curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
263 Commits 1 Branch 0 Tags
0505beb0a419d8debc69d00e8861bbe65cb1727c
Commit Graph

107 Commits

Author SHA1 Message Date
curo1305 da526cb727 docs(02): add security threat verification — 43/43 threats closed 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 14:55:15 +02:00
curo1305 cd3d1d528c docs(06.2): add code review fix report 2026-06-01 14:38:59 +02:00
curo1305 8601a02189 docs(02): update verification report after plan 06 gap closure — 2 security blockers flagged 2026-06-01 14:37:23 +02:00
curo1305 a6c227cc7e merge(06.2): integrate code review fixes from gsd-reviewfix/06.2-2490 2026-06-01 14:37:21 +02:00
curo1305 1433273328 docs(06.2): update review status after fixes — all 15 CR/WR findings resolved 2026-06-01 14:33:41 +02:00
curo1305 fdb18300d9 docs(02): add code review report for plan 06 gap closure 2026-06-01 14:31:21 +02:00
curo1305 7e549b6312 docs(02-06): complete UAT gap closure plan summary 
- SUMMARY.md for plan 02-06 (5 UAT gaps closed)
- Backend fix verified; frontend auth layout, admin guard, Account tab, QR code implemented
 2026-05-31 20:41:36 +02:00
curo1305 97314ce486 docs(06.2): add code review report 2026-05-31 20:38:59 +02:00
curo1305 579c8366e9 docs(06.2): update phase verification report after plan-05 gap closure 2026-05-31 20:30:43 +02:00
curo1305 b2488c91c8 docs(02): add root causes from diagnosis 2026-05-31 20:28:57 +02:00
curo1305 52d6efb8a2 docs(06.2): add code review report 2026-05-31 20:23:32 +02:00
curo1305 33697f2713 test(02): complete UAT — 10 passed, 6 issues, 2 blocked 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 20:21:16 +02:00
curo1305 8cc46a8d8d docs(phase-06.2): resolve UAT gaps after 06.2-05 gap closure 2026-05-31 20:16:43 +02:00
curo1305 e30401ddff docs(06.2-05): complete plan summary — 4 UAT gaps closed 
- Task 1: @handle in AccountView + AdminUsersTab
- Task 2: actionable cloud error (Settings link) + audit log @ prefix
- Task 3: clearFilters() + activeFilterCount + Clear filters button + filter count badge
 2026-05-31 20:12:27 +02:00
curo1305 6307d9dd86 test(06.2): update UAT with root cause diagnoses for all 4 gaps 2026-05-31 20:01:56 +02:00
curo1305 1d8c7dba91 test(06.2): complete UAT — 3 passed, 4 issues, 2 skipped, 2 blocked 2026-05-31 16:10:54 +02:00
curo1305 77263bd569 docs(phase-06.2): mark validation strategy nyquist-compliant 
All 11 Wave 0 test stubs verified green (50 passed, 4 xfailed).
Updated per-task map, wave 0 checklist, sign-off, and audit trail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:44:25 +02:00
curo1305 73b180ac9d docs(phase-06.2): add security threat verification report 
16/16 threats CLOSED — mitigate dispositions verified in code with exact file:line citations.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:41:33 +02:00
curo1305 f037d2be45 docs(06.2): add phase verification report 2026-05-31 15:36:08 +02:00
curo1305 758d1a687e docs(06.2): add code review report 2026-05-31 15:29:57 +02:00
curo1305 46f7505e36 chore: merge executor worktree (worktree-agent-af66944050628b0e4) 2026-05-31 15:23:36 +02:00
curo1305 893da5b9ba docs(06.2-04): complete ADMIN-06 audit enrichment + daily exports — 10 tests pass 
- Handle-enriched audit log (user_handle, actor_handle via aliased double-JOIN)
- user_handle filter with handle-to-UUID resolution, empty result for unknown handles
- fetch+Blob CSV export replacing window.location.href (T-06.2-04-03)
- GET /audit-log/daily-exports and /daily-exports/{date} with date regex validation
- Daily exports section in AuditLogTab with date dropdown + Download button
- Full audit test suite: 10 passed; backend suite: 337 passed, 1 pre-existing failure
 2026-05-31 15:22:46 +02:00
curo1305 f176235ee8 docs(phase-04): update VALIDATION.md — Nyquist-compliant (all gaps resolved) 
Mark nyquist_compliant: true. All 22 tasks now have automated coverage.
4 gaps resolved: FOLD-04 sort, FOLD-05 FTS, SEC-08 credentials_enc, SEC-09
MinIO cleanup. 1 impl bug logged and fixed (FTS try/except misplacement).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:21:08 +02:00
curo1305 eab5f124f6 docs(06.2-03): complete cloud-delete gap closure — 24 tests pass 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:11:51 +02:00
curo1305 e812922a26 docs(06.2-02): complete SHARE-05 + SHARE-03 gap closure — 12 tests pass 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:07:26 +02:00
curo1305 3cc4a5335d docs(phase-03): update VALIDATION.md — Nyquist-compliant (partial) 
15 automated tests green, 4 manual-only (PostgreSQL/migration infra).
Added 4 previously unlisted passing tests to task map (D-15, D-16, D-09×2).
Audit trail appended. Status: nyquist_compliant: true, status: partial.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:07:23 +02:00
curo1305 7e62868fea docs(phase-02): add VALIDATION.md — Nyquist-compliant, all 24 tasks mapped, 4 manual-only 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 12:04:28 +02:00
curo1305 21fde406e7 docs(06.2-01): complete Wave 0 Nyquist scaffold — 11 xfail stubs across 3 test files 
- 3 stubs in test_shares.py (SHARE-03 permission field, PATCH, IDOR)
- 3 stubs in test_documents.py (cloud delete propagation, failure, remove_only)
- 5 stubs in test_audit.py (handle enrichment, handle filter x2, daily exports x2)
- All 11 reported as XFAIL; full 3-file suite: 35 passed, 15 xfailed, exits 0
 2026-05-31 11:58:58 +02:00
curo1305 708fd7fad0 docs(phase-6.2): record planning complete — 4 plans verified, state updated 
- ROADMAP.md: progress table → Planned; wave annotations already added by planner
- STATE.md: phase 6.2 row → Planned (4 plans, 3 waves); session note added
- 06.2-03-PLAN.md: remove incorrect SHARE-03/SHARE-05 from requirements field
- 06.2-RESEARCH.md: mark Open Questions section as RESOLVED
- 06.2-UI-SPEC.md: add to version control (was untracked)

