diff --git a/docs/claude/task-tracking.md b/docs/claude/task-tracking.md deleted file mode 100644 index 6bc00e5..0000000 --- a/docs/claude/task-tracking.md +++ /dev/null @@ -1,190 +0,0 @@ -# Autonomous Task Orchestration - -> Load this guide when orchestrating autonomous task completion via `docs/tasks.md`. - -## Ownership - -**The orchestrator is the sole writer of `docs/tasks.md`.** Worker agents execute tasks and report results — they never read or modify the tracking file. - -## Schema Reference - -| Column | Format | Purpose | -| -------------- | ---------------------------------------- | ------------------------------------------- | -| `id` | `MS-{CAT}-{NNN}` | Unique task ID | -| `status` | `not-started` \| `in-progress` \| `done` | Current state | -| `description` | Free text | What to do (inline, concise) | -| `issue` | `#NNN` or empty | Gitea issue for requirements context | -| `repo` | Workspace name | `api`, `web`, `orchestrator`, `coordinator` | -| `branch` | Branch name | Git branch for this work | -| `depends_on` | Comma-separated IDs | Must complete before this task starts | -| `blocks` | Comma-separated IDs | Tasks waiting on this one | -| `agent` | Agent identifier | Who is executing | -| `started_at` | ISO 8601 | When work began | -| `completed_at` | ISO 8601 | When work finished | -| `estimate` | `5K`, `40K` | Predicted token usage | -| `used` | `4.2K`, `38.5K` | Actual token usage (fill on completion) | - -**Category prefixes:** `SEC` (security), `HIGH` (high priority), `CQ` (code quality), `TEST` (test coverage) - -## Orchestrator Core Loop - -``` -1. git pull --rebase -2. Read docs/tasks.md -3. Find next task: status=not-started AND all depends_on are done -4. If no task available: - - All done? → Report success, STOP - - Some blocked? → Report deadlock, STOP -5. Update tasks.md: status=in-progress, agent, started_at -6. Spawn worker agent (Task tool) with task details from the row -7. Wait for worker completion -8. Parse worker result (JSON) -9. Update tasks.md: status=done/failed, completed_at, used -10. Commit + push: git add docs/tasks.md && git commit && git push -11. Check context usage -12. If >= 60%: Compact (see below), then go to step 1 -13. If < 60%: Go to step 1 -``` - -## Worker Prompt Template - -The orchestrator constructs this prompt from the task row and passes it to a worker agent via the Task tool: - -````markdown -## Task Assignment: {id} - -**Description:** {description} -**Repository:** /home/localadmin/src/mosaic-stack/apps/{repo} -**Branch:** {branch} - -**Reference Report:** See `docs/reports/codebase-review-2026-02-05/` for detailed findings. - -## Workflow - -1. Checkout branch: `git checkout {branch} || git checkout -b {branch} develop && git pull` -2. Implement the fix following existing code patterns -3. Run quality gates (ALL must pass): - ```bash - pnpm lint - pnpm typecheck - pnpm test - ``` -4. If gates fail: Fix and retry. Do NOT report success with failures. -5. Commit: `git commit -m "fix({id}): brief description"` -6. Push: `git push origin {branch}` -7. Report result as JSON (see format below) - -## Git Scripts (for issue/PR/milestone operations, NOT raw tea/gh) - -~/.claude/scripts/git/issue-view.sh -i {N} -~/.claude/scripts/git/pr-create.sh -t "Title" -b "Desc" -B develop - -# Standard git commands (pull, commit, push, checkout) are fine - -## Result Format (MANDATORY) - -End your response with this JSON block: - -```json -{ - "task_id": "{id}", - "status": "success|failed", - "used": "5.2K", - "commit_sha": "abc123", - "notes": "Brief summary of what was done" -} -``` - -## Rules - -- DO NOT modify docs/tasks.md -- DO NOT claim other tasks -- Complete this single task, report results, done -```` - -## Compaction Protocol - -**Threshold:** 60% context usage - -**Why 60%?** System overhead is ~26% (prompts, tools, CLAUDE.md). Real capacity is ~74%. Triggering at 60% means ~81% actual usage — safe margin before the 91-95% emergency wall. - -**After completing each task:** - -1. Check context usage -2. If < 60%: Continue to next task -3. If >= 60%: Compact before next task - -**Compaction steps:** - -1. Update docs/tasks.md with all current progress -2. Commit + push tasks.md -3. Summarize: completed tasks, quality status, remaining queue -4. Clear detailed worker outputs and execution history -5. Resume with next unblocked task - -**Compaction does NOT require user permission.** - -**Template:** - -``` -Session Summary (Compacting at 60%): - -Completed: MS-SEC-001 (12K), MS-SEC-002 (8K), MS-SEC-003 (10K) -Quality: All tests passing, zero regressions -Remaining: MS-SEC-004 (ready), MS-SEC-005 through MS-SEC-010, Phase 2-4 tasks -Next: MS-SEC-004 -``` - -**Expected:** Context drops from 60% → ~25-30%. - -## Error Handling - -**Quality gates fail:** - -1. Update tasks.md: status remains `in-progress`, add failure notes -2. Re-spawn worker with error context, or mark `failed` and move on -3. If failed task blocks others: Report deadlock, STOP - -**Worker reports blocker:** - -1. Update tasks.md: note the blocker -2. Skip to next unblocked task if possible -3. If all remaining tasks blocked: Report, STOP - -**Git push conflict:** - -1. `git pull --rebase` -2. If auto-resolves: push again -3. If conflict on tasks.md: Report, STOP (human resolves) - -## Stopping Criteria - -**ONLY stop if:** - -1. All tasks in docs/tasks.md are `done` -2. Critical blocker preventing progress (document and alert) -3. Absolute context limit reached AND cannot compact further - -**DO NOT stop to ask "should I continue?"** — the answer is always YES. - -## Phase Structure - -**Phase 1 - Critical Security (MS-SEC-001 through MS-SEC-010):** - -- Authentication, XSS, error handling, OIDC validation -- Must complete before Phase 2 - -**Phase 2 - High Security (MS-HIGH-001 through MS-HIGH-006):** - -- CSRF, mock data removal, rate limiting, container hardening -- Must complete before Phase 3 - -**Phase 3 - Code Quality (MS-CQ-001 through MS-CQ-007):** - -- Memory leaks, stale closures, boolean bugs, atomic operations -- Must complete before Phase 4 - -**Phase 4 - Test Coverage (MS-TEST-001 through MS-TEST-005):** - -- Critical service tests, widget tests, coverage investigation -- Final verification gate diff --git a/docs/reports/codebase-review-2026-02-05/00-executive-summary.md b/docs/reports/codebase-review-2026-02-05/00-executive-summary.md new file mode 100644 index 0000000..f4ef531 --- /dev/null +++ b/docs/reports/codebase-review-2026-02-05/00-executive-summary.md @@ -0,0 +1,163 @@ +# Mosaic Stack - Full Codebase Review: Executive Summary + +**Date:** 2026-02-05 +**Scope:** Full codebase (apps/api, apps/web, apps/orchestrator, apps/coordinator, packages/\*) +**Method:** 7 parallel review agents covering security, code quality, and QA/test coverage + +--- + +## At a Glance + +| Dimension | Findings | Critical | High | Medium | Low | +| --------------------------- | -------- | -------- | ------ | ------ | ------ | +| Security - API | 28 | 4 | 7 | 13 | 4 | +| Security - Web | 37 | 2 | 9 | 14 | 12 | +| Security - Orch/Coord | 30 | 6 | 9 | 12 | 3 | +| Code Quality - API | 7 | 3 | 2 | 2 | 0 | +| Code Quality - Web | 12 | 5 | 2 | 3 | 2 | +| Code Quality - Orchestrator | 10 | 3 | 3 | 3 | 1 | +| **Totals** | **124** | **23** | **32** | **47** | **22** | + +**QA/Test Coverage:** Separate grading per workspace (see report 03). + +--- + +## Top 10 Most Urgent Findings + +These are the findings that pose the greatest risk and should be addressed first: + +### 1. No Authentication on Orchestrator API (SEC-ORCH-2) + +**Severity: CRITICAL** | The entire orchestrator API (spawn, kill, kill-all, status) has zero authentication. Any network client can drain API credits or kill all agents. + +### 2. RLS Context Never Applied in Service Layer (SEC-API-4) + +**Severity: CRITICAL** | The RLS infrastructure exists (withWorkspaceContext, setWorkspaceContext) but no service actually uses it. Tenant isolation relies entirely on application-level WHERE clauses. + +### 3. WikiLinkRenderer Stored XSS (SEC-WEB-2) + +**Severity: CRITICAL** | WikiLinkRenderer passes HTML through dangerouslySetInnerHTML. DOMPurify only sanitizes wiki-link display text; surrounding HTML is rendered raw. Stored XSS. + +### 4. Secret Scanner Returns "Clean" on Error (SEC-ORCH-1) + +**Severity: CRITICAL** | When scanFile() fails for any reason, it returns `{ hasSecrets: false }`. A file that couldn't be read is indistinguishable from a clean file. + +### 5. Docker Sandbox Disabled by Default (SEC-ORCH-3) + +**Severity: CRITICAL** | Agents run directly on the host without container isolation unless `SANDBOX_ENABLED=true` is explicitly set. + +### 6. Unauthenticated Inter-Service Communication (SEC-ORCH-4) + +**Severity: CRITICAL** | Orchestrator communicates with coordinator over plain HTTP with no authentication. Quality gate responses can be spoofed. + +### 7. Guards Swallow DB Errors as Auth Failures (SEC-API-2, SEC-API-3) + +**Severity: CRITICAL** | WorkspaceGuard and PermissionGuard catch all database errors and return false/null, converting infrastructure failures into misleading "access denied" responses. + +### 8. OIDC Config Silently Degrades to Empty Strings (SEC-API-1) + +**Severity: CRITICAL** | Missing OIDC env vars default to empty strings instead of failing fast. The discovery URL becomes a relative path. + +### 9. Redis KEYS Command in Production (CQ-ORCH-3, SEC-ORCH-5) + +**Severity: CRITICAL** | listTasks() and listAgents() use the blocking `KEYS` command. This can freeze the entire Redis instance under load. + +### 10. OAuth Callback Open Redirect (SEC-WEB-1) + +**Severity: CRITICAL** | The OAuth error parameter is passed unsanitized into router.push(), enabling phishing attacks. + +--- + +## Summary by Workspace + +### apps/api (NestJS) + +- **Security:** Strong Prisma query safety, timing-safe comparisons, good