70 KiB
70 KiB
Tasks
MS15-DashboardShell (0.0.15) — Dashboard Shell & Design System
Orchestrator: Claude Code (Opus 4.6) Started: 2026-02-22 Branch: feat/ms15-design-system (Phase 1), feat/ms15-shared-components (Phase 2), feat/ms15-dashboard-page (Phase 3) Milestone: MS15-DashboardShell (0.0.15) PRD: docs/PRD.md
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MS15-FE-001 | done | Design token system overhaul (globals.css → dashboard.html tokens, dark/light, fonts) | #448 | web | feat/ms15-design-system | MS15-FE-002,MS15-FE-003,MS15-FE-004,MS15-UI-001 | w-1 | 2026-02-22T14:30Z | 2026-02-22T15:00Z | 25K | 18K | Combined with FE-002. Commit e615fa8. Build passes. |
|
| MS15-FE-002 | done | App shell grid layout (sidebar + full-width header + main content) | #448 | web | feat/ms15-design-system | MS15-FE-001 | MS15-FE-003,MS15-FE-004,MS15-FE-005 | w-1 | 2026-02-22T14:30Z | 2026-02-22T15:00Z | 20K | 0K | Combined with FE-001 (same commit). |
| MS15-FE-003 | done | Sidebar component (collapsible, nav groups, icons, badges, user card footer) | #448 | web | feat/ms15-design-system | MS15-FE-002 | MS15-FE-005 | w-3 | 2026-02-22T15:30Z | 2026-02-22T16:00Z | 25K | 67K | 4 nav groups, SidebarContext, collapse toggle. Commit 04f9918. |
| MS15-FE-004 | done | Topbar/Header component (logo, search, status, notifications, theme toggle, avatar dropdown) | #448 | web | feat/ms15-design-system | MS15-FE-002 | MS15-FE-005 | w-4 | 2026-02-22T15:30Z | 2026-02-22T16:00Z | 25K | 44K | Search, status, notifications, avatar dropdown. Commit 04f9918. |
| MS15-FE-005 | done | Responsive layout (breakpoints, hamburger, sidebar auto-hide at mobile) | #448 | web | feat/ms15-design-system | MS15-FE-003,MS15-FE-004 | MS15-QA-001 | w-5 | 2026-02-22T16:00Z | 2026-02-22T16:30Z | 20K | 57K | Mobile overlay, hamburger, matchMedia. Commit 28620b2. |
| MS15-FE-006 | done | Loading spinner (Mosaic logo icon with rotation animation, site-wide) | #448 | web | feat/ms15-design-system | MS15-FE-001 | w-2 | 2026-02-22T14:30Z | 2026-02-22T15:00Z | 10K | 8K | MosaicLogo + MosaicSpinner components. Same commit e615fa8. |
|
| MS15-UI-001 | not-started | Align packages/ui tokens with new CSS variable design system | #449 | ui | feat/ms15-shared-components | MS15-FE-001 | MS15-UI-002,MS15-UI-003,MS15-UI-004 | 20K | |||||
| MS15-UI-002 | not-started | Update Card, Badge, Button, Dot component variants to match reference | #449 | ui | feat/ms15-shared-components | MS15-UI-001 | MS15-DASH-001 | 25K | |||||
| MS15-UI-003 | not-started | Create MetricsStrip, ProgressBar, FilterTabs shared components | #449 | ui | feat/ms15-shared-components | MS15-UI-001 | MS15-DASH-001 | 20K | |||||
| MS15-UI-004 | not-started | Create SectionHeader, Table, LogLine shared components | #449 | ui | feat/ms15-shared-components | MS15-UI-001 | MS15-DASH-002 | 15K | |||||
| MS15-UI-005 | not-started | Create Terminal panel component (bottom drawer, tabs, output) | #449 | web | feat/ms15-shared-components | MS15-UI-001 | 20K | ||||||
| MS15-DASH-001 | not-started | Dashboard metrics strip (6 cells, colored borders, values, trends) | #450 | web | feat/ms15-dashboard-page | MS15-UI-002,MS15-UI-003 | 15K | ||||||
| MS15-DASH-002 | not-started | Active Orchestrator Sessions card with agent nodes | #450 | web | feat/ms15-dashboard-page | MS15-UI-004 | 20K | ||||||
