Memory Wiki

Untitled Session

2026-05-25 20:45 UTC · 51 messages · cli

You2026-05-25 20:46 UTC
Fix the 4 issues from SGS review v2 in /root/.hermes/plans/pb-m9-seo.md Read the SGS review at /root/.hermes/plans/pb-m9-seo-sgs-review-v2.md, then fix all 4 issues in the PB: 1. **P0 — Migration numbering conflict**: Shift M064 → M065 (cleanup), M065 → M066 (metadata table), and add M067 for the redirects table. Search the entire PB for all references to M064, M065, and update every occurrence. Also check the migration file listing in §10. 2. **P0 — Open redirect security**: Add explicit validation requirement to the redirect manager spec — target_url must be relative URLs only (no protocol/host) or same-domain URLs. Add a security note in the risk register (§8) about redirect validation. 3. **P1 — XML escaping**: Add a technical note in the sitemap generation section specifying that all output must use `htmlspecialchars($value, ENT_XML1 | ENT_QUOTES, 'UTF-8')` to prevent broken XML. 4. **P1 — Schema placeholder replacement**: Add a technical note in the schema injection section specifying that JSON-LD templates must use `json_encode()` for value interpolation, not string replacement, to ensure valid JSON output. Save in-place at /root/.hermes/plans/pb-m9-seo.md
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"content": " 1|# SGS Review v2 — Rewritten SEO PB (Google Site Kit + Custom Build)\n 2|\n 3|**File reviewed:** `/root/.hermes/plans/pb-m9-seo.md` (1104 lines)\n 4|**Date:** 2026-05-25\n 5|**Verdict:** **YELLOW LIGHT** — Buildable after fixing 4 concrete issues\n 6|\n 7|-...
Tool2026-05-25 20:46 UTC
{"content": " 1|# Project Brief: Module 9 — SEO\n 2|\n 3|**Document ID:** PB-M9-SEO-002\n 4|**Author:** SA\n 5|**Date:** 2026-05-25\n 6|**Status:** DRAFT — Pending Profe greenlight\n 7|**Build Plan Source:** pb-complete.md (lines 890-957), features-brief.md, **Profe decis...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"content": " 501|- Separate section helps Google understand content type categorization\n 502|\n 503|**Tone: Dr. Saunders voice** — formal, academic, citation-heavy. Contrasts with \"uncle voice\" marketing content.\n 504|\n 505|#### 11. Content Silos/Clusters\n 506|\n 507|**Implement...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"content": " 1001|│ └── Assign tone taxonomy\n 1002|├── 09-16: Redirect Rules Setup\n 1003|│ ├── Audit existing URLs for changes\n 1004|│ ├── Set up 301 redirects\n 1005|│ └── Test all redirects\n 1006|├── 09-17: Fix Classic Editor wplink (if still broken)\n 1007|├── 09-18: Submit Si...
Donna2026-05-25 20:46 UTC
Now I have a full picture. Let me fix all 4 issues. I'll start with Issue 1 (migration numbering) since it has the most changes, then proceed in parallel with the others. First, let me search for all M064/M065/M066 references to be sure I don't miss any:
Tool2026-05-25 20:46 UTC
{"total_count": 6, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 139, "content": "**Approach:** Add a **down-migration** (e.g., M064) that drops all 5 old tables BEFORE the new M065 creates the rebuilt `profe_seo_metadata`. The `CREATE TABLE IF NOT EXISTS` in M065 would silently s...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"total_count": 3, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 1068, "content": "| `migrations/064_drop_old_seo_tables.sql` | NEW | `DROP TABLE IF EXISTS profe_seo_metadata, profe_seo_analytics, profe_sitemap_urls, profe_schema_definitions, profe_redirect_rules;` |"}, {"path": "...
Donna2026-05-25 20:46 UTC
Good, I have all 9 migration reference points. Now let me apply all fixes. I'll do Issue 1 first (migration renumbering) since it has the most changes.