guard chain. Weak: RLS never applied, guards swallow DB errors, OIDC silent degradation, admin guard conflates workspace ownership with system admin. +- **Code Quality:** Good architecture overall. Memory leaks in WebSocket gateway and runner-jobs. Hardcoded TODO values in federation OIDC. +- **Test Grade: B-** (2,174 tests, but 21 untested services including the 916-line knowledge.service.ts) + +### apps/web (Next.js) + +- **Security:** API client has good CSRF handling, but multiple components bypass it with raw fetch(). WikiLinkRenderer XSS. Mock data shipped in production paths. Dual auth mechanisms. +- **Code Quality:** Stale closures in hooks, boolean logic bug in mindmap editor, race conditions in autocomplete, no React.memo usage, no CSP headers. +- **Test Grade: C+** (555 tests, 76 untested components/pages, 23 skipped tests) + +### apps/orchestrator (NestJS) + +- **Security:** No API authentication, no rate limiting, sandbox disabled by default, unauthenticated inter-service communication, YOLO mode bypasses all quality gates. +- **Code Quality:** Unbounded session Map, KEYS command, TOCTOU race conditions in state transitions, N+1 queries, force-remove Docker containers. +- **Test Grade: A** (452 tests, near-complete coverage, well-structured) + +### apps/coordinator (Python/FastAPI) + +- **Security:** Prompt injection via issue body, queue file corruption silently discarded, orchestration loops swallow all exceptions, Mock import in production code. +- **Test Grade: D** (504 tests exist but only 16% line coverage reported -- likely test configuration issue) + +### packages/\* + +- **shared:** Adequate (1 test file, covers utilities) +- **ui:** 9 of 10 components untested (Grade: D+) +- **config/skills:** No tests needed + +--- + +## Remediation Approach + +Findings are organized into three reports for detailed remediation planning: + +| Report | File | Contents | +| ------------------- | --------------------------- | ---------------------------------------------------- | +| Security Review | `01-security-review.md` | All 95 security findings across API, Web, Orch/Coord | +| Code Quality Review | `02-code-quality-review.md` | All 29 code quality findings | +| QA & Test Coverage | `03-qa-test-coverage.md` | Test gaps, anti-patterns, coverage grades | + +### Suggested Remediation Phases + +**Phase 1 - Critical Security (1-2 days)** + +- Add authentication to orchestrator API +- Fix WikiLinkRenderer XSS +- Fix secret scanner error handling +- Fix guards swallowing DB errors +- Validate OIDC configuration at startup + +**Phase 2 - High Security + Infrastructure (2-3 days)** + +- Enable Docker sandbox by default +- Add inter-service authentication +- Replace KEYS with SCAN in Valkey +- Sanitize OAuth callback parameters +- Route all fetch() through API client (CSRF) +- Remove/gate mock data in production paths + +**Phase 3 - Code Quality + Memory Leaks (1-2 days)** + +- Fix memory leaks (WebSocket, runner-jobs, Valkey listeners, session Map) +- Fix stale closures in React hooks +- Fix boolean logic bug in mindmap editor +- Add runtime validation for deserialized data +- Fix N+1 queries + +**Phase 4 - Test Coverage (2-3 days)** + +- Investigate coordinator 16% coverage +- Add tests for knowledge.service.ts, admin.guard.ts, embeddings.service.ts +- Re-enable 23 skipped widget tests +- Add tests for untested UI components +- Replace placeholder assertions + +--- + +## Positive Observations + +The codebase demonstrates strong engineering in several areas: + +- Prisma parameterized queries throughout (no raw SQL injection) +- Timing-safe API key comparison +- Federation private keys encrypted at rest (AES-256-GCM) +- Comprehensive zip bomb protection +- Guard chain consistency (Auth -> Workspace -> Permission) +- Orchestrator test coverage is excellent (A grade) +- State machine validation prevents invalid agent transitions +- Webhook signature verification uses hmac.compare_digest() +- Good separation of concerns across NestJS modules diff --git a/docs/reports/codebase-review-2026-02-05/01-security-review.md b/docs/reports/codebase-review-2026-02-05/01-security-review.md new file mode 100644 index 0000000..2f4d052 --- /dev/null +++ b/docs/reports/codebase-review-2026-02-05/01-security-review.md @@ -0,0 +1,478 @@ +# Mosaic Stack - Security Review + +**Date:** 2026-02-05 +**Reviewers:** 3 parallel security analysis agents +**Total Findings:** 95 (12 Critical, 25 High, 39 Medium, 19 Low) + +--- + +## Table of Contents + +1. [Critical Findings](#critical-findings) +2. [High Findings](#high-findings) +3. [Medium Findings](#medium-findings) +4. [Low Findings](#low-findings) +5. [Positive Security Observations](#positive-security-observations) + +--- + +## Critical Findings + +### SEC-API-1: OIDC Configuration Silently Degrades to Empty Strings + +- **File:** `apps/api/src/auth/auth.config.ts:19-21` +- **Impact:** If OIDC env vars are missing, auth starts with broken config instead of failing fast. Discovery URL becomes a relative path. +- **Fix:** Validate OIDC env vars at startup. Throw if enabled but unconfigured. + +### SEC-API-2: WorkspaceGuard Swallows Database Errors as Access Denied + +- **File:** `apps/api/src/common/guards/workspace.guard.ts:131-150` +- **Impact:** Any Prisma error (connection timeout, pool exhaustion) is reported to users as "You do not have access to this workspace." +- **Fix:** Let database errors propagate as 500s. Only catch Prisma-specific "not found" errors. + +### SEC-API-3: PermissionGuard Swallows Database Errors as Null Role + +- **File:** `apps/api/src/common/guards/permission.guard.ts:107-128` +- **Impact:** Identical to SEC-API-2. Database failures masquerade as permissions problems. +- **Fix:** Remove broad try-catch or only catch specific Prisma errors. + +### SEC-API-4: RLS Context Never Actually Applied in Service Layer + +- **File:** All service files (tasks.service.ts, knowledge.service.ts, brain.service.ts, etc.) +- **Impact:** The RLS infrastructure (withWorkspaceContext, setWorkspaceContext) exists but is never used. Tenant isolation relies on application-level WHERE clauses only. +- **Fix:** Wrap service-layer database calls in withWorkspaceContext() transactions, or add automated tests verifying every query includes workspaceId. + +### SEC-WEB-1: Open Redirect via Unsanitized OAuth Error Parameter + +- **File:** `apps/web/src/app/(auth)/callback/page.tsx:19` +- **Impact:** Attacker can craft URLs with malicious error parameters reflected into router.push(). +- **Fix:** Validate error against allowlist of known OAuth error codes. Always encodeURIComponent(). + +### SEC-WEB-2: WikiLinkRenderer Stored XSS via dangerouslySetInnerHTML + +- **File:** `apps/web/src/components/knowledge/WikiLinkRenderer.tsx:30-38` +- **Impact:** parseWikiLinks() only sanitizes wiki-link text. Surrounding HTML passes through raw. Stored XSS via knowledge entry content. +- **Fix:** Sanitize the entire HTML input with DOMPurify BEFORE processing wiki-links. + +### SEC-ORCH-1: Secret Scanner Returns False on Scan Errors + +- **File:** `apps/orchestrator/src/git/secret-scanner.service.ts:259-268` +- **Impact:** File read errors return `{ hasSecrets: false }`. A file that couldn't be scanned is reported as clean. +- **Fix:** Return explicit error state. Add scanError field to result, or throw so caller can decide. + +### SEC-ORCH-2: No Authentication on Orchestrator API Endpoints + +- **File:** `apps/orchestrator/src/api/agents/agents.controller.ts:23-214` +- **Impact:** Spawn, kill, kill-all, status endpoints have zero auth. Any network client can drain API credits or kill all agents. +- **Fix:** Add API key guard or JWT authentication. Killswitch endpoints need authorization controls. + +### SEC-ORCH-3: Docker Sandbox Disabled by Default + +- **File:** `apps/orchestrator/src/config/orchestrator.config.ts:25` +- **Impact:** Agents run directly on the host without container isolation unless explicitly enabled. +- **Fix:** Enable sandbox by default in production. Log prominent warning when disabled. + +### SEC-ORCH-4: Unauthenticated Inter-Service Communication + +- **File:** `apps/orchestrator/src/coordinator/coordinator-client.service.ts:72-79` +- **Impact:** Orchestrator-to-coordinator communication has no auth. Quality gate responses can be spoofed. +- **Fix:** Add mutual authentication (API key at minimum, mTLS ideally). Enforce HTTPS. + +### SEC-ORCH-5: Redis KEYS Command in Production (DoS Risk) + +- **File:** `apps/orchestrator/src/valkey/valkey.client.ts:115-127, 185-198` +- **Impact:** KEYS command blocks the entire Redis instance. Unauthenticated list endpoints can DoS Redis. +- **Fix:** Replace with SCAN (non-blocking, cursor-based iteration). + +### SEC-ORCH-6: Unsafe Deserialization with Type Assertion + +- **File:** `apps/orchestrator/src/valkey/valkey.client.ts:69, 141, 193, 214` +- **Impact:** JSON.parse() + `as Type` with no runtime validation. Corrupted/tampered Redis data propagates silently. +- **Fix:** Add runtime validation using Zod or class-validator after JSON.parse(). + +--- + +## High Findings + +### SEC-API-5: OpenAI Embedding Service Initialized with Dummy API Key + +- **File:** `apps/api/src/knowledge/services/embedding.service.ts:27-35` +- **Fix:** Don't instantiate OpenAI client when key is missing (use null). + +### SEC-API-6: Embedding Generation Failures Silently Swallowed + +- **File:** `apps/api/src/knowledge/knowledge.service.ts:246-248, 408-412` +- **Fix:** Use structured logger. Track entries missing embeddings. + +### SEC-API-7: CSRF Token Not Cryptographically Tied to Session + +- **File:** `apps/api/src/common/controllers/csrf.controller.ts:20-34` +- **Fix:** Bind CSRF token to user session via HMAC with server secret. + +### SEC-API-8: Rate Limiter Silently Falls Back to In-Memory + +- **File:** `apps/api/src/common/throttler/throttler-storage.service.ts:54-60` +- **Fix:** Log