curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(05): mark phase 5 complete — 12/12 plans done, all UAT gaps resolved

Browse Source 
Update STATE.md and ROADMAP.md to reflect plan 05-12 completion and Phase 5
as fully complete. All UAT gaps (OneDrive 500 → 400, cloud stream 500 → 502,
upload hint) resolved. 293 tests passing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-05-30 17:56:18 +02:00
parent 10175ee4b5
commit 12dd692f00
2 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.planning/ROADMAP.md
+10 -6
View File
@@ -219,7 +219,7 @@ Before any phase is marked complete, all three gates must pass:
4. A user can disconnect a cloud backend; credentials are permanently deleted from the DB and a subsequent attempt to use that backend returns an appropriate error — no orphaned data remains
5. An admin API response for a user's cloud connections returns only `provider, display_name, connected_at, status` — the `credentials_enc` column is never present in any serialized response
**Plans**: 11 plans (8 original + 3 UAT gap closure)
**Plans**: 12 plans (8 original + 3 UAT gap closure + 1 gap closure wave)
**Wave 1** — Test scaffold + dependencies
@@ -252,16 +252,20 @@ Before any phase is marked complete, all three gates must pass:
**Wave 8** — UAT gap closure (parallel, all independent)
- [ ] 05-09-PLAN.md — Cloud document open/re-analyze/edit: authenticated fetch+Blob URL, cloud-aware Celery task, PATCH /api/documents/{id}
- [ ] 05-10-PLAN.md — OAuth initiate fix (JSON response), Nextcloud custom endpoint edit round-trip, Edit button on ERROR rows, confirmation text overflow
- [ ] 05-11-PLAN.md — Admin hard-delete with password confirmation: UserDeleteConfirm backend model + inline frontend panel
- [x] 05-09-PLAN.md — Cloud document open/re-analyze/edit: authenticated fetch+Blob URL, cloud-aware Celery task, PATCH /api/documents/{id}
- [x] 05-10-PLAN.md — OAuth initiate fix (JSON response), Nextcloud custom endpoint edit round-trip, Edit button on ERROR rows, confirmation text overflow
- [x] 05-11-PLAN.md — Admin hard-delete with password confirmation: UserDeleteConfirm backend model + inline frontend panel
**Wave 9** — Post-UAT gap closure
- [x] 05-12-PLAN.md — OAuth 400 preflight (unconfigured creds), 502 cloud fallback, upload hint in CloudStorageView, celery-worker volume mount
**Phase gates (must pass before Phase 5 is complete):**
- [x] `pytest -v` — zero failures; SSRF prevention on WebDAV/Nextcloud user-supplied URLs; credential encryption/decryption round-trip; admin response never exposes `credentials_enc`; OAuth invalid_grant handling
- [x] Security agent: SSRF allowlist verification; credential key derivation correctness; connection status never leaks raw credential values
- [x] Bandit + pip audit + npm audit all clean
- [ ] UAT gaps 05-09, 05-10, 05-11 resolved and re-tested
- [x] UAT gaps resolved and re-tested (05-09, 05-10, 05-11, 05-12)
**UI hint**: yes
@@ -275,4 +279,4 @@ Before any phase is marked complete, all three gates must pass:
| 2. Users & Authentication | 5/5 | Complete | 2026-05-22 |
| 3. Document Migration & Multi-User Isolation | 5/5 | Complete | 2026-05-25 |
| 4. Folders, Sharing, Quotas & Document UX | 9/9 | Complete | 2026-05-28 |
| 5. Cloud Storage Backends | 8/11 | UAT gap closure in progress | — |
| 5. Cloud Storage Backends | 12/12 | Complete | 2026-05-30 |