mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
7ead8b107604fdb15cb7152a5ec02bfcf8160282
stack/docs/tasks/M6-AgentOrchestration-Fixes-tasks.md
Jason Woltje da1862816f docs(orchestrator): Add Sprint Completion Protocol + archive M6-Fixes 
Add sprint archival instructions so completed tasks.md files are
retained in docs/tasks/ for post-mortem reference. Includes recovery
behavior when an orchestrator finds no active tasks.md.

Archive M6-AgentOrchestration-Fixes: 88/90 done, 2 deferred.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 20:13:59 -06:00

20 KiB
Raw Blame History

Tasks

id status description issue repo branch depends_on blocks agent started_at completed_at estimate used
MS-SEC-001 done SEC-ORCH-2: Add authentication to orchestrator API #337 orchestrator fix/security MS-SEC-002 worker-1 2026-02-05T15:15:00Z 2026-02-05T15:25:00Z 15K 0.3K
MS-SEC-002 done SEC-WEB-2: Fix WikiLinkRenderer XSS (sanitize HTML before wiki-links) #337 web fix/security MS-SEC-001 MS-SEC-003 worker-1 2026-02-05T15:26:00Z 2026-02-05T15:35:00Z 8K 8.5K
MS-SEC-003 done SEC-ORCH-1: Fix secret scanner error handling (return error state) #337 orchestrator fix/security MS-SEC-002 MS-SEC-004 worker-1 2026-02-05T15:36:00Z 2026-02-05T15:42:00Z 8K 18.5K
MS-SEC-004 done SEC-API-2+3: Fix guards swallowing DB errors (propagate as 500s) #337 api fix/security MS-SEC-003 MS-SEC-005 worker-1 2026-02-05T15:43:00Z 2026-02-05T15:50:00Z 10K 15K
MS-SEC-005 done SEC-API-1: Validate OIDC config at startup (fail fast if missing) #337 api fix/security MS-SEC-004 MS-SEC-006 worker-1 2026-02-05T15:51:00Z 2026-02-05T15:58:00Z 8K 12K
MS-SEC-006 done SEC-ORCH-3: Enable Docker sandbox by default, warn when disabled #337 orchestrator fix/security MS-SEC-005 MS-SEC-007 worker-1 2026-02-05T15:59:00Z 2026-02-05T16:05:00Z 10K 18K
MS-SEC-007 done SEC-ORCH-4: Add auth to inter-service communication (API key) #337 orchestrator fix/security MS-SEC-006 MS-SEC-008 worker-1 2026-02-05T16:06:00Z 2026-02-05T16:12:00Z 15K 12.5K
MS-SEC-008 done SEC-ORCH-5+CQ-ORCH-3: Replace KEYS with SCAN in Valkey client #337 orchestrator fix/security MS-SEC-007 MS-SEC-009 worker-1 2026-02-05T16:13:00Z 2026-02-05T16:19:00Z 12K 12.5K
MS-SEC-009 done SEC-ORCH-6: Add Zod validation for deserialized Redis data #337 orchestrator fix/security MS-SEC-008 MS-SEC-010 worker-1 2026-02-05T16:20:00Z 2026-02-05T16:28:00Z 12K 12.5K
MS-SEC-010 done SEC-WEB-1: Sanitize OAuth callback error parameter #337 web fix/security MS-SEC-009 MS-SEC-011 worker-1 2026-02-05T16:30:00Z 2026-02-05T16:36:00Z 5K 8.5K
MS-SEC-011 done CQ-API-6: Replace hardcoded OIDC values with env vars #337 api fix/security MS-SEC-010 MS-SEC-012 worker-1 2026-02-05T16:37:00Z 2026-02-05T16:45:00Z 8K 15K
MS-SEC-012 done CQ-WEB-5: Fix boolean logic bug in ReactFlowEditor #337 web fix/security MS-SEC-011 MS-SEC-013 worker-1 2026-02-05T16:46:00Z 2026-02-05T16:55:00Z 3K 12.5K
MS-SEC-013 done SEC-API-4: Add workspaceId query verification tests #337 api fix/security MS-SEC-012 MS-SEC-V01 worker-1 2026-02-05T16:56:00Z 2026-02-05T17:05:00Z 20K 18.5K