at ERROR level. Expose health check for degraded mode. + +### SEC-API-9: AdminGuard Uses Workspace Ownership as Admin Check + +- **File:** `apps/api/src/auth/guards/admin.guard.ts:33-43` +- **Fix:** Implement proper system admin role (isSystemAdmin on User model). + +### SEC-API-10: Auth Route Catch-All Bypasses Guards + +- **File:** `apps/api/src/auth/auth.controller.ts:80-84` +- **Fix:** Add rate limiting and logging to auth catch-all. + +### SEC-API-11: Federation Uses Hardcoded Default Workspace "default" + +- **File:** `apps/api/src/federation/federation.controller.ts:226-239` +- **Fix:** Validate DEFAULT_WORKSPACE_ID is set and is a valid UUID. + +### SEC-WEB-3: Missing CSRF Token on Multiple Direct fetch() Calls + +- **Files:** `ImportExportActions.tsx:66`, `KanbanBoard.tsx:98`, `ActiveProjectsWidget.tsx:46-76` +- **Fix:** Route all state-changing API calls through apiPost/apiPatch/apiDelete. + +### SEC-WEB-4: Mock Data Shipped in Production Code Paths + +- **Files:** `federation/connections/page.tsx:49`, `settings/workspaces/page.tsx:11-28`, `teams/page.tsx:21` +- **Fix:** Connect to real APIs, show "Coming Soon", or gate behind NODE_ENV check. + +### SEC-WEB-5: Silent Auth Session Check Failure + +- **File:** `apps/web/src/lib/auth/auth-context.tsx:21-30` +- **Fix:** Log errors. Distinguish "not logged in" from "backend is down." + +### SEC-WEB-6: WebSocket Token Without TLS Verification + +- **File:** `apps/web/src/hooks/useWebSocket.ts:70-73` +- **Fix:** Enforce WSS in production. Add connect_error event handling. + +### SEC-WEB-7: KanbanBoard Swallows Task Update Errors + +- **File:** `apps/web/src/components/kanban/KanbanBoard.tsx:114-117` +- **Fix:** Revert UI state on error. Show notification. + +### SEC-WEB-8: ActiveProjectsWidget Silently Drops Non-OK Responses + +- **File:** `apps/web/src/components/widgets/ActiveProjectsWidget.tsx:46-58, 72-86` +- **Fix:** Handle non-OK responses explicitly. + +### SEC-WEB-9: QuickCaptureWidget Discards User Data + +- **File:** `apps/web/src/components/widgets/QuickCaptureWidget.tsx:21-32` +- **Fix:** Connect to API, persist to localStorage, or disable with "Coming Soon". + +### SEC-WEB-10: Inconsistent API Base URL for Knowledge Graph + +- **File:** `apps/web/src/components/mindmap/hooks/useGraphData.ts:122` +- **Fix:** Use same API base URL as rest of application (localhost:3001). + +### SEC-WEB-11: Dual Auth Mechanisms (Cookie + Bearer Token) + +- **File:** `apps/web/src/components/mindmap/hooks/useGraphData.ts:153-177` +- **Fix:** Standardize on single auth mechanism. Use apiGet/apiPost from client.ts. + +### SEC-ORCH-7: Coordinator Loops Silently Swallow All Exceptions + +- **File:** `apps/coordinator/src/coordinator.py:85-89, 299-304` +- **Fix:** Add circuit breaker. Track consecutive failures. Expose error counts in health endpoint. + +### SEC-ORCH-8: Queue File Corrupted Data Silently Discarded + +- **File:** `apps/coordinator/src/queue.py:217-234` +- **Fix:** Log corruption event. Backup corrupted file. Consider SQLite/Redis persistence. + +### SEC-ORCH-9: Environment Variable Injection via Docker Container + +- **File:** `apps/orchestrator/src/spawner/docker-sandbox.service.ts:87-91` +- **Fix:** Whitelist allowed env var names. Block LD_PRELOAD, PATH, NODE_OPTIONS, etc. + +### SEC-ORCH-10: Docker Container Not Properly Isolated + +- **File:** `apps/orchestrator/src/spawner/docker-sandbox.service.ts:100-114` +- **Fix:** Add CapDrop: ["ALL"], enable ReadonlyRootfs, NetworkMode: "none" default, PidsLimit. + +### SEC-ORCH-11: No Rate Limiting on Orchestrator API + +- **File:** `apps/orchestrator/src/api/agents/agents.controller.ts` +- **Fix:** Add @nestjs/throttler. Strict limits on killswitch endpoints. + +### SEC-ORCH-12: No Max Concurrent Agents Enforcement + +- **File:** `apps/orchestrator/src/spawner/agent-spawner.service.ts:40-74` +- **Fix:** Add configurable limit. Check sessions.size before spawning. + +### SEC-ORCH-13: YOLO Mode Bypasses All Quality Gates + +- **File:** `apps/orchestrator/src/coordinator/quality-gates.service.ts:222-257` +- **Fix:** Block in production. Add startup warning. Metric counter for bypasses. + +### SEC-ORCH-14: Parser Prompt Injection via Issue Body + +- **File:** `apps/coordinator/src/parser.py:99-136` +- **Fix:** Sanitize issue body. Use Claude's tool use for structured output. Validate bounds. + +### SEC-ORCH-15: Valkey Connection Has No Authentication by Default + +- **File:** `apps/orchestrator/src/config/orchestrator.config.ts:8` +- **Fix:** Log warning when VALKEY_PASSWORD not set. Require in production. Add TLS. + +--- + +## Medium Findings + +### SEC-API-12: CurrentUser Decorator Returns undefined Without Error + +- **File:** `apps/api/src/auth/decorators/current-user.decorator.ts:9-14` + +### SEC-API-13: Session Verification Catch-All Returns null + +- **File:** `apps/api/src/auth/auth.service.ts:86-92` + +### SEC-API-14: WebSocket Token in Query Parameters + +- **File:** `apps/api/src/websocket/websocket.gateway.ts:181-184` + +### SEC-API-15: Markdown Renderer Uses console.error + +- **File:** `apps/api/src/knowledge/utils/markdown.ts:178, 204` + +### SEC-API-16: Throttler Guard Uses console.warn + +- **File:** `apps/api/src/common/throttler/throttler-api-key.guard.ts:40` + +### SEC-API-17: data: URI Scheme Allowed in Markdown + +- **File:** `apps/api/src/knowledge/utils/markdown.ts:109-111` + +### SEC-API-18: Batch Embedding Failures Silently Continue + +- **Files:** `apps/api/src/knowledge/services/ollama-embedding.service.ts:183-189`, `embedding.service.ts:150-157` + +### SEC-API-19: BrainService Search Not Length-Validated + +- **File:** `apps/api/src/brain/brain.service.ts:316-321, 360-365, 408-413` + +### SEC-API-20: Brain Search Limit Parameter Allows Negatives + +- **File:** `apps/api/src/brain/brain.controller.ts:74-76` + +### SEC-API-21: Semantic/Hybrid Search Body Not Validated via DTO + +- **File:** `apps/api/src/knowledge/search.controller.ts:113-149` + +### SEC-API-22: Federation Controller Throws Generic Error + +- **File:** `apps/api/src/federation/federation.controller.ts:65-207` + +### SEC-API-23: OllamaEmbedding isConfigured() Discards Error + +- **File:** `apps/api/src/knowledge/services/ollama-embedding.service.ts:48-51` + +### SEC-API-24: Global Exception Filter Exposes Error Messages + +- **File:** `apps/api/src/filters/global-exception.filter.ts:34-35` + +### SEC-WEB-12: ChatInput Silently Swallows Version Fetch + +- **File:** `apps/web/src/components/chat/ChatInput.tsx:32-34` + +### SEC-WEB-13: MessageList Clipboard Copy Silently Fails + +- **File:** `apps/web/src/components/chat/MessageList.tsx:75-78` + +### SEC-WEB-14: BackendStatusBanner Is a Non-Functional Stub + +- **File:** `apps/web/src/components/chat/BackendStatusBanner.tsx:19-33` + +### SEC-WEB-15: Pervasive alert() for Error Feedback (13 instances) + +- **Files:** ImportExportActions, WorkspaceSettings, MemberList, InviteMember, TeamSettings, TeamMemberList, settings pages + +### SEC-WEB-16: No Content Security Policy Headers + +- **File:** `apps/web/next.config.ts` + +### SEC-WEB-17: useGraphData Silently Skips Backlink Fetch Errors + +- **File:** `apps/web/src/components/mindmap/hooks/useGraphData.ts:305-308` + +### SEC-WEB-18: useGraphData fetchStatistics Silently Fails + +- **File:** `apps/web/src/components/mindmap/hooks/useGraphData.ts:412-414` + +### SEC-WEB-19: Session Expiration Flag Never Resets + +- **File:** `apps/web/src/lib/api.ts:5-6, 31-33` + +### SEC-WEB-20: BetterAuth URL Not a NEXT_PUBLIC Variable + +- **File:** `apps/web/src/lib/auth-client.ts:17-20` + +### SEC-WEB-21: No Rate Limiting on Auth Session Refresh + +- **File:** `apps/web/src/lib/auth/auth-context.tsx:42-44` + +### SEC-WEB-22: Error Boundary Only Logs to Console + +- **File:** `apps/web/src/components/error-boundary.tsx:34` + +### SEC-WEB-23: ImportExportActions Missing credentials: "include" + +- **File:** `apps/web/src/components/knowledge/ImportExportActions.tsx:66-69, 115-117` + +### SEC-WEB-24: Authenticated Layout Race Between Load and Redirect + +- **File:** `apps/web/src/app/(authenticated)/layout.tsx:18-33` + +### SEC-WEB-25: LoginButton No PKCE/State Parameter + +- **File:** `apps/web/src/components/auth/LoginButton.tsx:8-11` + +### SEC-ORCH-16: Health/Ready Endpoint Always Returns True + +- **File:** `apps/orchestrator/src/api/health/health.controller.ts:17-21` + +### SEC-ORCH-17: Queue File No Locking (Concurrent Corruption) + +- **File:** `apps/coordinator/src/queue.py:210-215` + +### SEC-ORCH-18: Shared Package Uses console.warn + +- **File:** `packages/shared/src/utils/index.ts:10` + +### SEC-ORCH-19: agentId Path Parameter Not Validated as UUID + +- **File:** `apps/orchestrator/src/api/agents/agents.controller.ts:78, 136` + +### SEC-ORCH-20: Orchestrator Binds to 0.0.0.0 by Default + +- **File:** `apps/orchestrator/src/main.ts:14` + +### SEC-ORCH-21: BullMQ Connection Missing Password + +- **File:** `apps/orchestrator/src/app.module.ts:15-20` + +### SEC-ORCH-22: Docker Image Tag Not Validated + +- **File:** `apps/orchestrator/src/spawner/docker-sandbox.service.ts:73` + +### SEC-ORCH-23: git add "." When No Files Specified + +- **File:** `apps/orchestrator/src/git/git-operations.service.ts:89-93` + +### SEC-ORCH-24: Coordinator Context Check Returns CONTINUE on Error + +- **File:** `apps/coordinator/src/coordinator.py:447-449` + +### SEC-ORCH-25: SSRF Protection Incomplete for SSH URLs + +- **File:** `apps/orchestrator/src/git/git-validation.util.ts:129-131` + +### SEC-ORCH-26: In-Memory Session Store (Unbounded Growth) + +- **File:** `apps/orchestrator/src/spawner/agent-spawner.service.ts:19` + +### SEC-ORCH-27: unittest.mock Import in Production Code + +- **File:** `apps/coordinator/src/quality_orchestrator.py:6` + +--- + +## Low Findings + +### SEC-API-25: ValidationPipe forbidNonWhitelisted: false + +- **File:** `apps/api/src/main.ts:40` + +### SEC-API-26: CORS Allows Requests with No Origin + +- **File:** `apps/api/src/main.ts:63-66` + +### SEC-API-27: createAuthMiddleware Sets RLS Context Outside Transaction + +- **File:** `apps/api/src/lib/db-context.ts:347-358` + +### SEC-API-28: MCP Service Uses console.error + +- **Files:** `apps/api/src/mcp/mcp-hub.service.ts:164`, `mcp/stdio-transport.ts:42, 133` + +### SEC-WEB-26: console.log Statements in Production + +- **Files:** `settings/workspaces/page.tsx:56`, `teams/page.tsx:39` + +### SEC-WEB-27: Weak Email Validation + +- **File:** `apps/web/src/components/workspace/InviteMember.tsx:24-28` + +### SEC-WEB-28: Role Cast Without Validation + +- **File:** `apps/web/src/components/workspace/MemberList.tsx:91` + +### SEC-WEB-29: formatTime Returns Empty String on Error + +- **File:** `apps/web/src/components/chat/MessageList.tsx:316-323` + +### SEC-WEB-30: JSON.parse Without Type Validation (deserializeMessages) + +- **File:** `apps/web/src/hooks/useChat.ts:112-119` + +### SEC-WEB-31: JSON.parse Without Validation (ConversationSidebar) + +- **File:** `apps/web/src/components/chat/ConversationSidebar.tsx:46-52` + +### SEC-WEB-32: No Input Length Limits on Forms + +- **Files:** WorkspaceSettings, TeamSettings, InviteMember + +### SEC-WEB-33: Mermaid Error Displays Raw Source + +- **File:** `apps/web/src/components/mindmap/MermaidViewer.tsx:126-133` + +### SEC-WEB-34: No Timeout on API Requests + +- **File:** `apps/web/src/lib/api/client.ts` + +### SEC-WEB-35: useWorkspaceId Returns null Without Explanation + +- **File:** `apps/web/src/lib/hooks/useLayout.ts:225-240` + +### SEC-WEB-36: localStorage Data Not Validated After Parse + +- **Files:** `useChatOverlay.ts:40`, `useLayout.ts:45` + +### SEC-WEB-37: Federation Mock Data Includes Fake Public Keys + +- **File:** `apps/web/src/lib/api/federation.ts:202-272` + +### SEC-ORCH-28: Valkey Client Has No Connection Timeout + +- **File:** `apps/orchestrator/src/valkey/valkey.client.ts:38-44` + +### SEC-ORCH-29: No Validation on workItems String Lengths + +- **File:** `apps/orchestrator/src/api/agents/dto/spawn-agent.dto.ts:84-87` + +### SEC-ORCH-30: Container Name Collision Risk + +- **File:** `apps/orchestrator/src/spawner/docker-sandbox.service.ts:94` + +--- + +## Positive Security Observations + +1. **No $queryRawUnsafe or $executeRawUnsafe** -- All raw SQL uses Prisma's parameterized tagged template literals +2. **Timing-safe API key comparison** using crypto.timingSafeEqual +3. **Federation private keys encrypted at rest** with AES-256-GCM +4. **HTML sanitization** applied to markdown-rendered content before storage +5. **Zip bomb protection** with file count and size limits +6. **Path traversal prevention** in import service zip handler +7. **Guard chain consistency** (AuthGuard -> WorkspaceGuard -> PermissionGuard) +8. **Input validation via DTOs** with class-validator decorators on most endpoints +9. **Search query sanitization** strips PostgreSQL full-text operators +10. **Log sanitization** utilities redact secrets, tokens, and PII +11. **Git input validation** with whitelist-based branch name and URL validation +12. **Webhook signature verification** using hmac.compare_digest() +13. **State machine transitions** with explicit valid transition maps diff --git a/docs/reports/codebase-review-2026-02-05/02-code-quality-review.md b/docs/reports/codebase-review-2026-02-05/02-code-quality-review.md new file mode 100644 index 0000000..a90468a --- /dev/null +++ b/docs/reports/codebase-review-2026-02-05/02-code-quality-review.md @@ -0,0 +1,217 @@ +# Mosaic Stack - Code Quality Review + +**Date:** 2026-02-05 +**Reviewers:** 3 parallel code quality analysis agents +**Total Findings:** 29 (11 Critical/High, 8 Medium, 10 Low/Code Smell) + +--- + +## apps/api - Code Quality (7 Findings) + +### CQ-API-1: Memory Leak - setTimeout Not Cleared in WebSocket Gateway [HIGH] + +- **File:** `apps/api/src/websocket/websocket.gateway.ts:105-166` +- **Issue:** If workspaceMembership query throws, timeoutId is never cleared. Each failed connection leaks a timer. +- **Fix:** Call clearTimeout(timeoutId) in catch block at line 159. + +### CQ-API-2: Memory Leak - setInterval Not Cleared in Runner Jobs [HIGH] + +- **File:** `apps/api/src/runner-jobs/runner-jobs.service.ts:310-449` +- **Issue:** keepAliveInterval at line 315 is never explicitly cleared with clearInterval(). +- **Fix:** Add clearInterval(keepAliveInterval) in the finally block. + +### CQ-API-3: Activity Logging Re-Throws (Defeats Fire-and-Forget) [MEDIUM] + +- **File:** `apps/api/src/activity/activity.service.ts:23-31` +- **Issue:** logActivity catches errors, logs them, then re-throws. Activity logging failures break primary operations. +- **Fix:** Make fire-and-forget (don't re-throw) or document that callers must handle. + +### CQ-API-4: Missing Cleanup for Redis Event Listeners [MEDIUM] + +- **File:** `apps/api/src/valkey/valkey.service.ts:43-53` +- **Issue:** Event listeners registered on Redis client but never removed in onModuleDestroy. +- **Fix:** Call this.client.removeAllListeners() before quit() in onModuleDestroy. + +### CQ-API-5: Race Condition in Throttler Fallback Storage [LOW] + +- **File:** `apps/api/src/common/throttler/throttler-storage.service.ts:140-154` +- **Issue:** In-memory fallback incrementMemory has non-atomic read-modify-write. +- **Fix:** Use mutex/lock, or document in-memory mode as best-effort. + +### CQ-API-6: Hardcoded TODO Values in OIDC Federation [CRITICAL] + +- **File:** `apps/api/src/federation/oidc.service.ts:140-141` +- **Issue:** JWT validation uses hardcoded "https://auth.example.com" and "mosaic-client-id". +- **Fix:** Load from environment variables. Fail fast if unconfigured. + +### CQ-API-7: N+1 Query in Knowledge Service Tag Lookup [LOW] + +- **File:** `apps/api/src/knowledge/knowledge.service.ts:817-827` +- **Issue:** Promise.all with individual findFirst queries per tag name. +- **Fix:** Replace with single findMany WHERE name IN tagNames. + +--- + +## apps/web - Code Quality (12 Findings) + +### CQ-WEB-1: Stale Closure in useWebSocket Hook [CRITICAL] + +- **File:** `apps/web/src/hooks/useWebSocket.ts:127-137` +- **Issue:** Callback functions in useEffect deps cause WebSocket disconnect/reconnect on every parent re-render. +- **Fix:** Use refs for callbacks. Only include stable values (workspaceId, token) in deps. + +### CQ-WEB-2: Missing Dependency in FilterBar useEffect [HIGH] + +- **File:** `apps/web/src/components/filters/FilterBar.tsx:33-50` +- **Issue:** useEffect accesses filters and onFilterChange but they're not in the dependency array. +- **Fix:** Add missing dependencies or use functional updates. + +### CQ-WEB-3: Race Condition in LinkAutocomplete [HIGH] + +- **File:** `apps/web/src/components/knowledge/LinkAutocomplete.tsx:96-107` +- **Issue:** Debounced search doesn't cancel in-flight requests. Older results can overwrite newer ones. +- **Fix:** Use AbortController to cancel in-flight requests. + +### CQ-WEB-4: Stale Messages in useChat Hook [CRITICAL] + +- **File:** `apps/web/src/hooks/useChat.ts:146-236` +- **Issue:** sendMessage captures messages in closure. Rapid sends use stale state. Data loss. +- **Fix:** Use functional state updates: setMessages(prev => [...prev, userMessage]). + +### CQ-WEB-5: Incorrect Boolean Logic in ReactFlowEditor [CRITICAL] + +- **File:** `apps/web/src/components/mindmap/ReactFlowEditor.tsx:213-214` +- **Issue:** `readOnly ?? !selectedNode` should be `readOnly || !selectedNode`. The ?? operator with boolean never evaluates right side when readOnly is false. +- **Fix:** Change ?? to ||. + +### CQ-WEB-6: Memory Leak in Chat Component Timers [MEDIUM] + +- **File:** `apps/web/src/components/chat/Chat.tsx:146-174` +- **Issue:** Timer cleanup structure is confusing and may leak in edge cases. +- **Fix:** Restructure to only create timers when isChatLoading is true with proper cleanup. + +### CQ-WEB-7: KanbanBoard No UI Revert on Error [CRITICAL] + +- **File:** `apps/web/src/components/kanban/KanbanBoard.tsx:97-117` +- **Issue:** PATCH error logged but UI not reverted. User sees task in wrong column. +- **Fix:** Implement optimistic updates with rollback on error. + +### CQ-WEB-8: No React.memo Usage Anywhere [PERFORMANCE] + +- **Files:** All component files +- **Issue:** Zero components use React.memo despite 115+ uses of useMemo/useCallback and large lists. +- **Fix:** Wrap pure components in React.memo (TaskItem, KanbanColumn, etc.). + +### CQ-WEB-9: DOM Manipulation in LinkAutocomplete [PERFORMANCE] + +- **File:** `apps/web/src/components/knowledge/LinkAutocomplete.tsx:112-165` +- **Issue:** Creates temporary DOM element on every position calculation, causing layout thrashing. +- **Fix:** Use textarea-caret-position library or cached measurement. + +### CQ-WEB-10: Missing Loading States on Many Pages [CODE SMELL] + +- **Files:** tasks/page.tsx, calendar/page.tsx, multiple federation pages +- **Issue:** Pages use mock data with TODO comments. No loading states. +- **Fix:** Implement loading/error states even with mock data. + +### CQ-WEB-11: Accessibility - Missing Form Labels [ACCESSIBILITY] + +- **File:** `apps/web/src/components/filters/FilterBar.tsx:115-188` +- **Issue:** Checkboxes lack proper label associations for screen readers. +- **Fix:** Add explicit id/htmlFor or aria-label. + +### CQ-WEB-12: SSR Issue - Window Check After DOM Usage [BUG] + +- **File:** `apps/web/src/components/mindmap/ReactFlowEditor.tsx:238-245` +- **Issue:** Checks typeof window after already using document.addEventListener. +- **Fix:** Use useEffect for all DOM access. Consistently check typeof window. + +--- + +## apps/orchestrator - Code Quality (10 Findings) + +### CQ-ORCH-1: Memory Leak - Agent Sessions Never Cleaned Up [CRITICAL] + +- **File:** `apps/orchestrator/src/spawner/agent-spawner.service.ts:19` +- **Issue:** Sessions