| MS15-DASH-003 | not-started | Quick Actions 2x2 grid | #450 | web | feat/ms15-dashboard-page | MS15-UI-002 | 10K | ||||||
| MS15-DASH-004 | not-started | Activity Feed sidebar card | #450 | web | feat/ms15-dashboard-page | MS15-UI-002 | 15K | ||||||
| MS15-DASH-005 | not-started | Token Budget sidebar card with progress bars | #450 | web | feat/ms15-dashboard-page | MS15-UI-003 | 10K | ||||||
| MS15-QA-001 | done | Baseline tests (lint, typecheck, build) and situational tests (responsive, themes) | #448 | web | feat/ms15-design-system | MS15-FE-005 | orch | 2026-02-22T16:30Z | 2026-02-22T16:35Z | 15K | 2K | lint 0 errors, typecheck clean, build passes. All caches hit. | |
| MS15-DOC-001 | not-started | Documentation: design system reference, component docs | #448 | docs | feat/ms15-design-system | MS15-QA-001 | 10K |
M10-Telemetry (0.0.10) — Telemetry Integration
Orchestrator: Claude Code Started: 2026-02-15 Branch: feature/m10-telemetry Milestone: M10-Telemetry (0.0.10)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TEL-001 | done | Install @mosaicstack/telemetry-client in API + NestJS module | #369 | api | feature/m10-telemetry | TEL-004,TEL-006,TEL-007 | w-1 | 2026-02-15T10:00Z | 2026-02-15T10:37Z | 20K | 25K | |
| TEL-002 | done | Install mosaicstack-telemetry in Coordinator | #370 | coordinator | feature/m10-telemetry | TEL-005,TEL-006 | w-2 | 2026-02-15T10:00Z | 2026-02-15T10:34Z | 15K | 20K | |
| TEL-003 | done | Add telemetry config to docker-compose and .env | #374 | devops | feature/m10-telemetry | w-3 | 2026-02-15T10:38Z | 2026-02-15T10:40Z | 8K | 10K | ||
| TEL-004 | done | Track LLM task completions via Mosaic Telemetry | #371 | api | feature/m10-telemetry | TEL-001 | TEL-007 | w-4 | 2026-02-15T10:38Z | 2026-02-15T10:44Z | 25K | 30K |
| TEL-005 | done | Track orchestrator agent task completions | #372 | coordinator | feature/m10-telemetry | TEL-002 | w-5 | 2026-02-15T10:45Z | 2026-02-15T10:52Z | 20K | 25K | |
| TEL-006 | done | Prediction integration for cost estimation | #373 | api | feature/m10-telemetry | TEL-001,TEL-002 | TEL-007 | w-6 | 2026-02-15T10:45Z | 2026-02-15T10:51Z | 20K | 25K |
| TEL-007 | done | Frontend: Token usage and cost dashboard | #375 | web | feature/m10-telemetry | TEL-004,TEL-006 | TEL-008 | w-7 | 2026-02-15T10:53Z | 2026-02-15T11:03Z | 30K | 115K |
| TEL-008 | done | Documentation: Telemetry integration guide | #376 | docs | feature/m10-telemetry | TEL-007 | w-8 | 2026-02-15T10:53Z | 2026-02-15T10:58Z | 15K | 75K |
M11-CIPipeline (0.0.11) — CI Pipeline #360 Remediation
Orchestrator: Claude Code Started: 2026-02-12 Branch: fix/ci-* Epic: #360
CI Fix Round 6
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CI-FIX6-001 | done | Add @mosaic/ui build to web.yml build-shared step (fixes 10 test suites + 20 typecheck errs) | ci | fix/ci-366 | CI-FIX6-003 | w-14 | 2026-02-12T21:00Z | 2026-02-12T21:01Z | 3K | 3K | ||
| CI-FIX6-002 | done | Move spec file removal to builder stage (layer-aware); add tar CVEs to .trivyignore | orchestrator | fix/ci-366 | CI-FIX6-004 | w-15 | 2026-02-12T21:00Z | 2026-02-12T21:15Z | 3K | 5K | ||