MS-SEC-V01 done Phase 1 Verification: Run full quality gates #337 all fix/security MS-SEC-013 MS-HIGH-001 worker-1 2026-02-05T17:06:00Z 2026-02-05T17:18:00Z 5K 2K
MS-HIGH-001 done SEC-API-5: Fix OpenAI embedding service dummy key handling #338 api fix/high MS-SEC-V01 MS-HIGH-002 worker-1 2026-02-05T17:19:00Z 2026-02-05T17:27:00Z 8K 12.5K
MS-HIGH-002 done SEC-API-6: Add structured logging for embedding failures #338 api fix/high MS-HIGH-001 MS-HIGH-003 worker-1 2026-02-05T17:28:00Z 2026-02-05T17:36:00Z 8K 12K
MS-HIGH-003 done SEC-API-7: Bind CSRF token to session with HMAC #338 api fix/high MS-HIGH-002 MS-HIGH-004 worker-1 2026-02-05T17:37:00Z 2026-02-05T17:50:00Z 12K 12.5K
MS-HIGH-004 done SEC-API-8: Log ERROR on rate limiter fallback, add health check #338 api fix/high MS-HIGH-003 MS-HIGH-005 worker-1 2026-02-05T17:51:00Z 2026-02-05T18:02:00Z 10K 22K
MS-HIGH-005 done SEC-API-9: Implement proper system admin role #338 api fix/high MS-HIGH-004 MS-HIGH-006 worker-1 2026-02-05T18:03:00Z 2026-02-05T18:12:00Z 15K 8.5K
MS-HIGH-006 done SEC-API-10: Add rate limiting to auth catch-all #338 api fix/high MS-HIGH-005 MS-HIGH-007 worker-1 2026-02-05T18:13:00Z 2026-02-05T18:22:00Z 8K 25K
MS-HIGH-007 done SEC-API-11: Validate DEFAULT_WORKSPACE_ID as UUID #338 api fix/high MS-HIGH-006 MS-HIGH-008 worker-1 2026-02-05T18:23:00Z 2026-02-05T18:35:00Z 5K 18K
MS-HIGH-008 done SEC-WEB-3: Route all fetch() through API client (CSRF) #338 web fix/high MS-HIGH-007 MS-HIGH-009 worker-1 2026-02-05T18:36:00Z 2026-02-05T18:50:00Z 12K 25K
MS-HIGH-009 done SEC-WEB-4: Gate mock data behind NODE_ENV check #338 web fix/high MS-HIGH-008 MS-HIGH-010 worker-1 2026-02-05T18:51:00Z 2026-02-05T19:05:00Z 10K 30K
MS-HIGH-010 done SEC-WEB-5: Log auth errors, distinguish backend down #338 web fix/high MS-HIGH-009 MS-HIGH-011 worker-1 2026-02-05T19:06:00Z 2026-02-05T19:18:00Z 8K 12.5K
MS-HIGH-011 done SEC-WEB-6: Enforce WSS, add connect_error handling #338 web fix/high MS-HIGH-010 MS-HIGH-012 worker-1 2026-02-05T19:19:00Z 2026-02-05T19:32:00Z 8K 15K
MS-HIGH-012 done SEC-WEB-7+CQ-WEB-7: Implement optimistic rollback on Kanban #338 web fix/high MS-HIGH-011 MS-HIGH-013 worker-1 2026-02-05T19:33:00Z 2026-02-05T19:55:00Z 12K 35K
MS-HIGH-013 done SEC-WEB-8: Handle non-OK responses in ActiveProjectsWidget #338 web fix/high MS-HIGH-012 MS-HIGH-014 worker-1 2026-02-05T19:56:00Z 2026-02-05T20:05:00Z 8K 18.5K
MS-HIGH-014 done SEC-WEB-9: Disable QuickCaptureWidget with Coming Soon #338 web fix/high MS-HIGH-013 MS-HIGH-015 worker-1 2026-02-05T20:06:00Z 2026-02-05T20:18:00Z 5K 12.5K
MS-HIGH-015 done SEC-WEB-10+11: Standardize API base URL and auth mechanism #338 web fix/high MS-HIGH-014 MS-HIGH-016 worker-1 2026-02-05T20:19:00Z 2026-02-05T20:30:00Z 12K 8.5K
MS-HIGH-016 done SEC-ORCH-7: Add circuit breaker to coordinator loops #338 coordinator fix/high MS-HIGH-015 MS-HIGH-017 worker-1 2026-02-05T20:31:00Z 2026-02-05T20:42:00Z 15K 18.5K
MS-HIGH-017 done SEC-ORCH-8: Log queue corruption, backup file #338 coordinator fix/high MS-HIGH-016 MS-HIGH-018 worker-1 2026-02-05T20:43:00Z 2026-02-05T20:50:00Z 10K 12.5K
