mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

chore: Update tasks.md - Issue #350 complete
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source
This commit is contained in:
Jason Woltje
2026-02-07 12:49:57 -06:00
parent cf9a3dc526
commit 89464583a4
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tasks.md
View File

@@ -39,9 +39,9 @@ Encrypt remaining plaintext and harden federation.
| Issue | Priority | Title | Phase | Status | Subagent | Review Status |
| ----- | -------- | ---------------------------------------------------------- | ----- | ----------- | -------- | ----------------------- |
| #350 | P0 | Add RLS policies to auth tables with FORCE enforcement | 1 | 🔴 Pending | - | Ready to start |
| #350 | P0 | Add RLS policies to auth tables with FORCE enforcement | 1 | ✅ Complete | ae6120d | Closed - Commit cf9a3dc |
| #351 | P0 | Create RLS context interceptor (fix SEC-API-4) | 1 | ✅ Complete | a91b37e | Closed - Commit 93d4038 |
| #352 | P0 | Encrypt existing plaintext Account tokens | 1 | 🔴 Blocked | - | Waiting on #350 |
| #352 | P0 | Encrypt existing plaintext Account tokens | 1 | 🔴 Pending | - | Ready to start |
| #357 | P1 | Add OpenBao to Docker Compose (turnkey setup) | 2 | 🔴 Blocked | - | - |
| #353 | P1 | Create VaultService NestJS module for OpenBao Transit | 2 | 🔴 Blocked | - | - |
| #354 | P2 | Write OpenBao documentation and production hardening guide | 2 | 🔴 Blocked | - | - |
@@ -144,6 +144,27 @@ Reviews are conducted by separate subagents before commit/push.
- Unblocks: #350, #352
- Phase 1 progress: 1/3 complete
### 2026-02-07 - Issue #350 Code Complete
- Subagent ae6120d implemented RLS policies on auth tables
- Migration created: 20260207_add_auth_rls_policies
- FORCE RLS added to accounts and sessions tables
- Integration tests using RLS context provider from #351
- Critical discovery: PostgreSQL superusers bypass ALL RLS (documented in migration)
- Production deployment requires non-superuser application role
- Ready for review process
### 2026-02-07 - Issue #350 COMPLETED ✅
- All security/QA issues fixed (SQL injection, DELETE verification, CREATE tests)
- 22 comprehensive integration tests passing with 100% coverage
- Complete CRUD coverage for accounts and sessions tables
- Committed: cf9a3dc feat(#350): Add RLS policies to auth tables
- Pushed to origin/develop
- Issue closed in repo
- Unblocks: #352
- Phase 1 progress: 2/3 complete (67%)
---
## Next Actions