mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

chore(orchestrator): Bootstrap tasks.md from review report
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
Parsed 124 findings into 44 tasks across 2 phases (critical + high).
Estimated total: ~400K tokens.

Issues created:
- #337: Phase 1 Critical Security (14 tasks)
- #338: Phase 2 High Priority (30 tasks)
- #339: Phase 3 Medium (deferred)
- #340: Phase 4 Low (deferred)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-05 15:13:48 -06:00
parent 9dfbf8cf61
commit 630f946718
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/tasks.md Normal file
View File

@@ -0,0 +1,49 @@
# Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
| ----------- | ----------- | --------------------------------------------------------------------- | ----- | ------------ | ------------ | ----------- | ------------ | ---------- | ---------- | ------------ | -------- | ---- | --- | --- |
| MS-SEC-001 | not-started | SEC-ORCH-2: Add authentication to orchestrator API | #337 | orchestrator | fix/security | | MS-SEC-002 | | | | 15K | |
| MS-SEC-002 | not-started | SEC-WEB-2: Fix WikiLinkRenderer XSS (sanitize HTML before wiki-links) | #337 | web | fix/security | MS-SEC-001 | MS-SEC-003 | | | | 8K | |
| MS-SEC-003 | not-started | SEC-ORCH-1: Fix secret scanner error handling (return error state) | #337 | orchestrator | fix/security | MS-SEC-002 | MS-SEC-004 | | | | 8K | |
| MS-SEC-004 | not-started | SEC-API-2+3: Fix guards swallowing DB errors (propagate as 500s) | #337 | api | fix/security | MS-SEC-003 | MS-SEC-005 | | | | 10K | |
| MS-SEC-005 | not-started | SEC-API-1: Validate OIDC config at startup (fail fast if missing) | #337 | api | fix/security | MS-SEC-004 | MS-SEC-006 | | | | 8K | |
| MS-SEC-006 | not-started | SEC-ORCH-3: Enable Docker sandbox by default, warn when disabled | #337 | orchestrator | fix/security | MS-SEC-005 | MS-SEC-007 | | | | 10K | |
| MS-SEC-007 | not-started | SEC-ORCH-4: Add auth to inter-service communication (API key) | #337 | orchestrator | fix/security | MS-SEC-006 | MS-SEC-008 | | | | 15K | |
| MS-SEC-008 | not-started | SEC-ORCH-5+CQ-ORCH-3: Replace KEYS with SCAN in Valkey client | #337 | orchestrator | fix/security | MS-SEC-007 | MS-SEC-009 | | | | 12K | |
| MS-SEC-009 | not-started | SEC-ORCH-6: Add Zod validation for deserialized Redis data | #337 | orchestrator | fix/security | MS-SEC-008 | MS-SEC-010 | | | | 12K | |
| MS-SEC-010 | not-started | SEC-WEB-1: Sanitize OAuth callback error parameter | #337 | web | fix/security | MS-SEC-009 | MS-SEC-011 | | | | 5K | |
| MS-SEC-011 | not-started | CQ-API-6: Replace hardcoded OIDC values with env vars | #337 | api | fix/security | MS-SEC-010 | MS-SEC-012 | | | | 8K | |
| MS-SEC-012 | not-started | CQ-WEB-5: Fix boolean logic bug in ReactFlowEditor (?? to | | ) | #337 | web | fix/security | MS-SEC-011 | MS-SEC-013 | | | | 3K | |
| MS-SEC-013 | not-started | SEC-API-4: Add workspaceId query verification tests | #337 | api | fix/security | MS-SEC-012 | MS-SEC-V01 | | | | 20K | |
| MS-SEC-V01 | not-started | Phase 1 Verification: Run full quality gates | #337 | all | fix/security | MS-SEC-013 | MS-HIGH-001 | | | | 5K | |
| MS-HIGH-001 | not-started | SEC-API-5: Fix OpenAI embedding service dummy key handling | #338 | api | fix/high | MS-SEC-V01 | MS-HIGH-002 | | | | 8K | |
| MS-HIGH-002 | not-started | SEC-API-6: Add structured logging for embedding failures | #338 | api | fix/high | MS-HIGH-001 | MS-HIGH-003 | | | | 8K | |
| MS-HIGH-003 | not-started | SEC-API-7: Bind CSRF token to session with HMAC | #338 | api | fix/high | MS-HIGH-002 | MS-HIGH-004 | | | | 12K | |
| MS-HIGH-004 | not-started | SEC-API-8: Log ERROR on rate limiter fallback, add health check | #338 | api | fix/high | MS-HIGH-003 | MS-HIGH-005 | | | | 10K | |
| MS-HIGH-005 | not-started | SEC-API-9: Implement proper system admin role | #338 | api | fix/high | MS-HIGH-004 | MS-HIGH-006 | | | | 15K | |
