docs(04): create phase 4 plan (9 plans, 7 waves)
Folders, Sharing, Quotas & Document UX — plans verified (0 blockers, 2 non-blocking warnings). Covers FOLD-01..05, SHARE-01..05, SEC-08/09, ADMIN-06, DOC-01/02. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
+52
-4
@@ -1,6 +1,16 @@
|
||||
# DocuVault — v1 Roadmap
|
||||
|
||||
_Last updated: 2026-05-22_
|
||||
_Last updated: 2026-05-25_
|
||||
|
||||
## Mandatory Cross-Cutting Gates (every phase)
|
||||
|
||||
Before any phase is marked complete, all three gates must pass:
|
||||
|
||||
1. **Test gate** — `pytest -v` passes with zero failures; every new function/endpoint has at least one test; all security invariant tests pass (wrong owner, admin block, token replay)
|
||||
2. **Security gate** — Security agent runs `bandit -r backend/` (zero HIGH), `pip audit` (zero critical/high), `npm audit --audit-level=high` (zero high/critical); admin endpoints verified to never return `password_hash`, `credentials_enc`, or document content; no hardcoded secrets
|
||||
3. **Bug fix rule** — Any bug fix during execution must: (a) target the root cause, (b) change ≤50 lines, (c) include a regression test — no workarounds permitted
|
||||
|
||||
---
|
||||
|
||||
## Phases
|
||||
|
||||
@@ -111,6 +121,11 @@ _Last updated: 2026-05-22_
|
||||
- AI provider/model resolved only via Celery task DB lookup (Plan 04)
|
||||
- Browser XHR PUT to MinIO sends NO Authorization header (Plan 05)
|
||||
|
||||
**Phase gates (must pass before Phase 3 is complete):**
|
||||
- [ ] `pytest -v` — zero failures; presigned URL, quota enforcement, ownership isolation, and admin-403 all covered
|
||||
- [ ] Security agent: path traversal check on object key construction; cross-user IDOR tests; quota race condition test
|
||||
- [ ] Bandit + pip audit + npm audit all clean
|
||||
|
||||
**UI hint**: yes
|
||||
|
||||
---
|
||||
@@ -125,10 +140,37 @@ _Last updated: 2026-05-22_
|
||||
1. A user can create, rename, and delete folders; moving a document between folders preserves its metadata and AI classification; deleting a non-empty folder prompts with the content count before proceeding
|
||||
2. A user can share a document with another user by handle; the recipient sees it appear in a "Shared with me" virtual folder with no storage quota charged against them; the owner can revoke access and the shared entry disappears immediately for the recipient
|
||||
3. The sidebar quota bar displays current usage in MB; it turns amber at 80% and red at 95%; an upload that would exceed the limit is rejected with an error showing current usage, the rejected file size, and a link to storage settings
|
||||
4. Any document in the user's library can be previewed in-browser as a PDF via PDF.js; document bytes are proxied through the app and no presigned URLs are exposed to the browser
|
||||
4. Any document in the user's library can be previewed in-browser as a PDF; document bytes are proxied through the app and no presigned URLs are exposed to the browser (native browser PDF rendering via Content-Type header)
|
||||
5. An admin can view the audit log filtered by date range, user, and action type; the log contains no document content, filenames, or extracted text; account deletion triggers cleanup of all user files before DB records are removed
|
||||
|
||||
**Plans**: TBD
|
||||
**Plans**: 9 plans
|
||||
|
||||
**Wave 1** — Test scaffolds + DB migration (parallel)
|
||||
- [ ] 04-01-PLAN.md — Wave 0 test stubs: test_folders.py + test_shares.py + test_audit.py + proxy stubs in test_documents.py + SEC-08/SEC-09 stubs in test_security.py
