Implemented transparent encryption/decryption of LLM provider API keys
stored in llm_provider_instances.config JSON field using OpenBao Transit
encryption.
Implementation:
- Created llm-encryption.middleware.ts with encryption/decryption logic
- Auto-detects format (vault:v1: vs plaintext) for backward compatibility
- Idempotent encryption prevents double-encryption
- Registered middleware in PrismaService
- Created data migration script for active encryption
- Added migrate:encrypt-llm-keys command to package.json
Tests:
- 14 comprehensive unit tests
- 90.76% code coverage (exceeds 85% requirement)
- Tests create, read, update, upsert operations
- Tests error handling and backward compatibility
Migration:
- Lazy migration: New keys encrypted, old keys work until re-saved
- Active migration: pnpm --filter @mosaic/api migrate:encrypt-llm-keys
- No schema changes required
- Zero downtime
Security:
- Uses TransitKey.LLM_CONFIG from OpenBao Transit
- Keys never touch disk in plaintext (in-memory only)
- Transparent to LlmManagerService and providers
- Follows proven pattern from account-encryption.middleware.ts
Files:
- apps/api/src/prisma/llm-encryption.middleware.ts (new)
- apps/api/src/prisma/llm-encryption.middleware.spec.ts (new)
- apps/api/scripts/encrypt-llm-keys.ts (new)
- apps/api/prisma/migrations/20260207_encrypt_llm_api_keys/ (new)
- apps/api/src/prisma/prisma.service.ts (modified)
- apps/api/package.json (modified)
Note: The migration script (encrypt-llm-keys.ts) is not included in
tsconfig.json to avoid rootDir conflicts. It's executed via tsx which
handles TypeScript directly.
Refs #359
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add sprint archival instructions so completed tasks.md files are
retained in docs/tasks/ for post-mortem reference. Includes recovery
behavior when an orchestrator finds no active tasks.md.
Archive M6-AgentOrchestration-Fixes: 88/90 done, 2 deferred.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Worker limits and other orchestrator settings will be configurable
via the Coordinator service with DB-centric storage.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The debounced search useEffect accessed `filters` and `onFilterChange`
without including them in the dependency array. Fixed by:
- Using useRef for onFilterChange to maintain a stable reference
- Using functional state update (setFilters callback) to access
previous filters without needing it as a dependency
This prevents stale closures while avoiding infinite re-render loops
that would occur if these values were added directly to the dep array.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Orchestrator was editing source code directly instead of spawning workers.
Added CRITICAL section making it explicit:
- Orchestrator NEVER edits source code
- Orchestrator NEVER runs quality gates
- Orchestrator ONLY manages tasks.md and spawns workers
- No "quick fixes" — spawn a worker instead
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Parsed remaining medium-severity findings into 12 tasks + verification.
Created docs/deferred-errors.md for MS-MED-006 (CSP) and MS-MED-008 (Valkey SSOT).
Created Gitea issue #347 for Phase 4.
Estimated total: 117K tokens.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Addresses threshold-satisficing behavior where agent declared success
at 91% and moved on. New protocol requires:
- Bulk Phase (90%): Fast progress on tractable errors
- Polish Phase (100%): Triage remaining into categories
- Phase Boundary Rule: Must complete Polish before proceeding
- Documentation: All deferrals documented with rationale
Transforms "78 errors acceptable" into traceable technical decisions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
These temporary remediation report files are no longer needed after
completing the security remediation work.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CRITICAL finding: Agents cannot trigger compaction
- "compact and continue" does NOT work
- Only user typing /compact in CLI works
- Auto-compact at ~95% is too late
Updated protocol:
- Stop at 55-60% context usage
- Output COMPACTION REQUIRED checkpoint
- Wait for user to run /compact and say "continue"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New package providing CLI tools that work with both Gitea and GitHub:
Commands:
- mosaic-issue-{create,list,view,assign,edit,close,reopen,comment}
- mosaic-pr-{create,list,view,merge,review,close}
- mosaic-milestone-{create,list,close}
Features:
- Auto-detects platform (Gitea vs GitHub) from git remote
- Unified interface regardless of platform
- Available via `pnpm exec mosaic-*` in monorepo context
Updated docs/claude/orchestrator.md:
- Added CLI Tools section with usage examples
- Updated issue creation to use package commands
This makes Mosaic Stack fully self-contained for orchestration tooling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update CLAUDE.md to point to universal orchestrator guide
- Add docs/tasks.md with 28 tasks across 4 phases:
- Phase 1: Critical Security (MS-SEC-001 to MS-SEC-010)
- Phase 2: High Security (MS-HIGH-001 to MS-HIGH-006)
- Phase 3: Code Quality (MS-CQ-001 to MS-CQ-007)
- Phase 4: Test Coverage (MS-TEST-001 to MS-TEST-005)
- Add project-specific task-tracking.md reference
Based on comprehensive codebase review (124 findings).
