Tests assert null-payload and blank-error-message guards but the
implementation had none. Added Objects.requireNonNull for payload
and blank check for errorMessage. Also added missing objectMapper
field to locale copies.
The custom auth filter only rejected invalid tokens but silently
passed through requests without an Authorization header, creating
a complete auth bypass. Inverted the guard to reject-first: abort
immediately when header is absent or malformed, then validate.
org.apache.camel.quarkus:camel-quarkus-bom follows its own release
cadence and doesn't align with quarkus.platform.version. Replaced
with io.quarkus.platform:quarkus-camel-bom which is published at
the same version as quarkus-bom.
- Add missing @Slf4j and bucketName field to FileStorageService
- Fix PaginatedList → List type mismatch (Panache returns List)
- Fix executorService.submit → execute mock (supplyAsync uses execute)
- Update S3 failure test to throw from putObject instead of failed future
Applied to English + all 3 locale copies (tr, ja-JP, zh-CN).
Phase 0 mapped build.gradle/pom.xml only to Spring Boot. Now it
instructs checking the build file contents for 'quarkus' vs
'spring-boot' to select the correct tech stack path.
The Camel route test example was missing the testPayload field
declaration, DocumentValidator mock, and @BeforeEach setup that
exist in the English source, making the snippet invalid.
Changed "Always use AssertJ" to "Prefer AssertJ for value checks" and
documented the intended pattern: JUnit assertThrows/assertDoesNotThrow
for exception lifecycle, AssertJ for value validation. This matches
the actual code examples in the document.
'unsafe-inline' for script-src negates XSS protection from CSP.
Removed it from the security headers example in quarkus-security
and all locale copies. Kept 'unsafe-inline' for style-src only
(commonly needed by CSS frameworks) with a comment recommending
nonces where possible.
New articles:
- the-security-guide.md: "The Shorthand Guide to Securing Your Agent" (595 lines)
Attack vectors, sandboxing, sanitization, OWASP Top 10, observability
- the-openclaw-guide.md: "The Hidden Danger of OpenClaw" (470 lines)
Security analysis of OpenClaw, MiniClaw thesis, industry evidence
External link sanitization (22 files across EN, zh-CN, zh-TW, ja-JP, .cursor):
- Removed third-party GitHub links from skills and guides
- Replaced with inline descriptions to prevent transitive prompt injection
- Kept official org links (Anthropic, Google, Supabase, Mixedbread)
* docs(zh-CN): sync Chinese docs with latest upstream changes
* docs: improve Chinese translation consistency in go-test.md
* docs(zh-CN): update image paths to use shared assets directory
- Update image references from ./assets/ to ../../assets/
- Remove zh-CN/assets directory to use shared assets
---------
Co-authored-by: neo <neo.dowithless@gmail.com>
AlexisLeDain