From f6eadff5bf66e3393707d303b6ba28067e535b24 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Mon, 16 Feb 2026 11:09:51 -0600 Subject: [PATCH] =?UTF-8?q?chore(#411):=20Phase=201=20complete=20=E2=80=94?= =?UTF-8?q?=205/5=20tasks=20done,=2036=20tests=20passing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - AUTH-001: OIDC_REDIRECT_URI validation (URL + path checks) - AUTH-002: BetterAuth handler try/catch with error logging - AUTH-003: Docker compose OIDC_REDIRECT_URI safe default - AUTH-004: PKCE enabled in genericOAuth config - AUTH-005: @SkipCsrf() documentation with rationale Refs #412 Co-Authored-By: Claude Opus 4.6 --- docs/tasks.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/tasks.md b/docs/tasks.md index a81c28a..53165f1 100644 --- a/docs/tasks.md +++ b/docs/tasks.md @@ -169,14 +169,14 @@ ### Phase 1: Critical Backend Fixes (#412) -| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | -| -------- | ----------- | ----------------------------------------------------------------- | ----- | ------ | ----------------------------- | -------------------------------------------- | -------- | ----- | ---------- | ------------ | -------- | ---- | -| AUTH-001 | not-started | 1.1: Add OIDC_REDIRECT_URI to validation with URL + path checks | #412 | api | fix/auth-frontend-remediation | | AUTH-002 | | | | 10K | | -| AUTH-002 | not-started | 1.2: Wrap BetterAuth handler in try/catch with error logging | #412 | api | fix/auth-frontend-remediation | AUTH-001 | | | | | 10K | | -| AUTH-003 | not-started | 1.3: Fix docker-compose OIDC_REDIRECT_URI default | #412 | devops | fix/auth-frontend-remediation | | | | | | 3K | | -| AUTH-004 | not-started | 1.4: Enable PKCE in genericOAuth config | #412 | api | fix/auth-frontend-remediation | | | | | | 5K | | -| AUTH-005 | not-started | 1.5: Add @SkipCsrf() documentation with BetterAuth CSRF rationale | #412 | api | fix/auth-frontend-remediation | | | | | | 3K | | -| AUTH-V01 | not-started | Phase 1 verification: quality gates pass | #412 | all | fix/auth-frontend-remediation | AUTH-001,AUTH-002,AUTH-003,AUTH-004,AUTH-005 | AUTH-006 | | | | 5K | | +| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | +| -------- | ------ | ----------------------------------------------------------------- | ----- | ------ | ----------------------------- | -------------------------------------------- | -------- | ----- | ----------------- | ----------------- | -------- | ---- | +| AUTH-001 | done | 1.1: Add OIDC_REDIRECT_URI to validation with URL + path checks | #412 | api | fix/auth-frontend-remediation | | AUTH-002 | w-1 | 2026-02-16T11:00Z | 2026-02-16T11:04Z | 10K | 12K | +| AUTH-002 | done | 1.2: Wrap BetterAuth handler in try/catch with error logging | #412 | api | fix/auth-frontend-remediation | AUTH-001 | | w-3 | 2026-02-16T11:05Z | 2026-02-16T11:09Z | 10K | 15K | +| AUTH-003 | done | 1.3: Fix docker-compose OIDC_REDIRECT_URI default | #412 | devops | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K | +| AUTH-004 | done | 1.4: Enable PKCE in genericOAuth config | #412 | api | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 5K | 5K | +| AUTH-005 | done | 1.5: Add @SkipCsrf() documentation with BetterAuth CSRF rationale | #412 | api | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K | +| AUTH-V01 | done | Phase 1 verification: quality gates pass | #412 | all | fix/auth-frontend-remediation | AUTH-001,AUTH-002,AUTH-003,AUTH-004,AUTH-005 | AUTH-006 | orch | 2026-02-16T11:10Z | 2026-02-16T11:10Z | 5K | 2K | ### Phase 2: Auth Config Discovery (#413)