Skip to content

fix(app): hardening — crash prevention, thread safety, filename sanitization#59

Merged
pasrom merged 5 commits intomainfrom
fix/hardening
Mar 22, 2026
Merged

fix(app): hardening — crash prevention, thread safety, filename sanitization#59
pasrom merged 5 commits intomainfrom
fix/hardening

Conversation

@pasrom
Copy link
Copy Markdown
Owner

@pasrom pasrom commented Mar 22, 2026

Summary

Cherry-picked hardening fixes from execsumo/meeting-transcriber fork:

  • AppPaths.dataDir: Replace fatalError with fallback to ~/.MeetingTranscriber/ when Application Support unavailable
  • MeetingDetector: Replace try! with do/catch for regex compilation — invalid patterns are silently skipped instead of crashing
  • Permissions: Use OSAllocatedUnfairLock for thread-safe accessibility prompt guard
  • ProtocolGenerator: Sanitize filenames (strip / : \ NUL), cache DateFormatter as static property
  • PipelineQueue: Use defer for FileHandle.closeFile() to prevent resource leaks
  • Helpers (AudioTapLib): Cache mach_timebase_info (constant per boot, was re-queried on every call)

Test plan

  • 5 new tests for filename sanitization (/ : \ NUL + combined)
  • 2 new tests for invalid regex graceful handling (skip bad + keep valid)
  • Full suite: 759 tests, 0 failures

@execsumo @claude @pasrom
fix(app): replace fatalError with fallback in AppPaths.dataDir
7eb0dc3 
If Application Support directory is unavailable (e.g. restricted
sandbox), the app previously crashed at launch. Now falls back to
~/.MeetingTranscriber/ and logs an error instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added the bug Something isn't working label Mar 22, 2026
execsumo and others added 4 commits March 22, 2026 10:56
@execsumo @claude @pasrom
fix(app): replace try! with graceful error handling in MeetingDetector
a433278 
Invalid regex patterns previously crashed the app at init time.
Now uses compactMap with do-catch to skip invalid patterns and log
the error, allowing the app to continue with remaining patterns.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@execsumo @claude @pasrom
fix(app): use OSAllocatedUnfairLock for accessibility prompt guard
4084e2d 
The static `hasPromptedAccessibility` flag was unprotected, allowing
a race condition if ensureAccessibilityAccess() was called concurrently
from multiple threads — the prompt could be shown multiple times.

Replace with OSAllocatedUnfairLock for atomic check-and-set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@execsumo @claude @pasrom
fix(app): sanitize filenames, cache mach timebase, use defer for file…
e5dfbed 
… handles

- ProtocolGenerator: strip invalid filename characters (/ : \ NUL),
  cache DateFormatter as static property
- PipelineQueue: use defer for FileHandle.closeFile()
- Helpers: cache mach_timebase_info (constant per boot, was re-queried
  on every call)
- Update roadmap with refined custom words implementation details

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@pasrom
test(app): add tests for filename sanitization and invalid regex hand…
c696e51 
…ling

- 5 tests for ProtocolGenerator filename sanitization (/, :, \, NUL)
- 2 tests for MeetingDetector graceful handling of invalid regex patterns
@pasrom pasrom merged commit dfba3c0 into main Mar 22, 2026
6 checks passed
@pasrom pasrom deleted the fix/hardening branch March 22, 2026 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pasrom @execsumo