-run/migrate), update-check phone-home | scratch + docker | 🔄 | 1 / 0 |
> After B15, if any batch is 🔁 or has open S1/S2, loop back. Then start a new
> cycle from B0 against the next build/version.
@ -149,7 +149,7 @@ fixing. Keep only **Open / Fixing / Fixed** rows here. Once a finding is
| ID | Sev | Area (`file:line`) | Summary | Status | Notes / repro |
|----|-----|--------------------|---------|--------|---------------|
| _(none — all Cycle 1 findings fixed, verified & archived to `HISTORY.md` v0.41.0)_ | | | | | |
| QA-B16-01 | S4 | `services/updateCheckService.js` + `routes/privacy.js` | Privacy policy calls the version check "**optional**", but there is **no opt-out** — it phones a hardcoded host (`dream.scheller.ltd`) whenever About/Status/version is loaded | 🔴 Open | decision needed: add a toggle vs reword |
**Finding template** (paste a new row above; keep the full write-up here until archived):