curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
270 Commits 1 Branch 0 Tags
52e54b859add279745ea08f301274f3e85914dd5
Commit Graph

270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
curo1305 52e54b859a docs(phase-04): update validation strategy — 1 gap resolved, suite green 
Audit 2026-06-01: test_daily_export_download was returning 404 because
the mock_backend failed the isinstance(backend, MinIOBackend) check.
Fixed. 87 passed, 4 xfailed, 0 failed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 18:14:59 +02:00
curo1305 cc2825b3b7 fix(phase-04): use MagicMock(spec=MinIOBackend) in test_daily_export_download 
Plain MagicMock() failed the isinstance(backend, MinIOBackend) guard in
download_daily_export(), returning 404. spec=MinIOBackend sets __class__
so isinstance passes and the mock path executes correctly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 18:14:54 +02:00
curo1305 bfcc09958c docs(phase-04): add security threat verification — 41/41 threats closed 2026-06-01 18:05:49 +02:00
curo1305 a3f9e701d8 docs(phase-03): update validation strategy — 4 gaps resolved, STORE-06 promoted from manual-only 
Validation audit 2026-06-01: fix UUID format mismatch resolved 3 PARTIAL tests
(test_confirm_endpoint, test_quota_increment_atomic, test_quota_exceeded_response)
and promoted test_delete_decrements_quota (STORE-06) from manual-only to green.
Suite now 53 passed, 0 failed. Phase 3 fully Nyquist-compliant.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 15:43:07 +02:00
curo1305 b245fcc527 fix(phase-03): use UUID.hex in raw SQL to fix SQLite UUID format mismatch 
str(uuid_obj) produces dashed 36-char format; SQLite stores UUID as 32-char
hex without dashes, so WHERE user_id = :uid never matched. Using .hex fixes
confirm_upload (api/documents.py) and delete_document (services/storage.py).
Removes stale xfail from test_delete_decrements_quota — now passes on SQLite.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 15:43:01 +02:00
curo1305 908bd9d4e3 docs(phase-03): add security threat verification — 27/27 threats closed 2026-06-01 15:30:52 +02:00
curo1305 a89ed65be9 docs(phase-02): update validation strategy with plan 06 coverage 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 15:17:29 +02:00
curo1305 0505beb0a4 test(phase-02): add Nyquist validation tests for plan 06 gaps 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 15:17:25 +02:00
curo1305 da526cb727 docs(02): add security threat verification — 43/43 threats closed 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 14:55:15 +02:00
curo1305 cd3d1d528c docs(06.2): add code review fix report 2026-06-01 14:38:59 +02:00
curo1305 8601a02189 docs(02): update verification report after plan 06 gap closure — 2 security blockers flagged 2026-06-01 14:37:23 +02:00
curo1305 a6c227cc7e merge(06.2): integrate code review fixes from gsd-reviewfix/06.2-2490 2026-06-01 14:37:21 +02:00
curo1305 1433273328 docs(06.2): update review status after fixes — all 15 CR/WR findings resolved 2026-06-01 14:33:41 +02:00
curo1305 9e8f8d5bbc fix(06.2): WR-06 use URLSearchParams in listShares for consistent encoding 2026-06-01 14:31:50 +02:00
curo1305 683670afa1 fix(06.2): WR-02 constrain format parameter to Literal[csv] to reject unsupported formats 2026-06-01 14:31:32 +02:00
curo1305 fdb18300d9 docs(02): add code review report for plan 06 gap closure 2026-06-01 14:31:21 +02:00
curo1305 1cba903c34 fix(06.2): WR-01 replace fixed-suffix password generation with fully-random positional injection 2026-06-01 14:31:00 +02:00
curo1305 2072c3ddcd fix(06.2): WR-08 delete_document defers commit so audit log writes in same transaction 2026-06-01 14:30:31 +02:00
curo1305 50b6e7fd06 fix(06.2): WR-07 document X-Forwarded-For trust boundary in all IP extraction code 2026-06-01 14:29:35 +02:00
curo1305 2542c81602 fix(06.2): WR-03 WR-04 fix pagination off-by-one and surface daily exports load errors 2026-06-01 14:27:47 +02:00
curo1305 1f2cec9ac3 fix(06.2): CR-07 add audit log entry for PATCH /shares/{share_id} permission change 2026-06-01 14:27:08 +02:00
curo1305 1a34209bb0 fix(06.2): CR-06 RFC 5987-encode Content-Disposition filename to prevent header injection 2026-06-01 14:26:46 +02:00
curo1305 653cb3a98b fix(06.2): CR-05 remove UUID dash-stripping in quota SQL — PostgreSQL expects dashed UUID format 2026-06-01 14:26:24 +02:00
curo1305 3fa7e8b866 fix(06.2): CR-04 WR-05 audit export functions use 401-refresh-retry and safe URL.revokeObjectURL 2026-06-01 14:26:05 +02:00
curo1305 792d4639d1 fix(06.2): CR-03 serialize metadata_ with json.dumps in CSV export instead of Python repr 2026-06-01 14:25:29 +02:00
curo1305 50859bb430 fix(06.2): CR-02 add MinIOBackend guard in download_daily_export before accessing _client 2026-06-01 14:25:06 +02:00