| CI-FIX6-003 | done | Add React.ChangeEvent types to ~10 web files with untyped event handlers (49 lint + 19 TS) | web | fix/ci-366 | CI-FIX6-001 | CI-FIX6-004 | w-16 | 2026-02-12T21:02Z | 2026-02-12T21:08Z | 12K | 8K | |
| CI-FIX6-004 | done | Verification: pnpm lint && pnpm typecheck && pnpm test on web; Dockerfile find validation | all | fix/ci-366 | CI-FIX6-002,CI-FIX6-003 | orch | 2026-02-12T21:08Z | 2026-02-12T21:10Z | 5K | 2K |
M12-MatrixBridge (0.0.12) — Matrix/Element Bridge Integration
Orchestrator: Claude Code Started: 2026-02-15 Branch: feature/m12-matrix-bridge Epic: #377
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB-001 | done | Install matrix-bot-sdk and create MatrixService skeleton | #378 | api | feature/m12-matrix-bridge | MB-003,MB-004,MB-005,MB-006,MB-007,MB-008 | worker-1 | 2026-02-15T10:00Z | 2026-02-15T10:20Z | 20K | 15K | |
| MB-002 | done | Add Synapse + Element Web to docker-compose for dev | #384 | docker | feature/m12-matrix-bridge | worker-2 | 2026-02-15T10:00Z | 2026-02-15T10:15Z | 15K | 5K | ||
| MB-003 | done | Register MatrixService in BridgeModule with conditional loading | #379 | api | feature/m12-matrix-bridge | MB-001 | MB-008 | worker-3 | 2026-02-15T10:25Z | 2026-02-15T10:35Z | 12K | 20K |
| MB-004 | done | Workspace-to-Matrix-Room mapping and provisioning | #380 | api | feature/m12-matrix-bridge | MB-001 | MB-005,MB-006,MB-008 | worker-4 | 2026-02-15T10:25Z | 2026-02-15T10:35Z | 20K | 39K |
| MB-005 | done | Matrix command handling — receive and dispatch commands | #381 | api | feature/m12-matrix-bridge | MB-001,MB-004 | MB-007,MB-008 | worker-5 | 2026-02-15T10:40Z | 2026-02-15T14:27Z | 20K | 27K |
| MB-006 | done | Herald Service: Add Matrix output adapter | #382 | api | feature/m12-matrix-bridge | MB-001,MB-004 | MB-008 | worker-6 | 2026-02-15T10:40Z | 2026-02-15T14:25Z | 18K | 109K |
| MB-007 | done | Streaming AI responses via Matrix message edits | #383 | api | feature/m12-matrix-bridge | MB-001,MB-005 | MB-008 | worker-7 | 2026-02-15T14:30Z | 2026-02-15T14:35Z | 20K | 28K |
| MB-008 | done | Matrix bridge E2E integration tests | #385 | api | feature/m12-matrix-bridge | MB-001,MB-003,MB-004,MB-005,MB-006,MB-007 | MB-009 | worker-8 | 2026-02-15T14:38Z | 2026-02-15T14:40Z | 25K | 35K |
| MB-009 | done | Documentation: Matrix bridge setup and architecture | #386 | docs | feature/m12-matrix-bridge | MB-008 | worker-9 | 2026-02-15T14:38Z | 2026-02-15T14:39Z | 10K | 12K | |
| MB-010 | done | Sample Matrix swarm deployment compose file | #387 | docker | feature/m12-matrix-bridge | 2026-02-15 | 0 | 0 |
| MB-011 | done | Remediate code review and security review findings | #377 | api | feature/m12-matrix-bridge | MB-001..MB-010 | | worker-10 | 2026-02-15T15:00Z | 2026-02-15T15:10Z | 30K | 145K |
Phase Summary
| Phase | Tasks | Description |
|---|---|---|
| 1 - Foundation | MB-001, MB-002 | SDK install, dev infrastructure |
| 2 - Module Integration | MB-003, MB-004 | Module registration, DB mapping |
| 3 - Core Features | MB-005, MB-006 | Command handling, Herald adapter |
| 4 - Advanced Features | MB-007 | Streaming responses |
| 5 - Testing | MB-008 | E2E integration tests |
| 6 - Documentation | MB-009 | Setup guide, architecture docs |
| 7 - Review Remediation | MB-011 | Fix all code review + security findings |
Review Findings Resolved (MB-011)
| # | Severity | Finding | Fix |
