a9cac08f3c
The four form actions on /persons/review (confirm, delete, merge, rename) had no server-side permission check — a reader with a hand- crafted POST could trigger writes that the backend then rejected with FORBIDDEN, but only after the round-trip. Add the existing hasWriteAll guard at the top of each action and short-circuit with fail(403, FORBIDDEN). Mirrors the guard pattern in the rest of the persons domain (review-only writers must be gated client-side AND server-side). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
sv
Everything you need to build a Svelte project, powered by sv.
Creating a project
If you're seeing this, you've probably already done this step. Congrats!
# create a new project in the current directory
npx sv create
# create a new project in my-app
npx sv create my-app
Developing
Once you've created a project and installed dependencies with npm install (or pnpm install or yarn), start a development server:
npm run dev
# or start the server and open the app in a new browser tab
npm run dev -- --open
Building
To create a production version of your app:
npm run build
You can preview the production build with npm run preview.
To deploy your app, you may need to install an adapter for your target environment.