mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

chore(orchestrator): Bootstrap Phase 5 tasks for issue #340

Browse Source 
Parsed 26 findings (7 CQ + 19 SEC-Low) into 17 tasks + verification.
2 findings already done (CQ-API-7, CQ-ORCH-9). Estimated total: 155K tokens.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-06 14:59:12 -06:00
parent 92c310333c
commit 6c379d099a
1 changed files with 87 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/tasks.md
View File

@@ -1,7 +1,7 @@
# Tasks # Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | | id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
| ----------- | -------- | --------------------------------------------------------------------- | ----- | ------------ | ------------ | ----------- | ----------- | -------- | -------------------- | -------------------- | -------- | ----- | | ----------- | ----------- | --------------------------------------------------------------------- | ----- | ------------ | ------------ | ----------- | ----------- | -------- | -------------------- | -------------------- | -------- | ----- |
| MS-SEC-001 | done | SEC-ORCH-2: Add authentication to orchestrator API | #337 | orchestrator | fix/security | | MS-SEC-002 | worker-1 | 2026-02-05T15:15:00Z | 2026-02-05T15:25:00Z | 15K | 0.3K | | MS-SEC-001 | done | SEC-ORCH-2: Add authentication to orchestrator API | #337 | orchestrator | fix/security | | MS-SEC-002 | worker-1 | 2026-02-05T15:15:00Z | 2026-02-05T15:25:00Z | 15K | 0.3K |
| MS-SEC-002 | done | SEC-WEB-2: Fix WikiLinkRenderer XSS (sanitize HTML before wiki-links) | #337 | web | fix/security | MS-SEC-001 | MS-SEC-003 | worker-1 | 2026-02-05T15:26:00Z | 2026-02-05T15:35:00Z | 8K | 8.5K | | MS-SEC-002 | done | SEC-WEB-2: Fix WikiLinkRenderer XSS (sanitize HTML before wiki-links) | #337 | web | fix/security | MS-SEC-001 | MS-SEC-003 | worker-1 | 2026-02-05T15:26:00Z | 2026-02-05T15:35:00Z | 8K | 8.5K |
| MS-SEC-003 | done | SEC-ORCH-1: Fix secret scanner error handling (return error state) | #337 | orchestrator | fix/security | MS-SEC-002 | MS-SEC-004 | worker-1 | 2026-02-05T15:36:00Z | 2026-02-05T15:42:00Z | 8K | 18.5K | | MS-SEC-003 | done | SEC-ORCH-1: Fix secret scanner error handling (return error state) | #337 | orchestrator | fix/security | MS-SEC-002 | MS-SEC-004 | worker-1 | 2026-02-05T15:36:00Z | 2026-02-05T15:42:00Z | 8K | 18.5K |
@@ -69,3 +69,21 @@
| MS-P4-011 | done | CQ-ORCH-7: Graceful Docker container shutdown before force remove | #347 | orchestrator | fix/security | MS-P4-010 | MS-P4-012 | worker-1 | 2026-02-06T14:11:00Z | 2026-02-06T14:14:00Z | 10K | 15K | | MS-P4-011 | done | CQ-ORCH-7: Graceful Docker container shutdown before force remove | #347 | orchestrator | fix/security | MS-P4-010 | MS-P4-012 | worker-1 | 2026-02-06T14:11:00Z | 2026-02-06T14:14:00Z | 10K | 15K |
| MS-P4-012 | done | CQ-ORCH-9: Deduplicate spawn validation logic | #347 | orchestrator | fix/security | MS-P4-011 | MS-P4-V01 | worker-1 | 2026-02-06T14:15:00Z | 2026-02-06T14:18:00Z | 10K | 25K | | MS-P4-012 | done | CQ-ORCH-9: Deduplicate spawn validation logic | #347 | orchestrator | fix/security | MS-P4-011 | MS-P4-V01 | worker-1 | 2026-02-06T14:15:00Z | 2026-02-06T14:18:00Z | 10K | 25K |