|
||||
- [ ] 04-02-PLAN.md — Alembic migration 0004 (users.pdf_open_mode, GIN FTS index, audit-logs bucket) + MinIOBackend.put_object_raw()
|
||||
|
||||
**Wave 2** *(blocked on Wave 1)*
|
||||
- [ ] 04-03-PLAN.md — Audit service (write_audit_log) + Folders API (FOLD-01..05): POST/GET/PATCH/DELETE /api/folders + PATCH /api/documents/{id}/folder + document list sort/search/is_shared extension
|
||||
- [ ] 04-04-PLAN.md — Shares API (SHARE-01..05): POST/GET /api/shares + GET /api/shares/received + DELETE /api/shares/{id} with IDOR protection
|
||||
|
||||
**Wave 3** *(blocked on Wave 2)*
|
||||
- [ ] 04-05-PLAN.md — PDF streaming proxy GET /api/documents/{id}/content with Range header support + PATCH /api/auth/me/preferences (pdf_open_mode)
|
||||
- [ ] 04-06-PLAN.md — Admin audit log API (GET /api/admin/audit-log, CSV export) + Celery beat daily audit export task + celery_app.py beat schedule
|
||||
|
||||
**Wave 4** *(blocked on Wave 3)*
|
||||
- [ ] 04-07-PLAN.md — SEC-08/SEC-09 hardening + audit log backfill into auth.py/admin.py/documents.py + CloudConnectionOut Pydantic model + delete-user file cleanup
|
||||
|
||||
**Wave 5** *(blocked on Wave 4)*
|
||||
- [ ] 04-08-PLAN.md — Frontend data layer: API client functions + useFoldersStore + documents store extension + Vue Router routes (/folders/:folderId, /shared)
|
||||
|
||||
**Wave 6** *(blocked on Wave 5)*
|
||||
- [ ] 04-09-PLAN.md — Frontend UI: all new components (FolderRow, FolderBreadcrumb, FolderDeleteModal, ShareModal, DocumentPreviewModal, SearchBar, SortControls, AuditLogTab) + view wiring (AppSidebar, DocumentCard, HomeView, FolderView, SharedView, SettingsView, AdminView) + human checkpoint
|
||||
|
||||
**Phase gates (must pass before Phase 4 is complete):**
|
||||
- [ ] `pytest -v` — zero failures; folder ownership, share revocation, quota bar, PDF proxy (no presigned URL exposure) all covered
|
||||
- [ ] Security agent: audit log verified to contain zero document content; sharing IDOR tests; PDF proxy verified to not leak presigned URLs or object keys
|
||||
- [ ] Bandit + pip audit + npm audit all clean
|
||||
|
||||
**UI hint**: yes
|
||||
|
||||
---
|
||||
@@ -147,6 +189,12 @@ _Last updated: 2026-05-22_
|
||||
5. An admin API response for a user's cloud connections returns only `provider, display_name, connected_at, status` — the `credentials_enc` column is never present in any serialized response
|
||||
|
||||
**Plans**: TBD
|
||||
|
||||
**Phase gates (must pass before Phase 5 is complete):**
|
||||
- [ ] `pytest -v` — zero failures; SSRF prevention on WebDAV/Nextcloud user-supplied URLs; credential encryption/decryption round-trip; admin response never exposes `credentials_enc`; OAuth invalid_grant handling
|
||||
- [ ] Security agent: SSRF allowlist verification; credential key derivation correctness; connection status never leaks raw credential values
|
||||
- [ ] Bandit + pip audit + npm audit all clean
|
||||
|
||||
**UI hint**: yes
|
||||
|
||||
---
|
||||
@@ -158,5 +206,5 @@ _Last updated: 2026-05-22_
|
||||
| 1. Infrastructure Foundation | 5/5 | Complete | 2026-05-22 |
|
||||
| 2. Users & Authentication | 5/5 | Complete | 2026-05-22 |
|
||||
| 3. Document Migration & Multi-User Isolation | 0/5 | Not started | - |
|
||||
| 4. Folders, Sharing, Quotas & Document UX | 0/? | Not started | - |
|
||||
| 4. Folders, Sharing, Quotas & Document UX | 0/9 | Not started | - |
|
||||
| 5. Cloud Storage Backends | 0/? | Not started | - |
|
||||
|
||||
Reference in New Issue
Block a user