mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
33dc746714367f7fae3b8d031ff76fde96f91219
stack/docs/scratchpads
History
Jason Woltje 46d0a06ef5 feat(#356): Build credential CRUD API endpoints 
Implement comprehensive CRUD API for managing user credentials with encryption,
RLS, and audit logging following TDD methodology.

Features:
- POST /api/credentials - Create encrypted credential
- GET /api/credentials - List credentials (masked values only)
- GET /api/credentials/:id - Get single credential (masked)
- GET /api/credentials/:id/value - Decrypt plaintext (rate limited 10/min)
- PATCH /api/credentials/:id - Update metadata
- POST /api/credentials/:id/rotate - Rotate credential value
- DELETE /api/credentials/:id - Soft delete

Security:
- All values encrypted via VaultService (TransitKey.CREDENTIALS)
- List/Get endpoints NEVER return plaintext (only maskedValue)
- getValue endpoint rate limited to 10 requests/minute per user
- All operations audit-logged with CREDENTIAL_* ActivityAction
- RLS enforces per-user isolation via getRlsClient() pattern
- Input validation via class-validator DTOs

Testing:
- 26/26 unit tests passing
- 95.71% code coverage (exceeds 85% requirement)
  - Service: 95.16%
  - Controller: 100%
- TypeScript checks pass

Files created:
- apps/api/src/credentials/credentials.service.ts
- apps/api/src/credentials/credentials.service.spec.ts
- apps/api/src/credentials/credentials.controller.ts
- apps/api/src/credentials/credentials.controller.spec.ts
- apps/api/src/credentials/credentials.module.ts
- apps/api/src/credentials/dto/*.dto.ts (5 DTOs)

Files modified:
- apps/api/src/app.module.ts - imported CredentialsModule

Note: Admin credentials endpoints deferred to future issue. Current
implementation covers all user credential endpoints.

