12 Commits

Author	SHA1	Message	Date
Jason Woltje	c5b360f670	chore(orchestrator): Complete M11-CIPipeline — all 9 tasks done ... 9/9 tasks completed, 0 deferred. Estimated: 54K tokens, Actual: ~70K tokens. Phase 1: Docker image security (OpenBao 2.5.0, Postgres gosu rebuilt with Go 1.26) Phase 2: CI pipeline fix (lint depends on prisma-generate, fixes 3,919 ESLint errors) Phase 3: Coordinator quality (ruff, mypy, pip, bandit) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 12:47:27 -06:00
Jason Woltje	5af32c6d47	chore(orchestrator): Bootstrap M11-CIPipeline tasks from CI report #360 ... Parsed 9 CI report logs into 9 tasks across 3 phases. Archived M9-CredentialSecurity sprint artifacts to docs/tasks/. Estimated total: 54K tokens. Phase 1: Critical Docker image security (2 tasks + verification) Phase 2: CI pipeline lint step ordering (1 task + verification) Phase 3: Coordinator code quality (3 tasks + verification) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 12:34:26 -06:00
Jason Woltje	6521cba735	feat: add flexible docker-compose architecture with profiles ... - Add OpenBao services to docker-compose.yml with profiles (openbao, full) - Add docker-compose.build.yml for local builds vs registry pulls - Make PostgreSQL and Valkey optional via profiles (database, cache) - Create example compose files for common deployment scenarios: - docker/docker-compose.example.turnkey.yml (all bundled) - docker/docker-compose.example.external.yml (all external) - docker/docker.example.hybrid.yml (mixed deployment) - Update documentation: - Enhance .env.example with profiles and external service examples - Update README.md with deployment mode quick starts - Add deployment scenarios to docs/OPENBAO.md - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide - Clean up repository structure: - Move shell scripts to scripts/ directory - Move documentation to docs/ directory - Move docker compose examples to docker/ directory - Configure for external Authentik with internal services: - Comment out Authentik services (using external OIDC) - Comment out unused volumes for disabled services - Keep postgres, valkey, openbao as internal services This provides a flexible deployment architecture supporting turnkey, production (all external), and hybrid configurations via Docker Compose profiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-08 16:55:33 -06:00
Jason Woltje	fd73709092	chore(orchestrator): Phase 5 complete - all 17 tasks done + verification ... Issue #340: Low Priority - Cleanup + Performance - 26 findings across 7 CQ + 19 SEC-Low, all remediated - 2 findings pre-completed from Phase 4 (CQ-API-7, CQ-ORCH-9) - Test counts: api=2432, web=786, orchestrator=682 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 18:48:58 -06:00
Jason Woltje	6c379d099a	chore(orchestrator): Bootstrap Phase 5 tasks for issue #340 ... Parsed 26 findings (7 CQ + 19 SEC-Low) into 17 tasks + verification. 2 findings already done (CQ-API-7, CQ-ORCH-9). Estimated total: 155K tokens. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 14:59:12 -06:00
Jason Woltje	d52423d3ce	chore(orchestrator): Phase 4 complete - all 12 tasks done + verification ... Phase 4: 12/12 tasks completed, 0 failed, 0 deferred. Test counts: api=2397, web=653, orchestrator=642, shared=17, ui=11. All quality gates passing (lint, typecheck, tests). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 14:10:13 -06:00
Jason Woltje	89ec509eb9	chore(orchestrator): Bootstrap Phase 4 tasks + document deferred items ... Parsed remaining medium-severity findings into 12 tasks + verification. Created docs/deferred-errors.md for MS-MED-006 (CSP) and MS-MED-008 (Valkey SSOT). Created Gitea issue #347 for Phase 4. Estimated total: 117K tokens. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 13:09:24 -06:00
Jason Woltje	52f47c2311	docs: Complete Phase 3 verification and update task tracking ... All remediation phases complete: - Phase 1: 13 security-critical issues fixed (#337) - Phase 2: 18 high-priority issues fixed (#338) - Phase 3: 6 medium-priority issues fixed (#339) Quality gates passing: lint ✓ typecheck ✓ tests ✓ (API package has 39 pre-existing failures in fulltext-search module) Deferred items (complex refactoring): - MS-MED-006: CSP headers (requires Next.js config changes) - MS-MED-008: Valkey single source of truth (architectural change) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 19:30:22 -06:00
Jason Woltje	c74b6b13d1	chore: Start MS-SEC-001 (orchestrator API auth)	2026-02-05 15:14:19 -06:00
Jason Woltje	630f946718	chore(orchestrator): Bootstrap tasks.md from review report ... Parsed 124 findings into 44 tasks across 2 phases (critical + high). Estimated total: ~400K tokens. Issues created: - #337: Phase 1 Critical Security (14 tasks) - #338: Phase 2 High Priority (30 tasks) - #339: Phase 3 Medium (deferred) - #340: Phase 4 Low (deferred) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 15:13:48 -06:00
Jason Woltje	9dfbf8cf61	chore: Remove pre-created task files, add review reports ... - Delete docs/tasks.md (let orchestrator bootstrap from scratch) - Delete docs/claude/task-tracking.md (superseded by universal guide) - Add codebase review reports for orchestrator to parse Tests orchestrator's autonomous bootstrap capability.	2026-02-05 15:08:02 -06:00
Jason Woltje	b56bef0747	feat: Set up security remediation task tracking ... - Update CLAUDE.md to point to universal orchestrator guide - Add docs/tasks.md with 28 tasks across 4 phases: - Phase 1: Critical Security (MS-SEC-001 to MS-SEC-010) - Phase 2: High Security (MS-HIGH-001 to MS-HIGH-006) - Phase 3: Code Quality (MS-CQ-001 to MS-CQ-007) - Phase 4: Test Coverage (MS-TEST-001 to MS-TEST-005) - Add project-specific task-tracking.md reference Based on comprehensive codebase review (124 findings).	2026-02-05 14:58:52 -06:00