MS-HIGH-018 done SEC-ORCH-9: Whitelist allowed env vars in Docker #338 orchestrator fix/high MS-HIGH-017 MS-HIGH-019 worker-1 2026-02-05T20:51:00Z 2026-02-05T21:00:00Z 10K 32K
MS-HIGH-019 done SEC-ORCH-10: Add CapDrop, ReadonlyRootfs, PidsLimit #338 orchestrator fix/high MS-HIGH-018 MS-HIGH-020 worker-1 2026-02-05T21:01:00Z 2026-02-05T21:10:00Z 12K 25K
MS-HIGH-020 done SEC-ORCH-11: Add rate limiting to orchestrator API #338 orchestrator fix/high MS-HIGH-019 MS-HIGH-021 worker-1 2026-02-05T21:11:00Z 2026-02-05T21:20:00Z 10K 12.5K
MS-HIGH-021 done SEC-ORCH-12: Add max concurrent agents limit #338 orchestrator fix/high MS-HIGH-020 MS-HIGH-022 worker-1 2026-02-05T21:21:00Z 2026-02-05T21:28:00Z 8K 12.5K
MS-HIGH-022 done SEC-ORCH-13: Block YOLO mode in production #338 orchestrator fix/high MS-HIGH-021 MS-HIGH-023 worker-1 2026-02-05T21:29:00Z 2026-02-05T21:35:00Z 8K 12K
MS-HIGH-023 done SEC-ORCH-14: Sanitize issue body for prompt injection #338 coordinator fix/high MS-HIGH-022 MS-HIGH-024 worker-1 2026-02-05T21:36:00Z 2026-02-05T21:42:00Z 12K 12.5K
MS-HIGH-024 done SEC-ORCH-15: Warn when VALKEY_PASSWORD not set #338 orchestrator fix/high MS-HIGH-023 MS-HIGH-025 worker-1 2026-02-05T21:43:00Z 2026-02-05T21:50:00Z 5K 6.5K
MS-HIGH-025 done CQ-ORCH-6: Fix N+1 with MGET for batch retrieval #338 orchestrator fix/high MS-HIGH-024 MS-HIGH-026 worker-1 2026-02-05T21:51:00Z 2026-02-05T21:58:00Z 10K 8.5K
MS-HIGH-026 done CQ-ORCH-1: Add session cleanup on terminal states #338 orchestrator fix/high MS-HIGH-025 MS-HIGH-027 worker-1 2026-02-05T21:59:00Z 2026-02-05T22:07:00Z 10K 12.5K
MS-HIGH-027 done CQ-API-1: Fix WebSocket timer leak (clearTimeout in catch) #338 api fix/high MS-HIGH-026 MS-HIGH-028 worker-1 2026-02-05T22:08:00Z 2026-02-05T22:15:00Z 8K 12K
MS-HIGH-028 done CQ-API-2: Fix runner jobs interval leak (clearInterval) #338 api fix/high MS-HIGH-027 MS-HIGH-029 worker-1 2026-02-05T22:16:00Z 2026-02-05T22:24:00Z 8K 12K
MS-HIGH-029 done CQ-WEB-1: Fix useWebSocket stale closure (use refs) #338 web fix/high MS-HIGH-028 MS-HIGH-030 worker-1 2026-02-05T22:25:00Z 2026-02-05T22:32:00Z 10K 12.5K
MS-HIGH-030 done CQ-WEB-4: Fix useChat stale messages (functional updates) #338 web fix/high MS-HIGH-029 MS-HIGH-V01 worker-1 2026-02-05T22:33:00Z 2026-02-05T22:38:00Z 10K 12K
MS-HIGH-V01 done Phase 2 Verification: Run full quality gates #338 all fix/high MS-HIGH-030 MS-MED-001 worker-1 2026-02-05T22:40:00Z 2026-02-05T22:45:00Z 5K 2K
MS-MED-001 done CQ-ORCH-4: Fix AbortController timeout cleanup in finally #339 orchestrator fix/medium MS-HIGH-V01 MS-MED-002 worker-1 2026-02-05T22:50:00Z 2026-02-05T22:55:00Z 8K 6K
MS-MED-002 done CQ-API-4: Remove Redis event listeners in onModuleDestroy #339 api fix/medium MS-MED-001 MS-MED-003 worker-1 2026-02-05T22:56:00Z 2026-02-05T23:00:00Z 8K 5K
MS-MED-003 done SEC-ORCH-16: Implement real health and readiness checks #339 orchestrator fix/medium MS-MED-002 MS-MED-004 worker-1 2026-02-05T23:01:00Z 2026-02-05T23:10:00Z 12K 12K
MS-MED-004 done SEC-ORCH-19: Validate agentId path parameter as UUID #339 orchestrator fix/medium MS-MED-003 MS-MED-005 worker-1 2026-02-05T23:11:00Z 2026-02-05T23:15:00Z 8K 4K
