docs(phase-4): complete plan 04-07 — SUMMARY.md + STATE.md update
This commit is contained in:
curo1305
+10
-4
@@ -27,13 +27,13 @@ progress:
|
||||
| 1 | Infrastructure Foundation | ✓ Complete |
|
||||
| 2 | Users & Authentication | ✓ Complete (5/5 plans) |
|
||||
| 3 | Document Migration & Multi-User Isolation | ✓ Complete (5/5 plans, 10/10 UAT, security gate passed) |
|
||||
| 4 | Folders, Sharing, Quotas & Document UX | In Progress (4/9 plans complete) |
|
||||
| 4 | Folders, Sharing, Quotas & Document UX | In Progress (7/9 plans complete) |
|
||||
| 5 | Cloud Storage Backends | Not Started |
|
||||
|
||||
## Current Position
|
||||
|
||||
**Phase:** 04-folders-sharing-quotas-document-ux — In progress
|
||||
**Plan:** 4/9 — Wave 0 scaffolds (04-01), migration 0004 + put_object_raw (04-02), Folders API + audit helper (04-03), Sharing API (04-04)
|
||||
**Plan:** 7/9 — Wave 0 scaffolds (04-01), migration 0004 + put_object_raw (04-02), Folders API + audit helper (04-03), Sharing API (04-04), Streaming proxy + preferences (04-05), Quota enforcement (04-06), Audit log backfill + SEC-08/SEC-09 (04-07)
|
||||
**Progress:** ██████░░░░ 60% (3/5 phases complete)
|
||||
|
||||
## Performance Metrics
|
||||
@@ -115,6 +115,11 @@ progress:
|
||||
| Share IDOR: DELETE returns 404 not 403 | Prevents share ID enumeration; attacker cannot learn which share IDs exist for other users (T-04-04-02) |
|
||||
| /received before /{share_id} in router | Path parameter conflict: FastAPI routes /received as /{share_id}="received" if DELETE is defined first — ordering enforced by comment |
|
||||
| No quota touch in shares.py | Recipient's quota is never modified by share operations (T-04-04-04); sharing is metadata-only from quota's perspective |
|
||||
| login_failed audit metadata_=None | No email, no hash, no PII in login failure audit events — T-04-07-01 threat mitigation |
|
||||
| document audit metadata whitelist | document.uploaded contains only size_bytes and storage_backend; document.deleted contains only size_bytes — no filename, no extracted_text |
|
||||
| CloudConnectionOut whitelist pattern | Pydantic model with exactly the safe fields; credentials_enc absent by omission — SEC-08 safe-by-default |
|
||||
| admin.user_deleted flush before delete | audit write flushed (session.flush()) while user FK still valid; session.delete(user) follows — preserves audit FK integrity |
|
||||
| test_admin_impersonation 405 acceptable | DELETE /users/{id} causes GET to return 405 not 422; both mean no GET impersonation endpoint; test updated to accept {404, 405, 422} |
|
||||
|
||||
### Open Questions
|
||||
|
||||
@@ -155,6 +160,7 @@ _Updated at each phase transition._
|
||||
| Last session | 2026-05-25 — Plan 04-02 executed: migration 0004 (pdf_open_mode, GIN FTS index, audit-logs bucket) + MinIOBackend.put_object_raw(); 122 tests pass |
|
||||
| Last session | 2026-05-25 — Plan 04-03 executed: write_audit_log() helper (flush-not-commit, never-raises) + FOLD-01..05 folder API + document sort/FTS/move; 122 pass, 0 new failures |
|
||||
| Last session | 2026-05-25 — Plan 04-04 executed: Sharing API (SHARE-01..05) — grant/list/received/revoke with IDOR protection; 7 xfailed, zero new failures |
|
||||
| Next action | Continue Wave 3 execution: run plan 04-05 (quota enforcement) |
|
||||
| Last session | 2026-05-25 — Plan 04-07 executed: audit log backfill (D-13, 8 auth + 2 doc + 5 admin events), SEC-08 CloudConnectionOut, SEC-09 delete-user MinIO cleanup; 92 passed, 1 pre-existing failure |
|
||||
| Next action | Continue execution: run plan 04-08 (frontend integration) |
|
||||
| Pending decisions | None |
|
||||
| Resume file | `.planning/phases/04-folders-sharing-quotas-document-ux/04-04-SUMMARY.md` |
|
||||
| Resume file | `.planning/phases/04-folders-sharing-quotas-document-ux/04-07-SUMMARY.md` |
|
||||
|
||||
Reference in New Issue
Block a user