Protect Netlify execution ledger writes

[cursor]

Summary

• Reject unauthenticated POST requests in the Netlify execution ledger function before connecting to shared storage
• Mirror the existing server-only EXECUTION_LEDGER_WRITE_TOKEN authorization pattern used by the Vercel-style API handler

Bug and Impact

Netlify rewrites /api/execution-ledger to netlify/functions/execution-ledger.ts, which accepted public browser POSTs. A forged request could poison the shared proof ledger with fake outcomes that would then be served to users and hydrated into local IndexedDB.

Root Cause

The hardened token check existed in api/execution-ledger.ts, but the production Netlify handler did not implement it.

Validation

• npm run lint passed with existing fast-refresh warnings
• npm run build passed with existing chunk-size warning
• npx tsc --noEmit -p tsconfig.json passed
• Direct TypeScript check of netlify/functions/execution-ledger.ts passed
• Runtime smoke test confirmed an unauthenticated forged POST returns 403

  

[netlify]

✅ Deploy Preview for aiadvantagea ready!

Name	Link
🔨 Latest commit	45e70e3
🔍 Latest deploy log	https://app.netlify.com/projects/aiadvantagea/deploys/6a2d3a526f66a0000895fbf5
😎 Deploy Preview	https://deploy-preview-69--aiadvantagea.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

[ianalloway]

Merged via PR #73 which incorporated these changes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 45e70e382f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore a server-side path for ledger writes

On Netlify, /api/* is redirected to this function, and the only in-repo ledger writer I found is the browser call in src/lib/executionLedgerStore.ts, which sends only Content-Type. With this new check, normal board syncs now always get 403 because the server-only EXECUTION_LEDGER_WRITE_TOKEN cannot be safely attached from the browser, so the shared proof ledger stops accumulating rows and silently falls back to per-browser storage. Add a trusted server-side writer/proxy before enforcing the token on this endpoint.

Useful? React with 👍 / 👎.