MS-MED-005 done SEC-API-24: Sanitize error messages in global exception filter #339 api fix/medium MS-MED-004 MS-MED-006 worker-1 2026-02-05T23:16:00Z 2026-02-05T23:25:00Z 10K 12K
MS-MED-006 deferred SEC-WEB-16: Add Content Security Policy headers #339 web fix/medium MS-MED-005 MS-MED-007 12K
MS-MED-007 done CQ-API-3: Make activity logging fire-and-forget #339 api fix/medium MS-MED-006 MS-MED-008 worker-1 2026-02-05T23:28:00Z 2026-02-05T23:32:00Z 8K 5K
MS-MED-008 deferred CQ-ORCH-2: Use Valkey as single source of truth for sessions #339 orchestrator fix/medium MS-MED-007 MS-MED-V01 15K
MS-MED-V01 done Phase 3 Verification: Run full quality gates #339 all fix/medium MS-MED-008 worker-1 2026-02-05T23:35:00Z 2026-02-06T00:30:00Z 5K 2K
MS-P4-001 done CQ-WEB-2: Fix missing dependency in FilterBar useEffect #347 web fix/security MS-MED-V01 MS-P4-002 worker-1 2026-02-06T13:10:00Z 2026-02-06T13:13:00Z 10K 12K
MS-P4-002 done CQ-WEB-3: Fix race condition in LinkAutocomplete (AbortController) #347 web fix/security MS-P4-001 MS-P4-003 worker-1 2026-02-06T13:14:00Z 2026-02-06T13:20:00Z 12K 25K
MS-P4-003 done SEC-API-17: Block data: URI scheme in markdown renderer #347 api fix/security MS-P4-002 MS-P4-004 worker-1 2026-02-06T13:21:00Z 2026-02-06T13:25:00Z 8K 12K
MS-P4-004 done SEC-API-19+20: Validate brain search length and limit params #347 api fix/security MS-P4-003 MS-P4-005 worker-1 2026-02-06T13:26:00Z 2026-02-06T13:32:00Z 8K 25K
MS-P4-005 done SEC-API-21: Add DTO validation for semantic/hybrid search body #347 api fix/security MS-P4-004 MS-P4-006 worker-1 2026-02-06T13:33:00Z 2026-02-06T13:39:00Z 10K 25K
MS-P4-006 done SEC-API-12: Throw error when CurrentUser decorator has no user #347 api fix/security MS-P4-005 MS-P4-007 worker-1 2026-02-06T13:40:00Z 2026-02-06T13:44:00Z 8K 15K
MS-P4-007 done SEC-ORCH-20: Bind orchestrator to 127.0.0.1, configurable via env #347 orchestrator fix/security MS-P4-006 MS-P4-008 worker-1 2026-02-06T13:45:00Z 2026-02-06T13:48:00Z 5K 12K
MS-P4-008 done SEC-ORCH-22: Validate Docker image tag format before pull #347 orchestrator fix/security MS-P4-007 MS-P4-009 worker-1 2026-02-06T13:49:00Z 2026-02-06T13:53:00Z 8K 15K
MS-P4-009 done CQ-API-7: Fix N+1 query in knowledge tag lookup (use findMany) #347 api fix/security MS-P4-008 MS-P4-010 worker-1 2026-02-06T13:54:00Z 2026-02-06T14:04:00Z 8K 25K
MS-P4-010 done CQ-ORCH-5: Fix TOCTOU race in agent state transitions #347 orchestrator fix/security MS-P4-009 MS-P4-011 worker-1 2026-02-06T14:05:00Z 2026-02-06T14:10:00Z 15K 25K
MS-P4-011 done CQ-ORCH-7: Graceful Docker container shutdown before force remove #347 orchestrator fix/security MS-P4-010 MS-P4-012 worker-1 2026-02-06T14:11:00Z 2026-02-06T14:14:00Z 10K 15K
MS-P4-012 done CQ-ORCH-9: Deduplicate spawn validation logic #347 orchestrator fix/security MS-P4-011 MS-P4-V01 worker-1 2026-02-06T14:15:00Z 2026-02-06T14:18:00Z 10K 25K
MS-P4-V01 done Phase 4 Verification: Run full quality gates #347 all fix/security MS-P4-012 worker-1 2026-02-06T14:19:00Z 2026-02-06T14:22:00Z 5K 2K
MS-P5-001 done SEC-API-25+26: ValidationPipe strict mode + CORS Origin validation #340 api fix/security MS-P4-V01 MS-P5-002 worker-1 2026-02-06T15:00:00Z 2026-02-06T15:04:00Z 10K 47K