curo1305 a3ad36cc82 fix(06.2): CR-01 event-type filter uses prefix LIKE match instead of exact equality 2026-06-01 14:24:50 +02:00
curo1305 5093aa5630 docs(phase-02): update tracking after plan 06 gap closure — 6/6 plans complete 2026-06-01 14:24:46 +02:00
curo1305 7e549b6312 docs(02-06): complete UAT gap closure plan summary 
- SUMMARY.md for plan 02-06 (5 UAT gaps closed)
- Backend fix verified; frontend auth layout, admin guard, Account tab, QR code implemented
 2026-05-31 20:41:36 +02:00
curo1305 c08ea42b1b feat(02-06): Account tab in SettingsView + QR code in TotpEnrollment (GAPs 3, 5) 
- frontend/package.json: add qrcode@1.5.4 to runtime dependencies
- TotpEnrollment.vue: import QRCode; generate data URL in startSetup(); render img tag
- SettingsAccountTab.vue: new component with all AccountView content (2FA, password, sessions)
- SettingsView.vue: add Account tab rendering SettingsAccountTab; import SettingsAccountTab
 2026-05-31 20:40:28 +02:00
curo1305 97314ce486 docs(06.2): add code review report 2026-05-31 20:38:59 +02:00
curo1305 aa957d6c50 feat(02-06): auth layout switching + admin role guard (GAPs 2, 3, 4) 
- App.vue: conditionally renders AuthLayout for auth routes, app shell otherwise
- router/index.js: meta.layout='auth' on all four auth routes
- router/index.js: meta.requiresAdmin=true on /admin route
- router/index.js: beforeEach role check redirects non-admin to /
- router/index.js: /account redirects to /settings
 2026-05-31 20:37:46 +02:00
curo1305 579c8366e9 docs(06.2): update phase verification report after plan-05 gap closure 2026-05-31 20:30:43 +02:00
curo1305 b2488c91c8 docs(02): add root causes from diagnosis 2026-05-31 20:28:57 +02:00
curo1305 52d6efb8a2 docs(06.2): add code review report 2026-05-31 20:23:32 +02:00
curo1305 33697f2713 test(02): complete UAT — 10 passed, 6 issues, 2 blocked 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 20:21:16 +02:00
curo1305 8cc46a8d8d docs(phase-06.2): resolve UAT gaps after 06.2-05 gap closure 2026-05-31 20:16:43 +02:00
curo1305 c3c7030e91 docs(phase-06.2): update tracking after wave 3 — all 5 plans complete 2026-05-31 20:16:08 +02:00
curo1305 8a078e4040 chore: merge executor worktree (worktree-agent-ad4015e9fb03e9447) 2026-05-31 20:13:19 +02:00
curo1305 e30401ddff docs(06.2-05): complete plan summary — 4 UAT gaps closed 
- Task 1: @handle in AccountView + AdminUsersTab
- Task 2: actionable cloud error (Settings link) + audit log @ prefix
- Task 3: clearFilters() + activeFilterCount + Clear filters button + filter count badge
 2026-05-31 20:12:27 +02:00
curo1305 5d457d68bf feat(06.2-05): clear filters button and active filter count in AuditLogTab 
- Add clearFilters() function that resets all filter fields and refetches
- Add activeFilterCount computed property (counts non-empty filter fields)
- Add "Clear filters" button (visible only when activeFilterCount > 0)
- Wrap Export CSV button with filter count indicator (amber text below button)
- Add computed to vue import
 2026-05-31 20:11:02 +02:00
curo1305 f5e111bfa2 feat(06.2-05): actionable cloud error + audit log @ prefix 
- CloudFolderView: detect no-connection error and show actionable message
  directing user to Settings; add router-link to /settings and Retry button
- AuditLogTab: prefix user handles with @ in the User column
 2026-05-31 20:10:22 +02:00
curo1305 045e723f7a feat(06.2-05): show @handle in AccountView and AdminUsersTab 
- Add Username row (@handle) to Account information section in AccountView.vue
- Add Handle column (th + td with @prefix) to users table in AdminUsersTab.vue
- Both use existing data already present in API responses (no backend changes)
 2026-05-31 20:09:50 +02:00
curo1305 6307d9dd86 test(06.2): update UAT with root cause diagnoses for all 4 gaps 2026-05-31 20:01:56 +02:00
curo1305 1d8c7dba91 test(06.2): complete UAT — 3 passed, 4 issues, 2 skipped, 2 blocked 2026-05-31 16:10:54 +02:00
curo1305 77263bd569 docs(phase-06.2): mark validation strategy nyquist-compliant 
All 11 Wave 0 test stubs verified green (50 passed, 4 xfailed).
Updated per-task map, wave 0 checklist, sign-off, and audit trail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:44:25 +02:00
curo1305 73b180ac9d docs(phase-06.2): add security threat verification report 
16/16 threats CLOSED — mitigate dispositions verified in code with exact file:line citations.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:41:33 +02:00
curo1305 f037d2be45 docs(06.2): add phase verification report 2026-05-31 15:36:08 +02:00
curo1305 758d1a687e docs(06.2): add code review report 2026-05-31 15:29:57 +02:00
curo1305 abb964531f docs(phase-06.2): update tracking after wave 2 — plan 06.2-04 complete 2026-05-31 15:24:44 +02:00