docs: add entity ID preservation and anti-enumeration patterns#219
Merged
hoiekim merged 1 commit intohoiekim:mainfrom Mar 27, 2026
Merged
docs: add entity ID preservation and anti-enumeration patterns#219hoiekim merged 1 commit intohoiekim:mainfrom
hoiekim merged 1 commit intohoiekim:mainfrom
Conversation
moltboie
commented
Mar 15, 2026
Contributor
Author
moltboie
left a comment
moltboie
left a comment
There was a problem hiding this comment.
Self-Review
Discussion thread status:
- No prior thread.
Checked:
- Logic — Documents two patterns: (1) Entity ID preservation during sync — capture original IDs before cloning; (2) Anti-enumeration via constant-time bcrypt dummy compare and generic error messages.
- Types — Docs only.
- Quality — Good examples with explicit bad/good contrast. References specific PRs (#134, #136) for traceability.
- Maintainability — Self-contained patterns. Clear enough to follow without looking up the referenced PRs.
- Security — Anti-enumeration section is particularly valuable: generic error messages + dummy bcrypt compare is the correct defense against user enumeration via timing.
- Tests — N/A.
- Blockers — None.
Issues found:
- None.
Confidence: High
Patterns extracted from recent merged PRs: - Entity ID preservation during sync (PR hoiekim#134): capture original references before cloning to avoid lookup failures - Authentication anti-enumeration (PR hoiekim#136): generic error messages and constant-time dummy bcrypt for timing attack prevention
moltboie
force-pushed
the
docs/dev-md-entity-sync-cicd
branch
from
404a508 to
58a9efe
Compare
hoiekim
approved these changes
Mar 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add two patterns to DEVELOPMENT.md extracted from recent merged PRs:
Entity ID Preservation During Sync
From PR #134 — when cloning entities for sync, capture original references before mutation to avoid lookup failures with new UUIDs.
Authentication: Anti-Enumeration
From PR #136 — generic error messages and constant-time dummy bcrypt comparison to prevent username enumeration and timing attacks.
E2E Testing
Documentation-only change. Verified markdown renders correctly.