MS-P5-002 done SEC-API-27: Move RLS context setting inside transaction boundary #340 api fix/security MS-P5-001 MS-P5-003 worker-1 2026-02-06T15:05:00Z 2026-02-06T15:10:00Z 8K 48K
MS-P5-003 done SEC-API-28: Replace MCP console.error with NestJS Logger #340 api fix/security MS-P5-002 MS-P5-004 worker-1 2026-02-06T15:11:00Z 2026-02-06T15:15:00Z 5K 40K
MS-P5-004 done CQ-API-5: Document throttler in-memory fallback as best-effort #340 api fix/security MS-P5-003 MS-P5-005 worker-1 2026-02-06T15:16:00Z 2026-02-06T15:19:00Z 5K 38K
MS-P5-005 done SEC-ORCH-28+29: Add Valkey connection timeout + workItems MaxLength #340 orchestrator fix/security MS-P5-004 MS-P5-006 worker-1 2026-02-06T15:20:00Z 2026-02-06T15:24:00Z 8K 72K
MS-P5-006 done SEC-ORCH-30: Prevent container name collision with unique suffix #340 orchestrator fix/security MS-P5-005 MS-P5-007 worker-1 2026-02-06T15:25:00Z 2026-02-06T15:27:00Z 5K 55K
MS-P5-007 done CQ-ORCH-10: Make BullMQ job retention configurable via env vars #340 orchestrator fix/security MS-P5-006 MS-P5-008 worker-1 2026-02-06T15:28:00Z 2026-02-06T15:32:00Z 8K 66K
MS-P5-008 done SEC-WEB-26+29: Remove console.log + fix formatTime error handling #340 web fix/security MS-P5-007 MS-P5-009 worker-1 2026-02-06T15:33:00Z 2026-02-06T15:37:00Z 5K 50K
MS-P5-009 done SEC-WEB-27+28: Robust email validation + role cast validation #340 web fix/security MS-P5-008 MS-P5-010 worker-1 2026-02-06T15:38:00Z 2026-02-06T15:48:00Z 8K 93K
MS-P5-010 done SEC-WEB-30+31+36: Validate JSON.parse/localStorage deserialization #340 web fix/security MS-P5-009 MS-P5-011 worker-1 2026-02-06T15:49:00Z 2026-02-06T15:56:00Z 15K 76K
MS-P5-011 done SEC-WEB-32+34: Add input maxLength limits + API request timeout #340 web fix/security MS-P5-010 MS-P5-012 worker-1 2026-02-06T15:57:00Z 2026-02-06T18:12:00Z 10K 50K
MS-P5-012 done SEC-WEB-33+35: Fix Mermaid error display + useWorkspaceId error #340 web fix/security MS-P5-011 MS-P5-013 worker-1 2026-02-06T18:13:00Z 2026-02-06T18:18:00Z 8K 55K
MS-P5-013 done SEC-WEB-37: Gate federation mock data behind NODE_ENV check #340 web fix/security MS-P5-012 MS-P5-014 worker-1 2026-02-06T18:19:00Z 2026-02-06T18:25:00Z 8K 54K
MS-P5-014 done CQ-WEB-8: Add React.memo to performance-sensitive components #340 web fix/security MS-P5-013 MS-P5-015 worker-1 2026-02-06T18:26:00Z 2026-02-06T18:32:00Z 15K 82K
MS-P5-015 done CQ-WEB-9: Replace DOM manipulation in LinkAutocomplete #340 web fix/security MS-P5-014 MS-P5-016 worker-1 2026-02-06T18:33:00Z 2026-02-06T18:37:00Z 10K 37K
MS-P5-016 done CQ-WEB-10: Add loading/error states to pages with mock data #340 web fix/security MS-P5-015 MS-P5-017 worker-1 2026-02-06T18:38:00Z 2026-02-06T18:45:00Z 15K 66K
MS-P5-017 done CQ-WEB-11+12: Fix accessibility labels + SSR window check #340 web fix/security MS-P5-016 MS-P5-V01 worker-1 2026-02-06T18:46:00Z 2026-02-06T18:51:00Z 12K 65K
MS-P5-V01 done Phase 5 Verification: Run full quality gates #340 all fix/security MS-P5-017 worker-1 2026-02-06T18:52:00Z 2026-02-06T18:54:00Z 5K 2K
Reference in New Issue View Git Blame Copy Permalink