diff --git a/en/docs/reference/maintainer/tech-stack.md b/en/docs/reference/maintainer/tech-stack.md index 2ce2a5a..30e9a69 100644 --- a/en/docs/reference/maintainer/tech-stack.md +++ b/en/docs/reference/maintainer/tech-stack.md @@ -54,7 +54,7 @@ page records facts only. | MSSQL JDBC | sqljdbc4 3.0 (Maven) + `mssql-jdbc-6.2.2.jre8.jar` (local jar in `xlyFlow/`, `xlyInterface/`) | `xlyApi/build.gradle`, `xlyInterface/build.gradle`, `xlyFlow/build.gradle` | 5 files: 3 in `xlyFlow/src/`, 2 in `xlyInterface/src/`. | | Oracle JDBC | `ojdbc6-11.2.0.4.jar` (local jar in `xlyFlow/`) | `xlyFlow/build.gradle` | 2 files in `xlyFlow/src/`. | | Druid | `druid-spring-boot-starter` 1.2.16; `druid` 1.2.16 | `xlyPersist/build.gradle`, `xlyApi/build.gradle` | 6 Java files import `com.alibaba.druid.*` (xlyBusinessService=2, xlyFlow=3, xlyInterface=1). 16 `application-*.yml` files reference Druid configuration (xlyEntry=8 yml profiles, xlyPlc=8 yml profiles). yaml: `xlyEntry/.../application-local.yml:126` sets `spring.datasource.type: com.alibaba.druid.pool.DruidDataSource`; lines 308-313 configure the `/druid/*` stat-view servlet. | -| HikariCP | 4.0.3 | `xlyApi/build.gradle` | 8 files reference `com.zaxxer.hikari` (xlyApi=6, xlyInterface=2). Java config: `xlyApi/.../api/config/MasterDataSourceConfig.java`, `SlaveDataSourceConfig.java`. yaml: `xlyApi/.../application-{local,dev,linux,win}.yml`. | +| HikariCP | 4.0.3 | `xlyApi/build.gradle` | 3 files import `com.zaxxer.hikari.HikariDataSource` (xlyApi=2: `MasterDataSourceConfig.java` + `SlaveDataSourceConfig.java`; xlyInterface=1: `MasterDataSourceConfig.java`). yaml: `xlyApi/.../application-{local,dev,linux,win}.yml`. | | Flyway | 5.2.1 | `xlyPersist/build.gradle` | No Java imports. Configured via yaml `spring.flyway.*` (e.g., `xlyEntry/.../application-local.yml:316-327`) with `enabled: false`. Migration scripts at `xlyEntry/src/main/resources/flyway/V*__*.sql`. | | PageHelper | 4.1.1 | `xlyPersist/build.gradle`, `xlyApi/build.gradle`, `xlyFlow/build.gradle` | 19 files import `com.github.pagehelper.*`. yaml `pagehelper.helperDialect: mysql` at `xlyEntry/.../application-local.yml:427`. | | jsqlparser | 3.2 | `xlyPersist/build.gradle` | 1 file: `xlyPersist/src/...` imports `net.sf.jsqlparser`. | diff --git a/en/docs/slices/01-hello-world.md b/en/docs/slices/01-hello-world.md index 5367a3a..8e11be8 100644 --- a/en/docs/slices/01-hello-world.md +++ b/en/docs/slices/01-hello-world.md @@ -288,12 +288,14 @@ Read flow live-corroborated; save flow still pending. [internal API](../api-reference/internal.md#the-universal-crud-surface-business). 3. **The exact SQL emitted by save/delete**, captured from `syslog4j` or a MyBatis debug log, to close the loop end-to-end. -3. ~~**`sTable` validation in `addUpdateDelBusinessData`.**~~ **CLOSED** — +4. ~~**`sTable` validation in `addUpdateDelBusinessData`.**~~ **CLOSED** — the runtime does **not** cross-check the frontend-supplied `sTable` against the form's authorised backing tables (see the security note in - step 4 above). Captured as a maintainer concern; mitigations exist - (tenant scoping, optional pre/post-save proc validation) but the - framework itself doesn't enforce. - -Items 1 and 2 belong to a Slice-1 v2 pass and require an actual save -against the dev DB — deferred to avoid mutating shared dev state. + step 4 of [The trace, with observed evidence](#4-user-edits-a-row-clicks-save) + above). Captured as a maintainer concern; mitigations exist (tenant + scoping, optional pre/post-save proc validation) but the framework + itself doesn't enforce. + +Items 2 and 3 require an actual save mutation captured at the body / +SQL level — deferred to avoid mutating shared dev-DB state with +audit-tag noise.