chore: Update tasks.md - Issue #350 complete
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
This commit is contained in:
25
tasks.md
25
tasks.md
@@ -39,9 +39,9 @@ Encrypt remaining plaintext and harden federation.
|
|||||||
|
|
||||||
| Issue | Priority | Title | Phase | Status | Subagent | Review Status |
|
| Issue | Priority | Title | Phase | Status | Subagent | Review Status |
|
||||||
| ----- | -------- | ---------------------------------------------------------- | ----- | ----------- | -------- | ----------------------- |
|
| ----- | -------- | ---------------------------------------------------------- | ----- | ----------- | -------- | ----------------------- |
|
||||||
| #350 | P0 | Add RLS policies to auth tables with FORCE enforcement | 1 | 🔴 Pending | - | Ready to start |
|
| #350 | P0 | Add RLS policies to auth tables with FORCE enforcement | 1 | ✅ Complete | ae6120d | Closed - Commit cf9a3dc |
|
||||||
| #351 | P0 | Create RLS context interceptor (fix SEC-API-4) | 1 | ✅ Complete | a91b37e | Closed - Commit 93d4038 |
|
| #351 | P0 | Create RLS context interceptor (fix SEC-API-4) | 1 | ✅ Complete | a91b37e | Closed - Commit 93d4038 |
|
||||||
| #352 | P0 | Encrypt existing plaintext Account tokens | 1 | 🔴 Blocked | - | Waiting on #350 |
|
| #352 | P0 | Encrypt existing plaintext Account tokens | 1 | 🔴 Pending | - | Ready to start |
|
||||||
| #357 | P1 | Add OpenBao to Docker Compose (turnkey setup) | 2 | 🔴 Blocked | - | - |
|
| #357 | P1 | Add OpenBao to Docker Compose (turnkey setup) | 2 | 🔴 Blocked | - | - |
|
||||||
| #353 | P1 | Create VaultService NestJS module for OpenBao Transit | 2 | 🔴 Blocked | - | - |
|
| #353 | P1 | Create VaultService NestJS module for OpenBao Transit | 2 | 🔴 Blocked | - | - |
|
||||||
| #354 | P2 | Write OpenBao documentation and production hardening guide | 2 | 🔴 Blocked | - | - |
|
| #354 | P2 | Write OpenBao documentation and production hardening guide | 2 | 🔴 Blocked | - | - |
|
||||||
@@ -144,6 +144,27 @@ Reviews are conducted by separate subagents before commit/push.
|
|||||||
- Unblocks: #350, #352
|
- Unblocks: #350, #352
|
||||||
- Phase 1 progress: 1/3 complete
|
- Phase 1 progress: 1/3 complete
|
||||||
|
|
||||||
|
### 2026-02-07 - Issue #350 Code Complete
|
||||||
|
|
||||||
|
- Subagent ae6120d implemented RLS policies on auth tables
|
||||||
|
- Migration created: 20260207_add_auth_rls_policies
|
||||||
|
- FORCE RLS added to accounts and sessions tables
|
||||||
|
- Integration tests using RLS context provider from #351
|
||||||
|
- Critical discovery: PostgreSQL superusers bypass ALL RLS (documented in migration)
|
||||||
|
- Production deployment requires non-superuser application role
|
||||||
|
- Ready for review process
|
||||||
|
|
||||||
|
### 2026-02-07 - Issue #350 COMPLETED ✅
|
||||||
|
|
||||||
|
- All security/QA issues fixed (SQL injection, DELETE verification, CREATE tests)
|
||||||
|
- 22 comprehensive integration tests passing with 100% coverage
|
||||||
|
- Complete CRUD coverage for accounts and sessions tables
|
||||||
|
- Committed: cf9a3dc feat(#350): Add RLS policies to auth tables
|
||||||
|
- Pushed to origin/develop
|
||||||
|
- Issue closed in repo
|
||||||
|
- Unblocks: #352
|
||||||
|
- Phase 1 progress: 2/3 complete (67%)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Next Actions
|
## Next Actions
|
||||||
|
|||||||
Reference in New Issue
Block a user