| MS-P4-V01 | done | Phase 4 Verification: Run full quality gates | #347 | all | fix/security | MS-P4-012 | | worker-1 | 2026-02-06T14:19:00Z | 2026-02-06T14:22:00Z | 5K | 2K | | MS-P4-V01 | done | Phase 4 Verification: Run full quality gates | #347 | all | fix/security | MS-P4-012 | | worker-1 | 2026-02-06T14:19:00Z | 2026-02-06T14:22:00Z | 5K | 2K |
| MS-P5-001 | not-started | SEC-API-25+26: ValidationPipe strict mode + CORS Origin validation | #340 | api | fix/security | MS-P4-V01 | MS-P5-002 | | | | 10K | |
| MS-P5-002 | not-started | SEC-API-27: Move RLS context setting inside transaction boundary | #340 | api | fix/security | MS-P5-001 | MS-P5-003 | | | | 8K | |
| MS-P5-003 | not-started | SEC-API-28: Replace MCP console.error with NestJS Logger | #340 | api | fix/security | MS-P5-002 | MS-P5-004 | | | | 5K | |
| MS-P5-004 | not-started | CQ-API-5: Document throttler in-memory fallback as best-effort | #340 | api | fix/security | MS-P5-003 | MS-P5-005 | | | | 5K | |
| MS-P5-005 | not-started | SEC-ORCH-28+29: Add Valkey connection timeout + workItems MaxLength | #340 | orchestrator | fix/security | MS-P5-004 | MS-P5-006 | | | | 8K | |
| MS-P5-006 | not-started | SEC-ORCH-30: Prevent container name collision with unique suffix | #340 | orchestrator | fix/security | MS-P5-005 | MS-P5-007 | | | | 5K | |
| MS-P5-007 | not-started | CQ-ORCH-10: Make BullMQ job retention configurable via env vars | #340 | orchestrator | fix/security | MS-P5-006 | MS-P5-008 | | | | 8K | |
| MS-P5-008 | not-started | SEC-WEB-26+29: Remove console.log + fix formatTime error handling | #340 | web | fix/security | MS-P5-007 | MS-P5-009 | | | | 5K | |
| MS-P5-009 | not-started | SEC-WEB-27+28: Robust email validation + role cast validation | #340 | web | fix/security | MS-P5-008 | MS-P5-010 | | | | 8K | |
| MS-P5-010 | not-started | SEC-WEB-30+31+36: Validate JSON.parse/localStorage deserialization | #340 | web | fix/security | MS-P5-009 | MS-P5-011 | | | | 15K | |
| MS-P5-011 | not-started | SEC-WEB-32+34: Add input maxLength limits + API request timeout | #340 | web | fix/security | MS-P5-010 | MS-P5-012 | | | | 10K | |
| MS-P5-012 | not-started | SEC-WEB-33+35: Fix Mermaid error display + useWorkspaceId error | #340 | web | fix/security | MS-P5-011 | MS-P5-013 | | | | 8K | |
| MS-P5-013 | not-started | SEC-WEB-37: Gate federation mock data behind NODE_ENV check | #340 | web | fix/security | MS-P5-012 | MS-P5-014 | | | | 8K | |
| MS-P5-014 | not-started | CQ-WEB-8: Add React.memo to performance-sensitive components | #340 | web | fix/security | MS-P5-013 | MS-P5-015 | | | | 15K | |
| MS-P5-015 | not-started | CQ-WEB-9: Replace DOM manipulation in LinkAutocomplete | #340 | web | fix/security | MS-P5-014 | MS-P5-016 | | | | 10K | |
| MS-P5-016 | not-started | CQ-WEB-10: Add loading/error states to pages with mock data | #340 | web | fix/security | MS-P5-015 | MS-P5-017 | | | | 15K | |
| MS-P5-017 | not-started | CQ-WEB-11+12: Fix accessibility labels + SSR window check | #340 | web | fix/security | MS-P5-016 | MS-P5-V01 | | | | 12K | |
| MS-P5-V01 | not-started | Phase 5 Verification: Run full quality gates | #340 | all | fix/security | MS-P5-017 | | | | | 5K | |