- Add GET /agents endpoint to orchestrator controller
- Update AgentStatusWidget to fetch from real API instead of mock data
- Add comprehensive tests for listAgents endpoint
- Auto-refresh agent list every 30 seconds
- Display agent status with proper icons and formatting
- Show error states when API is unavailable
Fixes#233
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove 661 outdated files:
- 634 QA automation reports from docs/reports/qa-automation/
- 27 old milestone completion and status tracking files
Preserved core documentation structure and active project reports.
Replaced setTimeout hacks with proper polling mechanism:
- Added pollForQueryResponse() function with configurable polling interval
- Polls every 500ms with 30s timeout
- Properly handles DELIVERED and FAILED message states
- Throws errors for failures and timeouts
Updated dashboard to use polling instead of arbitrary delays:
- Removed setTimeout(resolve, 1000) hacks
- Added proper async/await for query responses
- Improved response data parsing for new query format
- Better error handling via polling exceptions
This fixes race conditions and unreliable data loading.
Fixes#298
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update WorkspaceGuard to support query string as fallback (backward compatibility)
- Priority order: Header > Param > Body > Query
- Update web client to send workspace ID via X-Workspace-Id header (recommended)
- Extend apiRequest helpers to accept workspace ID option
- Update fetchTasks to use header instead of query parameter
- Add comprehensive tests for all workspace ID transmission methods
- Tests passing: API 11 tests, Web 6 new tests (total 494)
This ensures consistent workspace ID handling with proper multi-tenant isolation
while maintaining backward compatibility with existing query string approaches.
Fixes#194
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update AuthUser type in @mosaic/shared to include workspace fields
- Update AuthGuard to support both cookie-based and Bearer token authentication
- Add /auth/session endpoint for session validation
- Install and configure cookie-parser middleware
- Update CurrentUser decorator to use shared AuthUser type
- Update tests for cookie and token authentication (20 tests passing)
This ensures consistent authentication handling across API and web client,
with proper type safety and support for both web browsers (cookies) and
API clients (Bearer tokens).
Fixes#193
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Security improvements:
- Create redaction utility to prevent PII leakage in logs
- Redact sensitive fields: privateKey, tokens, passwords, metadata, payloads
- Redact user IDs: convert to "user-***"
- Redact instance IDs: convert to "instance-***"
- Support recursive redaction for nested objects and arrays
Changes:
- Add redact.util.ts with redaction functions
- Add comprehensive test coverage for redaction
- Support for:
- Sensitive field detection (privateKey, token, etc.)
- User ID redaction (userId, remoteUserId, localUserId, user.id)
- Instance ID redaction (instanceId, remoteInstanceId, instance.id)
- Nested object and array redaction
- Primitive and null/undefined handling
Next steps:
- Apply redactSensitiveData() to all logger calls in federation services
- Use debug level for detailed logs with sensitive data
Part of M7.1 Remediation Sprint P1 security fixes.
Refs #287
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented comprehensive audit logging for all incoming federation
connection attempts to provide visibility and security monitoring.
Changes:
- Added logIncomingConnectionAttempt() to FederationAuditService
- Added logIncomingConnectionCreated() to FederationAuditService
- Added logIncomingConnectionRejected() to FederationAuditService
- Injected FederationAuditService into ConnectionService
- Updated handleIncomingConnectionRequest() to log all connection events
Audit logging captures:
- All incoming connection attempts with remote instance details
- Successful connection creations with connection ID
- Rejected connections with failure reason and error details
- Workspace ID for all events (security compliance)
- All events marked as securityEvent: true
Testing:
- Added 3 new tests for audit logging verification
- All 24 connection service tests passing
- Quality gates: lint, typecheck, build all passing
Security Impact:
- Provides visibility into all incoming connection attempts
- Enables security monitoring and threat detection
- Audit trail for compliance requirements
- Foundation for future authorization controls
Note: This implements Phase 1 (audit logging) of issue #276.
Full authorization (allowlist/denylist, admin approval) will be
implemented in a follow-up issue requiring schema changes.
Fixes#276
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