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -136,7 +136,7 @@\n | 037 | `profe_seo_metadata` (old generic) | seo_admin |\n | 038 | `profe_seo_analytics` | seo_admin |\n \n-**Approach:** Add a **down-migration** (e.g., M064) that drops ...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -888,7 +888,7 @@\n │ ├── /root/profe-modules/schema_renderer/\n │ └── /root/profe-modules/redirect_manager/\n │\n-│ ALSO: Run cleanup migration M064\n+│ ALSO: Run cleanup migration M...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -894,7 +894,7 @@\n \n Phase 2: Sitemap Module (Cards 09-02, 09-03)\n ├── Scaffold seo_bridge module at /root/profe-modules/seo_bridge/\n-├── Create migration M065: profe_seo_metadata table (...
Donna2026-05-25 20:46 UTC
Now update the file manifest (§10):
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1062,7 +1062,7 @@\n | `src/SeoBridge/Exception/SeoBridgeException.php` | NEW | Typed exception |\n | `src/SeoBridge/Repository/SeoBridgeRepository.php` | NEW | profe_seo_metadata CRUD + que...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1063,7 +1063,7 @@\n | `src/SeoBridge/Repository/SeoBridgeRepository.php` | NEW | profe_seo_metadata CRUD + queries |\n | `src/SeoBridge/Repository/RedirectRepository.php` | NEW | profe_redi...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1064,7 +1064,7 @@\n | `src/SeoBridge/Repository/RedirectRepository.php` | NEW | profe_redirects CRUD + queries |\n | `src/SeoBridge/Migration/DropOldSeoTablesMigration.php` | NEW | **M065**...
Donna2026-05-25 20:46 UTC
Now update the SQL file name references:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1065,7 +1065,7 @@\n | `src/SeoBridge/Migration/DropOldSeoTablesMigration.php` | NEW | **M065**: Down-migration that drops the 5 old tables from scrapped stubs |\n | `src/SeoBridge/Migration...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1066,7 +1066,7 @@\n | `src/SeoBridge/Migration/CreateProfeSeoMetadataMigration.php` | NEW | **M066**: Migration class for profe_seo_metadata table |\n | `src/SeoBridge/Migration/CreateProfe...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -1067,7 +1067,7 @@\n | `src/SeoBridge/Migration/CreateProfeRedirectsMigration.php` | NEW | **M067**: Migration class for profe_redirects table |\n | `migrations/065_drop_old_seo_tables.sql` ...
Donna2026-05-25 20:46 UTC
Issue 1 complete. Now Issue 2: Open redirect security. First, update the redirect manager description in §4:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -571,6 +571,7 @@\n 5. **Breadcrumbs** — Generate BreadcrumbList JSON-LD schema + visual HTML breadcrumbs. Resolution logic for catalog hierarchy (Episode→Season→Series), library pages, commu...
Donna2026-05-25 20:46 UTC
Now update the `target_url` column comment in the redirect table:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -637,7 +637,7 @@\n CREATE TABLE IF NOT EXISTS `profe_redirects` (\n `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,\n `source_url` VARCHAR(500) NOT NULL CO...
Donna2026-05-25 20:46 UTC
Now add a security risk entry in §8 risk register:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -863,6 +863,7 @@\n | **Catalog pages not indexable** | MEDIUM | HIGH — core SEO requirement | Ensure catalog pages return 200, have proper `<head>` meta, and are in sitemap. Test via Google ...
Donna2026-05-25 20:46 UTC
Issue 2 complete. Now Issue 3: XML escaping — add technical note in sitemap generation section:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -253,6 +253,8 @@\n - Cached via WordPress transient with configurable TTL (default: 1 hour)\n - Regenerated on content publish/update events (`profe/*/content_*` events)\n - Google/Bing ping...