|---|---|---|---|
| 1 | CRITICAL | sendThreadMessage hardcodes controlRoomId — wrong room | Added channelId to ThreadMessageOptions, use options.channelId |
| 2 | CRITICAL | void handleRoomMessage swallows ALL errors | Added .catch() with logger.error |
| 3 | CRITICAL | handleFixCommand: dead thread on dispatch failure | Wrapped dispatch in try-catch with user-visible error |
| 4 | CRITICAL | provisionRoom: orphaned Matrix room on DB failure | try-catch around DB update with logged warning |
| 5 | HIGH | Missing MATRIX_BOT_USER_ID validation (infinite loop risk) | Added throw in connect() if missing |
| 6 | HIGH | streamResponse finally block can throw/mask errors | Wrapped setTypingIndicator in nested try-catch |
| 7 | HIGH | streamResponse catch editMessage can throw/mask | Wrapped editMessage in nested try-catch |
| 8 | HIGH | HeraldService error log missing provider identity | Added provider.constructor.name to error log |
| 9 | HIGH | MatrixRoomService uses unsafe type assertion | Replaced with public getClient() method |
| 10 | HIGH | BridgeModule factory incomplete env var validation | Added warnings for missing vars when token set |
| 11 | MEDIUM | setup-bot.sh JSON injection via shell variables | Replaced with jq -n for safe JSON construction |
Notes
- #387 already completed in commit
6e20fc5 - #377 is the EPIC issue — closed after all reviews remediated
- 187 tests passing after remediation (41 matrix, 20 streaming, 10 room, 26 integration, 27 herald, 25 discord, + others)
M13-SpeechServices (0.0.13) — TTS & STT Integration
Orchestrator: Claude Code Started: 2026-02-15 Branch: feature/m13-speech-services Milestone: M13-SpeechServices (0.0.13) Epic: #388
Phase 1: Foundation (Config + Module + Providers)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-CFG-001 | done | #401: Speech services environment variables and ConfigModule integration | #401 | api | feature/m13-speech-services | SP-MOD-001,SP-DOC-001 | worker-1 | 2026-02-15T06:00Z | 2026-02-15T06:07Z | 15K | 15K | 51 tests, 4cc43be |
|
| SP-MOD-001 | done | #389: Create SpeechModule with provider abstraction layer | #389 | api | feature/m13-speech-services | SP-CFG-001 | SP-STT-001,SP-TTS-001,SP-MID-001 | worker-2 | 2026-02-15T06:08Z | 2026-02-15T06:14Z | 25K | 25K | 27 tests, c40373f |
Phase 2: Providers (STT + TTS)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-STT-001 | done | #390: Implement STT provider with Speaches/faster-whisper integration | #390 | api | feature/m13-speech-services | SP-MOD-001 | SP-EP-001,SP-WS-001 | worker-4 | 2026-02-15T06:15Z | 2026-02-15T06:25Z | 20K | 50K | 27 tests, 3ae9e53 |
| SP-TTS-001 | done | #391: Implement tiered TTS provider architecture | #391 | api | feature/m13-speech-services | SP-MOD-001 | SP-TTS-002,SP-TTS-003,SP-TTS-004,SP-EP-002 | worker-5 | 2026-02-15T06:15Z | 2026-02-15T06:25Z | 20K | 35K | 30 tests, b5edb4f |
| SP-TTS-002 | done | #393: Implement Kokoro-FastAPI TTS provider (default tier) | #393 | api | feature/m13-speech-services | SP-TTS-001 | SP-EP-002 | worker-6 | 2026-02-15T06:26Z | 2026-02-15T06:33Z | 15K | 25K | 48 tests, 79b1d81 |
| SP-TTS-003 | done | #394: Implement Chatterbox TTS provider (premium tier, voice cloning) | #394 | api | feature/m13-speech-services | SP-TTS-001 | SP-EP-002 | worker-7 | 2026-02-15T06:26Z | 2026-02-15T06:34Z | 15K | 25K | 26 tests, d37c78f |