| MS-HIGH-006 | not-started | SEC-API-10: Add rate limiting to auth catch-all | #338 | api | fix/high | MS-HIGH-005 | MS-HIGH-007 | | | | 8K | |
| MS-HIGH-007 | not-started | SEC-API-11: Validate DEFAULT_WORKSPACE_ID as UUID | #338 | api | fix/high | MS-HIGH-006 | MS-HIGH-008 | | | | 5K | |
| MS-HIGH-008 | not-started | SEC-WEB-3: Route all fetch() through API client (CSRF) | #338 | web | fix/high | MS-HIGH-007 | MS-HIGH-009 | | | | 12K | |
| MS-HIGH-009 | not-started | SEC-WEB-4: Gate mock data behind NODE_ENV check | #338 | web | fix/high | MS-HIGH-008 | MS-HIGH-010 | | | | 10K | |
| MS-HIGH-010 | not-started | SEC-WEB-5: Log auth errors, distinguish backend down | #338 | web | fix/high | MS-HIGH-009 | MS-HIGH-011 | | | | 8K | |
| MS-HIGH-011 | not-started | SEC-WEB-6: Enforce WSS, add connect_error handling | #338 | web | fix/high | MS-HIGH-010 | MS-HIGH-012 | | | | 8K | |
| MS-HIGH-012 | not-started | SEC-WEB-7+CQ-WEB-7: Implement optimistic rollback on Kanban | #338 | web | fix/high | MS-HIGH-011 | MS-HIGH-013 | | | | 12K | |
| MS-HIGH-013 | not-started | SEC-WEB-8: Handle non-OK responses in ActiveProjectsWidget | #338 | web | fix/high | MS-HIGH-012 | MS-HIGH-014 | | | | 8K | |
| MS-HIGH-014 | not-started | SEC-WEB-9: Disable QuickCaptureWidget with Coming Soon | #338 | web | fix/high | MS-HIGH-013 | MS-HIGH-015 | | | | 5K | |
| MS-HIGH-015 | not-started | SEC-WEB-10+11: Standardize API base URL and auth mechanism | #338 | web | fix/high | MS-HIGH-014 | MS-HIGH-016 | | | | 12K | |
| MS-HIGH-016 | not-started | SEC-ORCH-7: Add circuit breaker to coordinator loops | #338 | coordinator | fix/high | MS-HIGH-015 | MS-HIGH-017 | | | | 15K | |
| MS-HIGH-017 | not-started | SEC-ORCH-8: Log queue corruption, backup file | #338 | coordinator | fix/high | MS-HIGH-016 | MS-HIGH-018 | | | | 10K | |
| MS-HIGH-018 | not-started | SEC-ORCH-9: Whitelist allowed env vars in Docker | #338 | orchestrator | fix/high | MS-HIGH-017 | MS-HIGH-019 | | | | 10K | |
| MS-HIGH-019 | not-started | SEC-ORCH-10: Add CapDrop, ReadonlyRootfs, PidsLimit | #338 | orchestrator | fix/high | MS-HIGH-018 | MS-HIGH-020 | | | | 12K | |
| MS-HIGH-020 | not-started | SEC-ORCH-11: Add rate limiting to orchestrator API | #338 | orchestrator | fix/high | MS-HIGH-019 | MS-HIGH-021 | | | | 10K | |
| MS-HIGH-021 | not-started | SEC-ORCH-12: Add max concurrent agents limit | #338 | orchestrator | fix/high | MS-HIGH-020 | MS-HIGH-022 | | | | 8K | |
| MS-HIGH-022 | not-started | SEC-ORCH-13: Block YOLO mode in production | #338 | orchestrator | fix/high | MS-HIGH-021 | MS-HIGH-023 | | | | 8K | |
| MS-HIGH-023 | not-started | SEC-ORCH-14: Sanitize issue body for prompt injection | #338 | coordinator | fix/high | MS-HIGH-022 | MS-HIGH-024 | | | | 12K | |
| MS-HIGH-024 | not-started | SEC-ORCH-15: Warn when VALKEY_PASSWORD not set | #338 | orchestrator | fix/high | MS-HIGH-023 | MS-HIGH-025 | | | | 5K | |
| MS-HIGH-025 | not-started | CQ-ORCH-6: Fix N+1 with MGET for batch retrieval | #338 | orchestrator | fix/high | MS-HIGH-024 | MS-HIGH-026 | | | | 10K | |
| MS-HIGH-026 | not-started | CQ-ORCH-1: Add session cleanup on terminal states | #338 | orchestrator | fix/high | MS-HIGH-025 | MS-HIGH-027 | | | | 10K | |
| MS-HIGH-027 | not-started | CQ-API-1: Fix WebSocket timer leak (clearTimeout in catch) | #338 | api | fix/high | MS-HIGH-026 | MS-HIGH-028 | | | | 8K | |
| MS-HIGH-028 | not-started | CQ-API-2: Fix runner jobs interval leak (clearInterval) | #338 | api | fix/high | MS-HIGH-027 | MS-HIGH-029 | | | | 8K | |
| MS-HIGH-029 | not-started | CQ-WEB-1: Fix useWebSocket stale closure (use refs) | #338 | web | fix/high | MS-HIGH-028 | MS-HIGH-030 | | | | 10K | |
| MS-HIGH-030 | not-started | CQ-WEB-4: Fix useChat stale messages (functional updates) | #338 | web | fix/high | MS-HIGH-029 | MS-HIGH-V01 | | | | 10K | |
| MS-HIGH-V01 | not-started | Phase 2 Verification: Run full quality gates | #338 | all | fix/high | MS-HIGH-030 | MS-MED-001 | | | | 5K | |