Donna2026-05-25 20:46 UTC
Issue 3 complete. Now Issue 4: Schema placeholder replacement — add technical note in schema injection section:
Tool2026-05-25 20:46 UTC
{"success": true, "diff": "--- a//root/.hermes/plans/pb-m9-seo.md\n+++ b//root/.hermes/plans/pb-m9-seo.md\n@@ -345,6 +345,20 @@\n ```\n \n **Schema template system:** `seo_bridge` stores schema templates in a configuration array (not DB — too slow for runtime). Each template is a JSON string with `{...
Donna2026-05-25 20:46 UTC
All 4 issues applied. Let me verify no old migration references remain:
Tool2026-05-25 20:46 UTC
{"total_count": 5, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 139, "content": "**Approach:** Add a **down-migration** (e.g., M065) that drops all 5 old tables BEFORE the new M066 creates the rebuilt `profe_seo_metadata`. The `CREATE TABLE IF NOT EXISTS` in M066 would silently s...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"total_count": 1, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 1085, "content": "| `src/SeoBridge/Migration/CreateProfeRedirectsMigration.php` | NEW | **M067**: Migration class for profe_redirects table |"}]}
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"total_count": 3, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 1086, "content": "| `migrations/065_drop_old_seo_tables.sql` | NEW | `DROP TABLE IF EXISTS profe_seo_metadata, profe_seo_analytics, profe_sitemap_urls, profe_schema_definitions, profe_redirect_rules;` |"}, {"path": "...
Donna2026-05-25 20:46 UTC
Let me verify the other additions are in place:
Tool2026-05-25 20:46 UTC
{"total_count": 5, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 257, "content": "**XML escaping requirement:** All database values placed into sitemap XML (titles, slugs, descriptions, dates) MUST be escaped using `htmlspecialchars($value, ENT_XML1 | ENT_QUOTES, 'UTF-8')` to ensu...
Donna2026-05-25 20:46 UTC
Tool2026-05-25 20:46 UTC
{"total_count": 1, "matches": [{"path": "/root/.hermes/plans/pb-m9-seo.md", "line": 656, "content": " `target_url` VARCHAR(500) NOT NULL COMMENT 'Target URL path (relative path only, starting with /); external URLs require explicit whitelist registration',"}]}
Donna2026-05-25 20:46 UTC
All 4 issues are resolved. Here's a summary: --- ## Summary of Changes ### Issue 1 — Migration Numbering Conflict (P0) Shifted M064→M065, M065→M066, and added M067 for redirects. Updated **9 references** across the PB: - **§1.8** (line 139): Updated migration approach sequence (3 occurrences) - **§9 Build Order** (line 909): `M064` → `M065` cleanup migration - **§9 Build Order** (line 915): `M065` → `M066` metadata table - **§10 File Manifest** (lines 1083-1088): All 6 references — 3 PHP class labels (`M064→M065`, `M065→M066`, `M066→M067`) and 3 SQL file names (`064_→065_`, `065_→066_`, `066_→067_`) ### Issue 2 — Open Redirect Security (P0) - **§4 T46 item 6** (line 590): Added explicit security requirement — `target_url` must be relative paths or same-domain URLs, validation at save time, admin-only CRUD - **`profe_redirects` table** (line 656): Updated `target_url` column comment to specify relative path restriction - **§8 Risk Register** (line 882): Added new risk row "Open redirect — unvalidated target_url allows phishing" with mitigation details ### Issue 3 — XML Escaping (P1) - **§3.1 Sitemap Implementation** (line 257): Added XML escaping requirement specifying `htmlspecialchars($value, ENT_XML1 | ENT_QUOTES, 'UTF-8')` for all DB values in sitemap XML ### Issue 4 — Schema Placeholder Replacement (P1) - **§3.1 Schema Template System** (lines 349-360): Added JSON encoding requirement specifying `json_encode()` with `JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE` flags, with DO/DON'T code examples **File modified:** `/root/.hermes/plans/pb-m9-seo.md` (saved in-place) No issues encountered — all patches applied cleanly.