| SP-TTS-004 | done | #395: Implement Piper TTS provider via OpenedAI Speech (fallback tier) | #395 | api | feature/m13-speech-services | SP-TTS-001 | SP-EP-002 | worker-8 | 2026-02-15T06:35Z | 2026-02-15T06:44Z | 12K | 15K | 37 tests, 6c46556 |
Phase 3: Middleware + REST Endpoints
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-MID-001 | done | #398: Audio format validation and preprocessing middleware | #398 | api | feature/m13-speech-services | SP-MOD-001 | SP-EP-001,SP-EP-002 | worker-9 | 2026-02-15T06:35Z | 2026-02-15T06:42Z | 15K | 25K | 36 tests, 7b4fda6 |
| SP-EP-001 | done | #392: Create /api/speech/transcribe REST endpoint | #392 | api | feature/m13-speech-services | SP-STT-001,SP-MID-001 | SP-WS-001,SP-FE-001 | worker-10 | 2026-02-15T06:45Z | 2026-02-15T06:52Z | 20K | 25K | 10 tests, 527262a |
| SP-EP-002 | done | #396: Create /api/speech/synthesize REST endpoint | #396 | api | feature/m13-speech-services | SP-TTS-002,SP-TTS-003,SP-TTS-004,SP-MID-001 | SP-FE-002 | worker-11 | 2026-02-15T06:45Z | 2026-02-15T06:53Z | 20K | 35K | 17 tests, 527262a |
Phase 4: WebSocket Streaming
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-WS-001 | done | #397: Implement WebSocket streaming transcription endpoint | #397 | api | feature/m13-speech-services | SP-STT-001,SP-EP-001 | SP-FE-001 | worker-12 | 2026-02-15T06:54Z | 2026-02-15T07:00Z | 20K | 30K | 29 tests, 28c9e6f |
Phase 5: Docker/DevOps
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-DOC-001 | done | #399: Docker Compose dev overlay for speech services | #399 | devops | feature/m13-speech-services | SP-CFG-001 | SP-DOC-002 | worker-3 | 2026-02-15T06:08Z | 2026-02-15T06:10Z | 10K | 15K | 52553c8 |
| SP-DOC-002 | done | #400: Docker Compose swarm/prod deployment for speech services | #400 | devops | feature/m13-speech-services | SP-DOC-001 | worker-13 | 2026-02-15T06:54Z | 2026-02-15T06:56Z | 10K | 8K | b3d6d73 |
Phase 6: Frontend
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-FE-001 | done | #402: Frontend voice input component (microphone capture + transcription) | #402 | web | feature/m13-speech-services | SP-EP-001,SP-WS-001 | SP-FE-003 | worker-14 | 2026-02-15T07:01Z | 2026-02-15T07:12Z | 25K | 50K | 34 tests, 74d6c10 |
| SP-FE-002 | done | #403: Frontend audio playback component for TTS output | #403 | web | feature/m13-speech-services | SP-EP-002 | SP-FE-003 | worker-15 | 2026-02-15T07:01Z | 2026-02-15T07:11Z | 20K | 50K | 32 tests, 74d6c10 |
| SP-FE-003 | done | #404: Frontend speech settings page (provider selection, voice config) | #404 | web | feature/m13-speech-services | SP-FE-001,SP-FE-002 | SP-E2E-001 | worker-16 | 2026-02-15T07:13Z | 2026-02-15T07:22Z | 20K | 35K | 30 tests, bc86947 |
Phase 7: Testing + Documentation
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used | notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SP-E2E-001 | done | #405: E2E integration tests for speech services | #405 | api | feature/m13-speech-services | SP-EP-001,SP-EP-002,SP-WS-001,SP-FE-003 | SP-DOCS-001 | worker-17 | 2026-02-15T07:23Z | 2026-02-15T07:32Z | 25K | 35K | 30 tests, d2c7602 |
