mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

chore(#411): Phase 1 complete — 5/5 tasks done, 36 tests passing

Browse Source 
- AUTH-001: OIDC_REDIRECT_URI validation (URL + path checks)
- AUTH-002: BetterAuth handler try/catch with error logging
- AUTH-003: Docker compose OIDC_REDIRECT_URI safe default
- AUTH-004: PKCE enabled in genericOAuth config
- AUTH-005: @SkipCsrf() documentation with rationale

Refs #412

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 11:09:51 -06:00
parent 9ae21c4c15
commit f6eadff5bf
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/tasks.md
View File

@@ -169,14 +169,14 @@
### Phase 1: Critical Backend Fixes (#412) ### Phase 1: Critical Backend Fixes (#412)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | | id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
| -------- | ----------- | ----------------------------------------------------------------- | ----- | ------ | ----------------------------- | -------------------------------------------- | -------- | ----- | ---------- | ------------ | -------- | ---- | | -------- | ------ | ----------------------------------------------------------------- | ----- | ------ | ----------------------------- | -------------------------------------------- | -------- | ----- | ----------------- | ----------------- | -------- | ---- |
| AUTH-001 | not-started | 1.1: Add OIDC_REDIRECT_URI to validation with URL + path checks | #412 | api | fix/auth-frontend-remediation | | AUTH-002 | | | | 10K | | | AUTH-001 | done | 1.1: Add OIDC_REDIRECT_URI to validation with URL + path checks | #412 | api | fix/auth-frontend-remediation | | AUTH-002 | w-1 | 2026-02-16T11:00Z | 2026-02-16T11:04Z | 10K | 12K |
| AUTH-002 | not-started | 1.2: Wrap BetterAuth handler in try/catch with error logging | #412 | api | fix/auth-frontend-remediation | AUTH-001 | | | | | 10K | | | AUTH-002 | done | 1.2: Wrap BetterAuth handler in try/catch with error logging | #412 | api | fix/auth-frontend-remediation | AUTH-001 | | w-3 | 2026-02-16T11:05Z | 2026-02-16T11:09Z | 10K | 15K |
| AUTH-003 | not-started | 1.3: Fix docker-compose OIDC_REDIRECT_URI default | #412 | devops | fix/auth-frontend-remediation | | | | | | 3K | | | AUTH-003 | done | 1.3: Fix docker-compose OIDC_REDIRECT_URI default | #412 | devops | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K |
| AUTH-004 | not-started | 1.4: Enable PKCE in genericOAuth config | #412 | api | fix/auth-frontend-remediation | | | | | | 5K | | | AUTH-004 | done | 1.4: Enable PKCE in genericOAuth config | #412 | api | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 5K | 5K |
| AUTH-005 | not-started | 1.5: Add @SkipCsrf() documentation with BetterAuth CSRF rationale | #412 | api | fix/auth-frontend-remediation | | | | | | 3K | | | AUTH-005 | done | 1.5: Add @SkipCsrf() documentation with BetterAuth CSRF rationale | #412 | api | fix/auth-frontend-remediation | | | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K |
| AUTH-V01 | not-started | Phase 1 verification: quality gates pass | #412 | all | fix/auth-frontend-remediation | AUTH-001,AUTH-002,AUTH-003,AUTH-004,AUTH-005 | AUTH-006 | | | | 5K | | | AUTH-V01 | done | Phase 1 verification: quality gates pass | #412 | all | fix/auth-frontend-remediation | AUTH-001,AUTH-002,AUTH-003,AUTH-004,AUTH-005 | AUTH-006 | orch | 2026-02-16T11:10Z | 2026-02-16T11:10Z | 5K | 2K |
### Phase 2: Auth Config Discovery (#413) ### Phase 2: Auth Config Discovery (#413)