Map never has entries removed. No cleanup on terminal states. +- **Fix:** Add session cleanup after completed/failed/killed transitions. + +### CQ-ORCH-2: Race Condition - Dual State Management [HIGH] + +- **File:** `apps/orchestrator/src/api/agents/agents.controller.ts:91-118` +- **Issue:** Two sources of truth (in-memory Map + Valkey). Can get out of sync during rapid transitions. +- **Fix:** Use Valkey as single source of truth. Remove in-memory Map. + +### CQ-ORCH-3: Redis KEYS Command in Production [CRITICAL] + +- **File:** `apps/orchestrator/src/valkey/valkey.client.ts:116, 187` +- **Issue:** KEYS is O(N) and blocks entire Redis instance. +- **Fix:** Use SCAN for non-blocking iteration. + +### CQ-ORCH-4: No Timeout Cleanup for AbortController [HIGH] + +- **File:** `apps/orchestrator/src/coordinator/coordinator-client.service.ts:67-81, 156-166` +- **Issue:** clearTimeout only called on success path, not in catch block. Timer leak per retry. +- **Fix:** Use try-finally to guarantee cleanup. + +### CQ-ORCH-5: TOCTOU Race in State Transitions [HIGH] + +- **File:** `apps/orchestrator/src/spawner/agent-lifecycle.service.ts:31-53` +- **Issue:** Read state, validate, then write is not atomic. Concurrent transitions can overwrite each other. +- **Fix:** Use Valkey Lua script for atomic check-and-set. + +### CQ-ORCH-6: N+1 Query in listTasks/listAgents [CRITICAL] + +- **File:** `apps/orchestrator/src/valkey/valkey.client.ts:114-127, 185-198` +- **Issue:** 1 + N queries (one KEYS + one GET per key). 1000 tasks = 1001 round trips. +- **Fix:** Use MGET for batch retrieval after SCAN. 100-500x faster. + +### CQ-ORCH-7: Docker Force Remove Loses Data [MEDIUM] + +- **File:** `apps/orchestrator/src/spawner/docker-sandbox.service.ts:179` +- **Issue:** force: true always used, bypassing graceful shutdown. Work-in-progress lost. +- **Fix:** Stop before remove. Only force as last resort. + +### CQ-ORCH-8: KillAllAgents Doesn't Distinguish Error Types [MEDIUM] + +- **File:** `apps/orchestrator/src/killswitch/killswitch.service.ts:125-137` +- **Issue:** "Already terminated" counted same as "cleanup failed." Misleading metrics. +- **Fix:** Add "skipped" category for expected state transition failures. + +### CQ-ORCH-9: Duplicate Validation Logic [CODE SMELL] + +- **Files:** `agent-spawner.service.ts:98-119`, `agents.controller.ts:192-213` +- **Issue:** Both implement identical spawn request validation. +- **Fix:** Remove from controller. Rely on DTOs + ValidationPipe. + +### CQ-ORCH-10: BullMQ Job Retention May Cause Memory Growth [LOW] + +- **File:** `apps/orchestrator/src/queue/queue.service.ts:52-60` +- **Issue:** Retention of 1000 failed jobs for 24 hours may be excessive under load. +- **Fix:** Make configurable via environment variables. + +--- + +## Remediation Priority Matrix + +| Priority | ID | Title | Effort | +| -------- | --------- | ------------------------------ | ------ | +| P0 | CQ-API-6 | Hardcoded OIDC values | 30min | +| P0 | CQ-ORCH-3 | KEYS -> SCAN | 1hr | +| P0 | CQ-ORCH-6 | N+1 queries -> MGET | 1hr | +| P0 | CQ-WEB-5 | Boolean logic bug (?? -> \|\|) | 5min | +| P1 | CQ-ORCH-1 | Session Map cleanup | 1hr | +| P1 | CQ-API-1 | WebSocket timer leak | 30min | +| P1 | CQ-API-2 | Runner jobs interval leak | 30min | +| P1 | CQ-WEB-1 | useWebSocket stale closure | 1hr | +| P1 | CQ-WEB-4 | useChat stale messages | 1hr | +| P1 | CQ-ORCH-5 | Atomic state transitions | 2hr | +| P2 | CQ-WEB-7 | Kanban optimistic rollback | 1hr | +| P2 | CQ-ORCH-2 | Single source of truth | 2hr | +| P2 | CQ-ORCH-4 | AbortController cleanup | 30min | +| P2 | CQ-API-4 | Redis listener cleanup | 30min | +| P3 | CQ-WEB-8 | React.memo adoption | 2hr | +| P3 | CQ-WEB-11 | Accessibility labels | 1hr | +| P3 | Remaining | Lower priority items | 3hr | + +**Estimated total remediation effort: 2-3 days** diff --git a/docs/reports/codebase-review-2026-02-05/03-qa-test-coverage.md b/docs/reports/codebase-review-2026-02-05/03-qa-test-coverage.md new file mode 100644 index 0000000..bf7b440 --- /dev/null +++ b/docs/reports/codebase-review-2026-02-05/03-qa-test-coverage.md @@ -0,0 +1,230 @@ +# Mosaic Stack - QA & Test Coverage Report + +**Date:** 2026-02-05 +**Scope:** All workspaces (api, web, orchestrator, coordinator, packages) +**Total Test Files:** 552 | **Total Test Cases:** ~3,685 + +--- + +## Overall Test Health + +| Workspace | Tests | Files | Coverage | Grade | Key Issue | +| ----------------- | ------ | ----- | --------------------- | ------ | ------------------------------------- | +| apps/orchestrator | ~452 | 19 | 85% enforced | **A** | Near-complete, well-structured | +| apps/api | ~2,174 | 143 | Not enforced | **B-** | 21 untested services, weak assertions | +| apps/web | ~555 | 51 | 85% on components/lib | **C+** | 76 untested components, 23 skipped | +| apps/coordinator | ~504 | 23 | **16% reported** | **D** | Coverage crisis despite test files | +| packages/shared | ~25 | 1 | N/A | **B+** | Adequate for scope | +| packages/ui | ~15 | 1 | N/A | **D+** | 9 of 10 components untested | + +--- + +## Critical Coverage Gaps + +### GAP-1: Coordinator 16% Line Coverage [CRITICAL - Priority 10/10] + +Despite having 23 test files and ~504 test cases, the coordinator reports only 16% line coverage with 14 of 22 source files at 0% execution. Files at 0% include the core `coordinator.py`, `queue.py`, `webhook.py`, `security.py`, `parser.py`, and `metrics.py`. + +**Root Cause (likely):** Tests import types/models but mock everything, so actual source code never executes; or coverage run only executes a subset of tests. + +**Action:** Run `cd apps/coordinator && python -m pytest tests/ -v --cov=src --cov-report=term-missing` and diagnose. + +### GAP-2: knowledge.service.ts - 916 Lines, No Tests [CRITICAL - Priority 9/10] + +The largest service file in the API has no direct unit tests. Core CRUD operations, pagination, filtering, slug generation, cache invalidation, and embedding queue integration are all untested. Only version-specific tests exist. + +**Regressions at risk:** Pagination off-by-one, slug collision handling, stale cache after updates, embedding queue not triggered. + +### GAP-3: admin.guard.ts - Security Guard, No Tests [CRITICAL - Priority 9/10] + +This guard determines system admin access by checking workspace ownership. No tests verify it correctly grants/denies admin access. + +**Regressions at risk:** Non-admin users gaining admin access, valid admins locked out, missing ForbiddenException. + +### GAP-4: embeddings.service.ts - 249 Lines, Raw SQL, No Tests [CRITICAL - Priority 9/10] + +Uses raw SQL for pgvector operations. No tests exist for embedding validation, vector SQL construction, or similarity search. + +**Regressions at risk:** SQL injection through embedding data, invalid vector dimensions, wrong search results. + +### GAP-5: widget-data.service.ts - 695 Lines, No Tests [HIGH - Priority 8/10] + +Second-largest untested file. Fetches data from multiple sources for dashboard widgets. + +### GAP-6: ideas.service.ts - 321 Lines, No Tests [HIGH - Priority 8/10] + +User-facing CRUD feature with domain/project associations and activity logging. + +--- + +## Untested Files by Workspace + +### apps/api - 21 Untested Service/Controller Files + +| File | Lines | Risk | +| --------------------------------------------- | ----- | -------- | +| knowledge/knowledge.service.ts | 916 | HIGH | +| widgets/widget-data.service.ts | 695 | HIGH | +| ideas/ideas.service.ts | 321 | HIGH | +| database/embeddings.service.ts | 249 | HIGH | +| ideas/ideas.controller.ts | 123 | MEDIUM | +| widgets/widgets.controller.ts | 129 | MEDIUM | +| widgets/widgets.service.ts | 59 | MEDIUM | +| users/preferences.service.ts | 99 | MEDIUM | +| users/preferences.controller.ts | 56 | MEDIUM | +| common/throttler/throttler-storage.service.ts | 80+ | MEDIUM | +| auth/guards/admin.guard.ts | 46 | SECURITY | +| federation/audit.service.ts | 80+ | LOW | +| common/throttler/throttler-api-key.guard.ts | - | MEDIUM | +| knowledge/import-export.controller.ts | - | MEDIUM | +| knowledge/knowledge.controller.ts | - | MEDIUM | +| knowledge/stats.controller.ts | - | LOW | +| knowledge/queues/embedding-queue.service.ts | - | MEDIUM | +| layouts/layouts.controller.ts | - | LOW | +| cron/cron.controller.ts | - | LOW | +| bridge/parser/command-parser.service.ts | - | MEDIUM | +| app.service.ts | - | LOW | + +Additionally, 22 DTO directories lack validation tests. + +### apps/web - 76 Untested Component/Page Files + +**Critical pages (user-facing routes):** + +- Main dashboard page.tsx +- Calendar page +- Knowledge page + 5 sub-pages +- Federation connections + 2 sub-pages +- Settings (4 sub-pages) + +**Critical components:** + +- Chat system: Chat.tsx, ChatInput.tsx, MessageList.tsx, ConversationSidebar.tsx, BackendStatusBanner.tsx +- Dashboard widgets: DomainOverview, QuickCapture, RecentTasks, UpcomingEvents +- HUD system: HUD.tsx, WidgetGrid.tsx, WidgetRenderer.tsx, WidgetWrapper.tsx +- Knowledge: EntryCard, EntryList, EntryViewer, EntryFilters, VersionHistory, ImportExportActions, StatsDashboard +- Navigation.tsx +- Workspace: WorkspaceCard, WorkspaceSettings, MemberList, InviteMember +- Team: TeamCard, TeamMemberList, TeamSettings + +**Untested API client modules (11 files):** + +- chat.ts, domains.ts, events.ts, federation.ts, ideas.ts, knowledge.ts, personalities.ts, teams.ts, api.ts, auth-client.ts + +**Untested hooks:** useChat.ts, useLayout.ts + +### apps/orchestrator - 1 Untested File + +- health/health.service.ts (minimal risk) + +### packages/ui - 9 Untested Components + +- Avatar, Badge, Card, Input, Modal, Select, Textarea, Toast (only Button tested) + +--- + +## 23 Skipped Tests (apps/web) + +| File | Count | Reason | +| --------------------------- | ----- | -------------------------------------------------------- | +| CalendarWidget.test.tsx | 5 | Component migrated from setTimeout mock data to real API | +| TasksWidget.test.tsx | 6 | Same - setTimeout mock data mismatch | +| QuickCaptureWidget.test.tsx | 3 | Submit and keyboard shortcut tests | +| LinkAutocomplete.test.tsx | 9 | Debounce search, keyboard nav, link insertion, dropdown | + +**Action:** Re-enable and update tests to match current component implementations. + +--- + +## Test Anti-Patterns Found + +### Placeholder Assertions (expect(true).toBe(true)) + +| File | Line | Context | +| ----------------------------------- | -------- | ----------------------- | +| ChatOverlay.test.tsx | 259, 267 | Responsive design tests | +| rejection-handler.service.spec.ts | 307 | Notification sending | +| semantic-search.integration.spec.ts | 122 | Conditional branch | + +**Impact:** Tests always pass, provide zero regression protection. + +### Sole toBeDefined() Assertions (30+ instances) + +Most concerning in: + +- `llm-telemetry.decorator.spec.ts` -- 6 tests verify decorator doesn't throw but never check span attributes +- `federation/query.service.spec.ts` -- 8 tests +- `federation/query.controller.spec.ts` -- 3 tests +- `layouts.service.spec.ts` -- 2 tests +- `workspace-settings.service.spec.ts` -- 1 test + +**Impact:** Tests verify existence but not correctness. Regressions slip through. + +### Testing Implementation Details Instead of Behavior + +- `cors.spec.ts` -- Tests CORS by asserting on JS objects, not actual HTTP headers/middleware +- `Button.test.tsx` -- Asserts on CSS class names (`bg-blue-600`) instead of behavior + +**Impact:** Tests break on implementation changes even when behavior is correct. + +### Potential Flaky Patterns + +setTimeout-based timing in 5 test files: + +- `runner-jobs.service.spec.ts:620,833` +- `semantic-search.integration.spec.ts:153` +- `mcp/stdio-transport.spec.ts` (6 instances) +- `coordinator-integration.service.concurrency.spec.ts:170` +- `health.controller.spec.ts:63` (1100ms wait) + +--- + +## Missing Test Categories + +### No Playwright E2E Tests + +The project documents Playwright as the E2E framework but no playwright.config.ts or E2E test files exist. + +### No DTO Validation Tests + +22 DTO directories lack validation testing. DTOs define input validation rules via class-validator decorators, but these are never tested in isolation. + +### Limited Integration Tests + +Only 8 integration test files exist across the entire codebase. Most module interactions are untested. + +--- + +## Recommended Test Additions (Priority Order) + +| Priority | Item | Effort | Impact | +| -------- | ------------------------------------ | ------ | -------------------------------- | +| P0 | Investigate coordinator 16% coverage | 2hr | Unblocks all coordinator testing | +| P0 | knowledge.service.ts unit tests | 4hr | Covers largest untested service | +| P0 | admin.guard.ts unit tests | 1hr | Security-critical | +| P0 | embeddings.service.ts unit tests | 2hr | Raw SQL validation | +| P1 | widget-data.service.ts unit tests | 3hr | Dashboard reliability | +| P1 | ideas.service.ts unit tests | 2hr | User-facing CRUD | +| P1 | Re-enable 23 skipped widget tests | 2hr | Immediate coverage gain | +| P1 | Replace placeholder assertions | 1hr | Fix false-positive tests | +| P2 | Chat system component tests | 3hr | Core user interaction | +| P2 | API client module tests (11 files) | 3hr | Request/response validation | +| P2 | Throttler storage tests | 2hr | Security infrastructure | +| P2 | Preferences service tests | 1hr | User settings | +| P3 | Strengthen toBeDefined-only tests | 2hr | Better regression detection | +| P3 | UI package component tests | 3hr | Design system reliability | +| P3 | Playwright E2E setup + smoke tests | 4hr | End-to-end confidence | + +**Estimated total effort: ~5-6 days for P0+P1 items** + +--- + +## Positive Test Observations + +1. **Orchestrator is exemplary** -- 452 tests, near-complete coverage, behavioral testing, good mocking +2. **Federation security tests are thorough** -- Crypto, signature, timeout, workspace access, capability guard +3. **API client test (web) is comprehensive** -- 721 lines covering error handling, retries, auth +4. **Sanitization utilities well-tested** -- XSS prevention, log sanitization, query builder +5. **Coverage thresholds enforced** -- 85% on orchestrator and web components/lib +6. **Concurrency tests exist** -- coordinator-integration and runner-jobs +7. **Good test infrastructure** -- Shared fixtures, proper NestJS testing module usage diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_1_remediation_needed.md new file mode 100644 index 0000000..4cbcec6 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/app.module.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:13:22 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_2_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_2_remediation_needed.md new file mode 100644 index 0000000..837fdc4 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_2_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/app.module.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 2 +**Generated:** 2026-02-05 13:13:26 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-app.module.ts_20260205-1313_2_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.module.ts_20260205-1259_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.module.ts_20260205-1259_1_remediation_needed.md new file mode 100644 index 0000000..b658045 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.module.ts_20260205-1259_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.module.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:59:26 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.module.ts_20260205-1259_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1259_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1259_1_remediation_needed.md new file mode 100644 index 0000000..8b2929d --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1259_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.service.spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:59:58 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1259_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1314_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1314_1_remediation_needed.md new file mode 100644 index 0000000..f2f64e9 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1314_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.service.spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:14:13 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.spec.ts_20260205-1314_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1259_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1259_1_remediation_needed.md new file mode 100644 index 0000000..5fe5623 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1259_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.service.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:59:23 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1259_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1313_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1313_1_remediation_needed.md new file mode 100644 index 0000000..cfb1d1e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1313_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.service.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:13:17 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1313_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1315_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1315_1_remediation_needed.md new file mode 100644 index 0000000..ef82fee --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1315_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.service.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:15:21 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.service.ts_20260205-1315_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1259_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1259_1_remediation_needed.md new file mode 100644 index 0000000..de4ecc8 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1259_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.types.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:59:00 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1259_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1312_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1312_1_remediation_needed.md new file mode 100644 index 0000000..4f368ba --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1312_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/src/budget/budget.types.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:12:40 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-src-budget-budget.types.ts_20260205-1312_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1242_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1242_1_remediation_needed.md new file mode 100644 index 0000000..ff02d11 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1242_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/agent-lifecycle.e2e-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:42:53 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1242_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1246_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1246_1_remediation_needed.md new file mode 100644 index 0000000..f38c21c --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1246_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/agent-lifecycle.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:46:00 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1246_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_1_remediation_needed.md new file mode 100644 index 0000000..6d62ecb --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/agent-lifecycle.