docs(05): mark Phase 5 complete — all 8 plans executed, security gates passed, human checkpoint approved
- ROADMAP.md: all 05-01..05-08 plans marked [x], phase gates [x], Progress Table row updated to Complete 2026-05-29 - STATE.md: status→complete, completed_phases→5, percent→100, session continuity entry added
This commit is contained in:
curo1305
@@ -18,7 +18,7 @@ Before any phase is marked complete, all three gates must pass:
|
||||
- [x] **Phase 2: Users & Authentication** — Full auth flow end-to-end (register, login, TOTP, backup codes, password reset, sign-out-all) with admin panel for user management
|
||||
- [x] **Phase 3: Document Migration & Multi-User Isolation** — All documents in PostgreSQL + MinIO; per-user isolation enforced; existing UI still works
|
||||
- [x] **Phase 4: Folders, Sharing, Quotas & Document UX** — Full document management UX (folders, sharing, quota bar, PDF preview, search, audit log)
|
||||
- [ ] **Phase 5: Cloud Storage Backends** — Users can connect OneDrive, Google Drive, Nextcloud, or WebDAV as a personal storage backend
|
||||
- [x] **Phase 5: Cloud Storage Backends** — Users can connect OneDrive, Google Drive, Nextcloud, or WebDAV as a personal storage backend
|
||||
|
||||
---
|
||||
|
||||
@@ -244,17 +244,17 @@ Before any phase is marked complete, all three gates must pass:
|
||||
|
||||
**Wave 6** — Frontend settings UI
|
||||
|
||||
- [ ] 05-07-PLAN.md — cloudConnections store + API client + SettingsView 3-tab + SettingsCloudTab + CloudCredentialModal
|
||||
- [x] 05-07-PLAN.md — cloudConnections store + API client + SettingsView 3-tab + SettingsCloudTab + CloudCredentialModal
|
||||
|
||||
**Wave 7** — Frontend sidebar (human checkpoint)
|
||||
|
||||
- [ ] 05-08-PLAN.md — AppSidebar cloud section + CloudProviderTreeItem + CloudFolderTreeItem + human checkpoint
|
||||
- [x] 05-08-PLAN.md — AppSidebar cloud section + CloudProviderTreeItem + CloudFolderTreeItem + human checkpoint
|
||||
|
||||
**Phase gates (must pass before Phase 5 is complete):**
|
||||
|
||||
- [ ] `pytest -v` — zero failures; SSRF prevention on WebDAV/Nextcloud user-supplied URLs; credential encryption/decryption round-trip; admin response never exposes `credentials_enc`; OAuth invalid_grant handling
|
||||
- [ ] Security agent: SSRF allowlist verification; credential key derivation correctness; connection status never leaks raw credential values
|
||||
- [ ] Bandit + pip audit + npm audit all clean
|
||||
- [x] `pytest -v` — zero failures; SSRF prevention on WebDAV/Nextcloud user-supplied URLs; credential encryption/decryption round-trip; admin response never exposes `credentials_enc`; OAuth invalid_grant handling
|
||||
- [x] Security agent: SSRF allowlist verification; credential key derivation correctness; connection status never leaks raw credential values
|
||||
- [x] Bandit + pip audit + npm audit all clean
|
||||
|
||||
**UI hint**: yes
|
||||
|
||||
@@ -268,4 +268,4 @@ Before any phase is marked complete, all three gates must pass:
|
||||
| 2. Users & Authentication | 5/5 | Complete | 2026-05-22 |
|
||||
| 3. Document Migration & Multi-User Isolation | 5/5 | Complete | 2026-05-25 |
|
||||
| 4. Folders, Sharing, Quotas & Document UX | 9/9 | Complete | 2026-05-28 |
|
||||
| 5. Cloud Storage Backends | 2/8 | In Progress| |
|
||||
| 5. Cloud Storage Backends | 8/8 | Complete | 2026-05-29 |
|
||||
|
||||
Reference in New Issue
Block a user