Refs #346
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 16:50:02 -06:00
..
1-project-scaffold.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
2-postgresql-pgvector-schema.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
3-prisma-orm-setup.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
4-authentik-oidc-final-status.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
4-authentik-oidc.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
5-crud-apis.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
6-basic-web-ui.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
7-8-type-safety-fixes.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
7-activity-logging.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
8-docker-compose.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
36-traefik-integration.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
42-jarvis-chat-overlay.md
feat(#42): Implement persistent Jarvis chat overlay
2026-02-03 20:24:41 -06:00
52-active-projects-widget.md
feat(#52): implement Active Projects & Agent Chains widget
2026-02-03 19:17:13 -06:00
65-full-text-search.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
66-search-api-endpoint.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
67-search-ui.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
69-embedding-generation.md
feat(#71): implement graph data API
2026-02-02 15:27:00 -06:00
70-semantic-search-api.md
feat(#71): implement graph data API
2026-02-02 15:27:00 -06:00
71-graph-data-api.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
72-graph-visualization.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
84-instance-identity-model.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
85-connect-disconnect-protocol.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
86-authentik-oidc-integration-security-fixes.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
86-authentik-oidc-integration.md
feat(#86): implement Authentik OIDC integration for federation
2026-02-03 12:34:24 -06:00
87-cross-instance-identity-linking.md
feat(#87): implement cross-instance identity linking for federation
2026-02-03 12:55:37 -06:00
88-query-message-type.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
89-command-message-type.md
feat(#89): implement COMMAND message type for federation
2026-02-03 13:30:16 -06:00
89-implementation-summary.md
feat(#89): implement COMMAND message type for federation
2026-02-03 13:30:16 -06:00
89-migration-needed.md
feat(#89): implement COMMAND message type for federation
2026-02-03 13:30:16 -06:00
90-event-subscriptions-summary.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
90-event-subscriptions.md
feat(#90): implement EVENT subscriptions for federation
2026-02-03 13:45:00 -06:00
91-connection-manager-ui.md
feat(#91): implement Connection Manager UI for federation
2026-02-03 14:03:44 -06:00
92-aggregated-dashboard.md
feat(#92): implement Aggregated Dashboard View
2026-02-03 14:18:18 -06:00
93-agent-spawn-via-federation.md
feat(#94): implement spoke configuration UI
2026-02-03 14:51:59 -06:00
94-spoke-configuration-ui.md
feat(#94): implement spoke configuration UI
2026-02-03 14:51:59 -06:00
122-llm-provider-interface.md
feat(#122): create LLM provider interface
2026-01-31 11:38:38 -06:00
123-ollama-provider.md
feat(#123): port Ollama LLM provider
2026-01-31 12:10:43 -06:00
126-llm-manager-service.md
feat(#126): create LLM Manager Service
2026-01-31 12:22:14 -06:00
128-llm-provider-schema.md
feat(#128): add LlmProviderInstance Prisma schema
2026-01-31 11:57:40 -06:00
143-validate-50-percent-rule.md
test(#143): Validate 50% rule prevents context exhaustion
2026-02-01 17:56:04 -06:00
149-test-rejection-loop.md
fix(#180): Update pnpm to 10.27.0 in Dockerfiles
2026-02-01 20:52:43 -06:00
150-orchestration-loop.md
docs(#150): Add scratchpad for orchestration loop implementation
2026-02-01 20:22:07 -06:00
155-context-monitor.md
fix(#180): Update pnpm to 10.27.0 in Dockerfiles
2026-02-01 20:52:43 -06:00
157-webhook-receiver.md
fix(#180): Update pnpm to 10.27.0 in Dockerfiles
2026-02-01 20:52:43 -06:00
158-issue-parser.md
fix(#180): Update pnpm to 10.27.0 in Dockerfiles
2026-02-01 20:52:43 -06:00
163-bullmq-dependencies.md
feat(#163): Add BullMQ dependencies
2026-02-01 20:56:45 -06:00
164-database-schema-jobs.md
feat(#167): Implement Runner jobs CRUD and queue submission
2026-02-01 21:09:03 -06:00
165-bullmq-module-setup.md
feat(#165): Implement BullMQ module setup
2026-02-01 21:01:25 -06:00
166-stitcher-module.md
feat(#167): Implement Runner jobs CRUD and queue submission
2026-02-01 21:09:03 -06:00
167-runner-jobs-crud.md
feat(#168): Implement job steps tracking
2026-02-01 21:16:23 -06:00
168-job-steps-tracking.md
feat(#168): Implement job steps tracking
2026-02-01 21:16:23 -06:00
169-job-events-audit.md
feat(#168): Implement job steps tracking
2026-02-01 21:16:23 -06:00
170-discord-bridge.md
feat(#170): Implement mosaic-bridge module for Discord
2026-02-01 21:26:40 -06:00
171-command-parser.md
feat(#171): Implement chat command parsing
2026-02-01 21:32:53 -06:00
172-herald-status.md
feat(#172): Implement Herald status updates
2026-02-01 21:42:44 -06:00
173-websocket-gateway.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
174-sse-endpoint.md
docs(#162): Finalize M4.2-Infrastructure token tracking report
2026-02-02 08:18:55 -06:00
175-e2e-harness.md
feat(#175): Implement E2E test harness
2026-02-01 21:44:04 -06:00
176-coordinator-integration.md
feat(#176): Integrate M4.2 infrastructure with M4.1 coordinator
2026-02-01 21:54:34 -06:00
179-security-nodejs-deps.md
fix(#179): Update vulnerable Node.js dependencies
2026-02-01 20:54:25 -06:00
180-security-pnpm-dockerfiles.md
feat(#167): Implement Runner jobs CRUD and queue submission
2026-02-01 21:09:03 -06:00
181-security-go-stdlib-postgres.md
fix(#181): Update Alpine packages to patch Go stdlib vulnerabilities in postgres image
2026-02-01 20:54:57 -06:00
182-fix-prisma-enum-tests.md