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:25:35 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_2_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_2_remediation_needed.md new file mode 100644 index 0000000..acf776e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_2_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/agent-lifecycle.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 2 +**Generated:** 2026-02-05 13:25:41 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_2_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_3_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_3_remediation_needed.md new file mode 100644 index 0000000..355724a --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_3_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/agent-lifecycle.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 3 +**Generated:** 2026-02-05 13:25:46 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-agent-lifecycle.e2e-spec.ts_20260205-1325_3_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-concurrent-agents.e2e-spec.ts_20260205-1243_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-concurrent-agents.e2e-spec.ts_20260205-1243_1_remediation_needed.md new file mode 100644 index 0000000..632cb69 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-concurrent-agents.e2e-spec.ts_20260205-1243_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/concurrent-agents.e2e-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:43:38 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-concurrent-agents.e2e-spec.ts_20260205-1243_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1243_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1243_1_remediation_needed.md new file mode 100644 index 0000000..27b89e3 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1243_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/killswitch.e2e-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:43:13 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1243_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1246_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1246_1_remediation_needed.md new file mode 100644 index 0000000..c23a91a --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1246_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/killswitch.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:46:01 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1246_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1325_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1325_1_remediation_needed.md new file mode 100644 index 0000000..2d754ab --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1325_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/killswitch.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:25:53 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1325_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1326_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1326_1_remediation_needed.md new file mode 100644 index 0000000..d4bb915 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1326_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/killswitch.e2e-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:26:04 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-killswitch.e2e-spec.ts_20260205-1326_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-vitest.config.ts_20260205-1242_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-vitest.config.ts_20260205-1242_1_remediation_needed.md new file mode 100644 index 0000000..497a26e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-vitest.config.ts_20260205-1242_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/integration/vitest.config.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:42:21 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-integration-vitest.config.ts_20260205-1242_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md new file mode 100644 index 0000000..6e327d0 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/queue-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:51:25 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md new file mode 100644 index 0000000..2be7633 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/queue-throughput.perf-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:52:09 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md new file mode 100644 index 0000000..982e71e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/queue-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:22:17 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1323_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1323_1_remediation_needed.md new file mode 100644 index 0000000..afa645b --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1323_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/queue-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:23:01 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-queue-throughput.perf-spec.ts_20260205-1323_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md new file mode 100644 index 0000000..921e987 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/secret-scanner-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:51:45 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md new file mode 100644 index 0000000..8a1f947 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/secret-scanner-throughput.perf-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:52:05 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1252_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md new file mode 100644 index 0000000..aea91df --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/secret-scanner-throughput.perf-spec.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:22:25 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-secret-scanner-throughput.perf-spec.ts_20260205-1322_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md new file mode 100644 index 0000000..f2e1810 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/spawner-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:51:11 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1251_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1321_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1321_1_remediation_needed.md new file mode 100644 index 0000000..9a3502a --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1321_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/spawner-throughput.perf-spec.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:21:57 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-spawner-throughput.perf-spec.ts_20260205-1321_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-vitest.config.ts_20260205-1250_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-vitest.config.ts_20260205-1250_1_remediation_needed.md new file mode 100644 index 0000000..a8a0214 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-vitest.config.ts_20260205-1250_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/orchestrator/tests/performance/vitest.config.ts +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:50:45 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-orchestrator-tests-performance-vitest.config.ts_20260205-1250_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1255_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1255_1_remediation_needed.md new file mode 100644 index 0000000..2415600 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1255_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:55:00 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1255_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_1_remediation_needed.md new file mode 100644 index 0000000..d9318f0 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:16:28 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_2_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_2_remediation_needed.md new file mode 100644 index 0000000..f75899e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_2_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 2 +**Generated:** 2026-02-05 13:16:32 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_2_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_3_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_3_remediation_needed.md new file mode 100644 index 0000000..226adb5 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_3_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 3 +**Generated:** 2026-02-05 13:16:37 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_3_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_4_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_4_remediation_needed.md new file mode 100644 index 0000000..dd1be88 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_4_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 4 +**Generated:** 2026-02-05 13:16:42 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_4_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_5_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_5_remediation_needed.md new file mode 100644 index 0000000..dabbe52 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_5_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/TaskProgressWidget.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 5 +**Generated:** 2026-02-05 13:16:47 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-TaskProgressWidget.tsx_20260205-1316_5_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_1_remediation_needed.md new file mode 100644 index 0000000..6960170 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/WidgetRegistry.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:55:04 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_2_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_2_remediation_needed.md new file mode 100644 index 0000000..ce13376 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_2_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/WidgetRegistry.