Context
From PR #28 review.
Problem
The Cloudflare Pages PATCH endpoint (memora-graph/functions/api/memories/[id].ts) only checks Array.isArray(tags) and typeof metadata === "object", then writes directly to D1. It does not enforce:
- Tag whitelist validation
- Non-empty tag strings
- Tag format constraints
The local graph server is protected because update_memory() in the storage layer revalidates tags.
Fix
Add tag validation in the Cloudflare endpoint to match the storage layer, or call the storage-layer validation logic.
Files
memora-graph/functions/api/memories/[id].ts — lines 85, 99
Context
From PR #28 review.
Problem
The Cloudflare Pages PATCH endpoint (
memora-graph/functions/api/memories/[id].ts) only checksArray.isArray(tags)andtypeof metadata === "object", then writes directly to D1. It does not enforce:The local graph server is protected because
update_memory()in the storage layer revalidates tags.Fix
Add tag validation in the Cloudflare endpoint to match the storage layer, or call the storage-layer validation logic.
Files
memora-graph/functions/api/memories/[id].ts— lines 85, 99