fix(#182): fix Prisma enum import in job-steps tests
2026-02-02 11:41:11 -06:00
183-remove-hardcoded-workspace-id.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
184-add-coordinator-auth.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
185-fix-herald-error-handling.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
186-add-dto-validation.md
fix(#196): fix race condition in job status updates
2026-02-02 12:51:17 -06:00
187-implement-sse-error-recovery.md
fix(#187): implement server-side SSE error recovery
2026-02-02 12:41:12 -06:00
188-sanitize-discord-logs.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
189-add-job-events-index.md
fix(#189): add composite database index for job_events table
2026-02-02 12:30:19 -06:00
190-fix-mermaid-xss.md
fix(#190): fix XSS vulnerability in Mermaid rendering
2026-02-02 12:03:36 -06:00
192-fix-cors-configuration.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
193-auth-alignment.md
feat(#193): Align authentication mechanism between API and web client
2026-02-03 22:29:42 -06:00
194-workspace-id-transmission.md
feat(#194): Fix workspace ID transmission mismatch between API and client
2026-02-03 22:38:13 -06:00
195-rls-context-helpers.md
fix(#195): Implement RLS context helpers consistently across all services
2026-02-03 22:44:54 -06:00
196-fix-job-status-race-condition.md
fix(#196): fix race condition in job status updates
2026-02-02 12:51:17 -06:00
197-add-explicit-return-types.md
docs(#197): update scratchpad with completion status
2026-02-02 12:55:17 -06:00
198-strengthen-websocket-auth.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
199-implement-rate-limiting.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
200-mermaid-xss-enhancement.md
fix(#200): Enhance Mermaid XSS protection with DOMPurify
2026-02-03 22:55:57 -06:00
201-wikilink-xss-enhancement.md
fix(#201): Enhance WikiLink XSS protection with comprehensive validation
2026-02-03 22:59:41 -06:00
271-oidc-token-validation.md
fix(#271): implement OIDC token validation (authentication bypass)
2026-02-03 16:50:06 -06:00
272-rate-limiting.md
fix(#272): Add rate limiting to federation endpoints (DoS protection)
2026-02-03 18:58:00 -06:00
273-capability-enforcement.md
feat(#273): Implement capability-based authorization for federation
2026-02-03 19:53:09 -06:00
274-command-injection.md
fix(#274): Add input validation to prevent command injection in git operations
2026-02-03 20:17:47 -06:00
275-silent-connection-failures.md
fix(#275): Prevent silent connection initiation failures
2026-02-03 20:21:06 -06:00
276-workspace-authorization.md
fix(#276): Add comprehensive audit logging for incoming connections
2026-02-03 20:24:46 -06:00
277-comprehensive-audit-logging.md
fix(#277): Add comprehensive security event logging for command injection
2026-02-03 20:27:45 -06:00
278-csrf-protection.md
fix(#278): Implement CSRF protection using double-submit cookie pattern
2026-02-03 20:35:00 -06:00
279-orchestrator-url-validation.md
fix(#279): Validate orchestrator URL configuration (SSRF risk)
2026-02-03 20:47:41 -06:00
280-encryption-key-logging.md
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
281-fix-broad-exception-catching.md
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
282-add-http-timeouts.md
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
297-query-processing.md
fix(#297): Implement actual query processing for federation
2026-02-03 22:48:59 -06:00
298-async-dashboard.md
fix(#298): Fix async response handling in dashboard
2026-02-03 22:51:25 -06:00
355-user-credential-model.md
feat(#355): Create UserCredential model with RLS and encryption support
2026-02-07 16:39:15 -06:00
356-credential-crud-api.md
feat(#356): Build credential CRUD API endpoints
2026-02-07 16:50:02 -06:00
359-encrypt-llm-keys.md
feat(#359): Encrypt LLM provider API keys in database
2026-02-07 16:49:37 -06:00
orch-101-setup.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-102-health.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-103-docker.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-104-pipeline.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-105-spawner.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-105-summary.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
orch-106-sandbox.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-107-valkey.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-108-queue.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-109-lifecycle.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-110-git-ops.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-111-worktrees.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-112-conflicts.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-113-coordinator.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-114-gates.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-115-dispatch.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-116-fifty-percent.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-117-killswitch.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-118-cleanup.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-119-completion-summary.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-119-security.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-120-secrets.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-121-mechanical.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-122-ai-review.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-123-yolo.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orch-124-task-config.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
orchestrator-typescript-fixes.md
feat(#66): implement tag filtering in search API endpoint
2026-02-02 14:33:31 -06:00
p1-security-fixes.md
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00
remediation-session.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
security-fixes-activity-api.md
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00