Six audit-driven fixes from 2026-05-02 punch list at memory/cauldron-codebase-audit.md.
CRITICAL
- F-1 routes: SSRF guard on /api/discover/scrape-start. Every URL is
validated via discover_recipes.is_public_url() — parses host, rejects
IP literals in private/loopback/link-local/multicast/reserved ranges,
resolves hostnames via getaddrinfo and rejects if any A/AAAA is private.
Defense-in-depth: _scrape_one re-validates before fetch in case any
future caller bypasses the route. Rejected URLs are returned in the
response payload so the user knows which were skipped.
- F-6 domain: prompt-injection mitigation on enrich_recipe + verify_allergens.
New apply_allergen_safety_override() in forge.py runs regex pattern-
matching against the raw ingredient text for the SIX anaphylaxis-class
allergens (peanuts, nuts, shellfish, fish, eggs, sesame, dairy). On
match, force contains.<allergen>=TRUE regardless of Sonnet output. False
positives are recoverable; undetected anaphylaxis is not. Pork/soy/
gluten not auto-overridden (religious/dietary or too-common).
HIGH
- F-2 routes: /api/discover/reject swapped from global status flip to
per-household scope. New migration 039 cauldron_discover_skips
(discover_id, household_id, skipped_by_sub, skipped_at) join table.
list_discovered_recipes default view filters out caller-household
skips; ?status=skipped surfaces them for unskip. Different households
have different tastes.
- F-3a routes: /login?next= same-origin validation. Reject anything that
doesn't start with `/`, AND reject `//evil.example` protocol-relative
redirects. One-line fix.
- F-10 domain: Sterilizer.apply_recipe ingredient-count guard. Refuse to
apply if Mealie's current recipeIngredient length differs from the
preview's proposals length. Python's zip would silently truncate;
user edits made during the 60-300s Sonnet window now raise
RuntimeError instead of getting clobbered. Bulk runner already catches
RuntimeError per-recipe, marks proposal stale.
- F-15 domain: aggregator qty=None safety net. Ingredients with no
quantity now go to a separate no_qty_items list instead of being
silently coerced to 0.0 (which then failed the `any(qty for ...)`
truthiness check and dropped the food off the shopping list). If no
other line was emitted, write a "qty unspecified" placeholder so the
food APPEARS on the list. If a sized line WAS emitted, append a
"+ N ingredient(s) with no quantity" note.
ALSO (one-liners called out in the punch list)
- Migration 029 DROP INDEX gets IF EXISTS — prevents boot-brick on
partial-failure retry.
- Flavor B prefix prompt rule — Sonnet now told to keep `lib:`/`disc:`
prefix verbatim; prevents intermittent 502s on the panel just shipped.
- list_discover_eligible_for_group switched from LEFT JOIN to NOT EXISTS
subqueries — fixes F-5 data (LIMIT-shrink from cross-group import
multiplication) and adds the per-household skip filter cleanly.
All edits AST-verified. Allergen regex tested with peanut/fish/clean
inputs — flips correctly, preserves Sonnet TRUEs, no over-broad coverage.
Mediums + lows from the audit are tracked in
memory/cauldron-codebase-audit.md and deferred until Cobb hits them
during dogfood.
Kayos
1c943ec2d8