Verification: 0 blockers, 2 cosmetic warnings fixed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 11:41:32 +02:00
curo1305 4adc77d8cc docs(06.2): create 4-plan phase covering SHARE-03, SHARE-05, cloud-delete, ADMIN-06 
Wave 0: 11 xfail stubs across test_shares/test_documents/test_audit
Wave 1 (parallel): SHARE-05 badge + SHARE-03 permission control; cloud-delete propagation
Wave 2: audit handle enrichment, user_handle filter, CSV fetch+Blob, daily-export UI

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 11:36:33 +02:00
curo1305 67f0c01540 docs(phase-6.2): add validation strategy 2026-05-31 11:12:23 +02:00
curo1305 695649eefa docs(06.2): add research document for phase 6.2 gap-closure 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 11:10:59 +02:00
curo1305 7be48266ae docs(06.2): capture phase context + fix admin user creation 500 
- Phase 6.2 CONTEXT.md: cloud-delete propagation, SHARE-03/05, audit
  log CSV export fix, daily export UI, user handle display
- Fix: admin create_user missing session.flush() before write_audit_log
  caused FK violation on PostgreSQL (silent on SQLite)
- Regression test: test_create_user_writes_audit_log in test_admin_api.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 11:00:45 +02:00
curo1305 3825f670a1 docs(phase-6.1): add VALIDATION.md and commit VERIFICATION.md 
VALIDATION.md: Nyquist audit — 3 gaps found, 2 resolved automated
(SHARE-03 permission field, SHARE-05 is_shared indicator), 1 escalated
to manual-only (STORE-06 requires INTEGRATION=1 PostgreSQL).