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 2 +**Generated:** 2026-02-05 12:55:10 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-WidgetRegistry.tsx_20260205-1255_2_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1255_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1255_1_remediation_needed.md new file mode 100644 index 0000000..e3063d3 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1255_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Write +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:55:35 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1255_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1257_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1257_1_remediation_needed.md new file mode 100644 index 0000000..fc257ad --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1257_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 12:57:05 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1257_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1316_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1316_1_remediation_needed.md new file mode 100644 index 0000000..82c4601 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1316_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:16:58 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1316_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_1_remediation_needed.md new file mode 100644 index 0000000..f90f14e --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:17:03 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_2_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_2_remediation_needed.md new file mode 100644 index 0000000..93cfccf --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_2_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 2 +**Generated:** 2026-02-05 13:17:14 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1317_2_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1318_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1318_1_remediation_needed.md new file mode 100644 index 0000000..be5fac4 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1318_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:18:22 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1318_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1319_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1319_1_remediation_needed.md new file mode 100644 index 0000000..cecdf76 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1319_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/apps/web/src/components/widgets/**tests**/TaskProgressWidget.test.tsx +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:19:29 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-apps-web-src-components-widgets-__tests__-TaskProgressWidget.test.tsx_20260205-1319_1_remediation_needed.md" +``` diff --git a/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-packages-shared-src-types-widget.types.ts_20260205-1316_1_remediation_needed.md b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-packages-shared-src-types-widget.types.ts_20260205-1316_1_remediation_needed.md new file mode 100644 index 0000000..9785218 --- /dev/null +++ b/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-packages-shared-src-types-widget.types.ts_20260205-1316_1_remediation_needed.md @@ -0,0 +1,20 @@ +# QA Remediation Report + +**File:** /home/localadmin/src/mosaic-stack/packages/shared/src/types/widget.types.ts +**Tool Used:** Edit +**Epic:** general +**Iteration:** 1 +**Generated:** 2026-02-05 13:16:53 + +## Status + +Pending QA validation + +## Next Steps + +This report was created by the QA automation hook. +To process this report, run: + +```bash +claude -p "Use Task tool to launch universal-qa-agent for report: /home/localadmin/src/mosaic-stack/docs/reports/qa-automation/pending/home-localadmin-src-mosaic-stack-packages-shared-src-types-widget.types.ts_20260205-1316_1_remediation_needed.md" +``` diff --git a/docs/tasks.md b/docs/tasks.md deleted file mode 100644 index 29445a1..0000000 --- a/docs/tasks.md +++ /dev/null @@ -1,32 +0,0 @@ -# Tasks - -| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | -| ----------- | ----------- | ----------------------------------------------------------------------------------------------------------------------- | ----- | ------------ | ------------------------ | --------------------------------------------------------------------------------------- | -------------------------------- | ----- | ---------- | ------------ | -------- | ---- | -| MS-SEC-001 | not-started | SEC-ORCH-2: Add authentication to orchestrator API (spawn/kill/status endpoints) | | orchestrator | fix/security-remediation | | MS-SEC-002,MS-SEC-003,MS-SEC-004 | | | | 15K | | -| MS-SEC-002 | not-started | SEC-WEB-2: Fix WikiLinkRenderer XSS - sanitize entire HTML with DOMPurify before wiki-link processing | | web | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | | | | 10K | | -| MS-SEC-003 | not-started | SEC-ORCH-1: Fix secret scanner error handling - return explicit error state instead of false | | orchestrator | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | | | | 8K | | -| MS-SEC-004 | not-started | SEC-API-2/3: Fix guards swallowing DB errors - let Prisma errors propagate as 500s | | api | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | | | | 10K | | -| MS-SEC-005 | not-started | SEC-API-1: Validate OIDC configuration at startup - fail fast if enabled but unconfigured | | api | fix/security-remediation | MS-SEC-004 | MS-SEC-010 | | | | 8K | | -| MS-SEC-006 | not-started | SEC-ORCH-3: Enable Docker sandbox by default, log warning when disabled | | orchestrator | fix/security-remediation | MS-SEC-003 | MS-SEC-010 | | | | 8K | | -| MS-SEC-007 | not-started | SEC-ORCH-4: Add inter-service authentication (orchestrator-coordinator API key) | | orchestrator | fix/security-remediation | MS-SEC-006 | MS-SEC-010 | | | | 15K | | -| MS-SEC-008 | not-started | SEC-ORCH-5/CQ-ORCH-3: Replace KEYS with SCAN in Valkey client | | orchestrator | fix/security-remediation | MS-SEC-007 | MS-SEC-010 | | | | 12K | | -| MS-SEC-009 | not-started | SEC-WEB-1: Sanitize OAuth callback parameters - validate error against allowlist | | web | fix/security-remediation | MS-SEC-002 | MS-SEC-010 | | | | 8K | | -| MS-SEC-010 | not-started | Phase 1 verification: Run security tests, validate all critical fixes | | api | fix/security-remediation | MS-SEC-002,MS-SEC-003,MS-SEC-004,MS-SEC-005,MS-SEC-006,MS-SEC-007,MS-SEC-008,MS-SEC-009 | MS-HIGH-001 | | | | 10K | | -| MS-HIGH-001 | not-started | SEC-WEB-3: Route all fetch() calls through API client for CSRF (ImportExportActions, KanbanBoard, ActiveProjectsWidget) | | web | fix/high-security | MS-SEC-010 | MS-HIGH-006 | | | | 15K | | -| MS-HIGH-002 | not-started | SEC-WEB-4: Remove or gate mock data in production paths (federation, workspaces, teams pages) | | web | fix/high-security | MS-SEC-010 | MS-HIGH-006 | | | | 12K | | -| MS-HIGH-003 | not-started | SEC-ORCH-11: Add rate limiting to orchestrator API with @nestjs/throttler | | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | | | | 10K | | -| MS-HIGH-004 | not-started | SEC-ORCH-10: Add Docker container hardening (CapDrop ALL, ReadonlyRootfs, PidsLimit) | | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | | | | 12K | | -| MS-HIGH-005 | not-started | SEC-ORCH-12: Add max concurrent agents enforcement with configurable limit | | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | | | | 10K | | -| MS-HIGH-006 | not-started | Phase 2 verification: Run security tests, validate all high-priority fixes | | api | fix/high-security | MS-HIGH-001,MS-HIGH-002,MS-HIGH-003,MS-HIGH-004,MS-HIGH-005 | MS-CQ-001 | | | | 10K | | -| MS-CQ-001 | not-started | CQ-API-1/2: Fix memory leaks - WebSocket timer, runner jobs interval | | api | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 10K | | -| MS-CQ-002 | not-started | CQ-ORCH-1: Fix session Map memory leak - cleanup on terminal states | | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 12K | | -| MS-CQ-003 | not-started | CQ-WEB-1/4: Fix stale closures in useWebSocket and useChat hooks | | web | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 15K | | -| MS-CQ-004 | not-started | CQ-WEB-5: Fix boolean logic bug in ReactFlowEditor (?? to \|\|) | | web | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 5K | | -| MS-CQ-005 | not-started | CQ-ORCH-5: Add atomic state transitions with Valkey Lua script | | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 15K | | -| MS-CQ-006 | not-started | CQ-ORCH-6: Fix N+1 queries with MGET batch retrieval | | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | | | | 12K | | -| MS-CQ-007 | not-started | Phase 3 verification: Run all tests, validate code quality fixes | | api | fix/code-quality | MS-CQ-001,MS-CQ-002,MS-CQ-003,MS-CQ-004,MS-CQ-005,MS-CQ-006 | MS-TEST-001 | | | | 10K | | -| MS-TEST-001 | not-started | Add tests for knowledge.service.ts (916 lines, untested) | | api | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | | | | 25K | | -| MS-TEST-002 | not-started | Add tests for admin.guard.ts and embeddings.service.ts | | api | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | | | | 15K | | -| MS-TEST-003 | not-started | Re-enable 23 skipped widget tests in web | | web | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | | | | 20K | | -| MS-TEST-004 | not-started | Investigate coordinator 16% coverage - fix test configuration | | coordinator | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | | | | 15K | | -| MS-TEST-005 | not-started | Final verification: Full test suite, coverage report, quality gates pass | | api | fix/test-coverage | MS-TEST-001,MS-TEST-002,MS-TEST-003,MS-TEST-004 | | | | | 15K | |