import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'

/**
 * v1.1.0:8 — Multi-user authorization hardening (2026-06-13 security batch).
 *
 * Closes a P0 multi-tenant breach and the related SSRF surface found in a
 * full security evaluation (see EVALUATION.md at the repo root):
 *
 *  - Whole-instance DB export/import (`/api/settings/{export,import}-db`) are
 *    now admin-only. Previously any signed-in user could download the entire
 *    SQLite database (every user's bcrypt hashes + plaintext AI keys) or
 *    replace it wholesale. The per-user CSV export/import stays open to all.
 *  - AI providers that take a custom base URL (Ollama, OpenAI-compatible) are
 *    now admin-only, and all server-side fetches to a user-supplied URL pass
 *    through an SSRF guard that blocks link-local / cloud-metadata addresses
 *    (private-LAN + loopback stay allowed — reaching ollama.startos is the
 *    point). Fixed-URL cloud providers (Claude/OpenAI/Gemini) remain per-user.
 *    The dead legacy `/api/ai/config` route was removed.
 *  - Dev-only: fixed a 0-byte export-db path resolution and the broken
 *    quick-start (added `npm run create-admin`).
 *
 * App-code only — no schema, no API contract change for existing data, no
 * data migration. Existing /data survives untouched.
 */
export const v_1_1_0_8 = VersionInfo.of({
  version: '1.1.0:8',
  releaseNotes: {
    en_US:
      'Security hardening. Full-database export and import are now admin-only — previously any signed-in user could download or replace the entire instance database (all users\' data, password hashes, and AI keys). AI providers that use a custom server URL (Ollama, OpenAI-compatible) are now admin-only and protected against requests to internal metadata addresses; the fixed cloud providers (Claude, OpenAI, Gemini) stay available to every user. The per-user CSV export/import is unchanged. No schema or data changes — your existing data is untouched.',
  },
  migrations: {
    up: async () => {},
    down: IMPOSSIBLE,
  },
})