VERIFICATION.md: was untracked artifact from gsd-verifier run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 23:38:16 +02:00
curo1305 56bfdba8d1 docs(phase-6.1): mark phase complete — 12 tests, 310 total passing 
SHARE-01..05 and ADMIN-06 test coverage gaps closed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 23:30:34 +02:00
curo1305 5762f65b09 docs(6.1): add code review report — 3 warnings, 2 info 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 23:24:05 +02:00
curo1305 1e4654aad5 docs(phase-6.1): update tracking after wave 1 — both plans complete 
11 tests passing (7 shares + 4 audit), 309 total, 0 failures.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 23:18:04 +02:00
curo1305 21ea3bf169 chore: merge executor worktree (06.1-01 shares tests) 2026-05-30 23:16:38 +02:00
curo1305 eee9970cf2 chore: merge executor worktree (06.1-02 audit tests) 2026-05-30 23:16:14 +02:00
curo1305 ec14fc722f docs(6.1-01): complete plan — promote test_shares.py stubs to real tests 
- 2/2 tasks complete: second_auth_user fixture + 7 real share tests
- 7 PASSED in Docker (0 xfailed, 0 failed)
- SHARE-01..05 requirements covered
 2026-05-30 23:13:09 +02:00
curo1305 0ccdee48ba docs(6.1-02): complete plan 06.1-02 — promote test_audit.py stubs to real tests 
- 4 PASSED, 0 xfailed; ADMIN-06 test coverage complete
 2026-05-30 23:11:01 +02:00
curo1305 838698e715 docs(06): capture phase context — performance & production hardening 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 22:41:14 +02:00
curo1305 a2ece9ee7d docs(phase-1): mark VALIDATION.md Nyquist-compliant — all 6 rows green 
Audit 2026-05-30: 3 gaps closed (STORE-07 concurrent test added,
test_confirm_endpoint unblocked, alembic tests moved to manual-only).
nyquist_compliant: true, status: compliant.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 18:57:07 +02:00
curo1305 710e535411 docs(phase-5): mark VALIDATION.md Nyquist-compliant — all 13 rows green 
All 117 cloud tests pass; 13/13 validation map requirements COVERED.
Updated status, frontmatter, sign-off, and added audit trail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 18:24:12 +02:00
curo1305 cafdceef10 docs(phase-5): add security threat verification 
56/56 threats verified CLOSED across all 12 plans. 14 accepted risks documented. Unregistered flag (GET /connections/{id}/config) reviewed and confirmed fully mitigated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 18:18:22 +02:00
curo1305 1a6fa08a34 docs(05): add code review and verification reports for phase 5 
REVIEW.md: 3 critical findings fixed (HTTPException passthrough,
Redis pre-flight ordering, CLOUD_CREDS_KEY in celery-worker env)
VERIFICATION.md: 7/7 must-haves verified; 6 human-verification items
require live cloud credentials (Google Drive, OneDrive, Nextcloud/WebDAV)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 18:07:42 +02:00
curo1305 10175ee4b5 fix(05-12): close 3 UAT gaps — OAuth 400 preflight, 502 cloud fallback, upload hint 
- oauth_initiate: pre-flight check returns 400 with env-var hint when
  GOOGLE_CLIENT_ID/SECRET or ONEDRIVE_CLIENT_ID/SECRET are not configured,
  preventing opaque MSAL/OAuth library 500 errors on misconfigured servers
- stream_document_content: broad except-clause catches non-CloudConnectionError
  exceptions and returns 502 with user-friendly message (was raw 500)
- docker-compose.yml: add volumes: - ./backend:/app to celery-worker so code
  changes are picked up by docker compose restart without a rebuild
- CloudStorageView: upload hint paragraph directs users to navigate into a
  cloud folder; no DropZone added (no folder context at overview level)
- 3 new backend tests pass; 2 existing tests patched with credential monkeypatch;
  full suite: 293 passed, 0 new failures, 1 pre-existing (test_extract_docx)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 17:55:08 +02:00
curo1305 67edc19a36 docs(05): add UAT, UI-SPEC, deferred items, debug notes; refine plans 09-11 
Plan refinements: Vitest tests added to 09/10 must-haves, explicit
mock_flow two-tuple pattern in 10, test_admin_api.py fixture usage in 11.
New artifacts: UAT checklist, UI-SPEC, deferred-items, debug investigation
for cloud-doc-operations-fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-30 11:57:54 +02:00
curo1305 9935c06aab docs(05): add code review report — 5 critical, 6 warning, 3 info findings 2026-05-30 11:49:43 +02:00
curo1305 3180e759de docs(05-11): complete admin hard-delete with password confirmation plan 
- UserDeleteConfirm Pydantic model + Argon2 password verification in delete_user
- adminDeleteUser(id, adminPassword) exported from client.js
- AdminUsersTab inline delete confirmation panel with password field
- Three new tests pass: 204/403/422 scenarios
- Full 21-test admin suite green; frontend build clean
 2026-05-30 11:40:14 +02:00