| SP-DOCS-001 | done | #406: Documentation - Speech services architecture, API, and deployment | #406 | docs | feature/m13-speech-services | SP-E2E-001 | worker-18 | 2026-02-15T07:23Z | 2026-02-15T07:29Z | 15K | 35K | 24065aa |
Auth-Frontend-Remediation (<0.1.0) — Auth & Frontend Remediation
Orchestrator: Claude Code Started: 2026-02-16 Branch: fix/auth-frontend-remediation Milestone: Auth-Frontend-Remediation (<0.1.0) Epic: #411
Phase 1: Critical Backend Fixes (#412)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-001 | done | 1.1: Add OIDC_REDIRECT_URI to validation with URL + path checks | #412 | api | fix/auth-frontend-remediation | AUTH-002 | w-1 | 2026-02-16T11:00Z | 2026-02-16T11:04Z | 10K | 12K | |
| AUTH-002 | done | 1.2: Wrap BetterAuth handler in try/catch with error logging | #412 | api | fix/auth-frontend-remediation | AUTH-001 | w-3 | 2026-02-16T11:05Z | 2026-02-16T11:09Z | 10K | 15K | |
| AUTH-003 | done | 1.3: Fix docker-compose OIDC_REDIRECT_URI default | #412 | devops | fix/auth-frontend-remediation | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K | ||
| AUTH-004 | done | 1.4: Enable PKCE in genericOAuth config | #412 | api | fix/auth-frontend-remediation | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 5K | 5K | ||
| AUTH-005 | done | 1.5: Add @SkipCsrf() documentation with BetterAuth CSRF rationale | #412 | api | fix/auth-frontend-remediation | w-2 | 2026-02-16T11:00Z | 2026-02-16T11:05Z | 3K | 5K | ||
| AUTH-V01 | done | Phase 1 verification: quality gates pass | #412 | all | fix/auth-frontend-remediation | AUTH-001,AUTH-002,AUTH-003,AUTH-004,AUTH-005 | AUTH-006 | orch | 2026-02-16T11:10Z | 2026-02-16T11:10Z | 5K | 2K |
Phase 2: Auth Config Discovery (#413)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-006 | done | 2.1: Add AuthProvider and AuthConfigResponse types to @mosaic/shared | #413 | shared | fix/auth-frontend-remediation | AUTH-V01 | AUTH-007 | w-4 | 2026-02-16T11:12Z | 2026-02-16T11:13Z | 5K | 3K |
| AUTH-007 | done | 2.2-2.3: Implement getAuthConfig() + GET /auth/config endpoint | #413 | api | fix/auth-frontend-remediation | AUTH-006 | AUTH-008 | w-5 | 2026-02-16T11:13Z | 2026-02-16T11:17Z | 15K | 15K |
| AUTH-008 | done | 2.4: Add secret-leakage prevention test | #413 | api | fix/auth-frontend-remediation | AUTH-007 | AUTH-009 | w-6 | 2026-02-16T11:18Z | 2026-02-16T11:20Z | 8K | 8K |
| AUTH-009 | done | 2.5: Implement isOidcProviderReachable() health check | #413 | api | fix/auth-frontend-remediation | AUTH-007 | w-7 | 2026-02-16T11:18Z | 2026-02-16T11:23Z | 10K | 12K | |
| AUTH-V02 | done | Phase 2 verification: quality gates pass | #413 | all | fix/auth-frontend-remediation | AUTH-006,AUTH-007,AUTH-008,AUTH-009 | AUTH-010 | orch | 2026-02-16T11:24Z | 2026-02-16T11:25Z | 5K | 2K |
Phase 3: Backend Hardening (#414)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-010 | done | 3.1: Extract trustedOrigins to getTrustedOrigins() with env vars | #414 | api | fix/auth-frontend-remediation | AUTH-V02 | AUTH-011 | w-8 | 2026-02-16T11:26Z | 2026-02-16T11:31Z | 10K | 15K |
| AUTH-011 | done | 3.2: Align CORS config in main.ts with getTrustedOrigins() | #414 | api | fix/auth-frontend-remediation | AUTH-010 | w-10 | 2026-02-16T11:32Z | 2026-02-16T11:33Z | 8K | 8K | |
| AUTH-012 | done | 3.3: Update session config (7d abs, 2h idle, cookie attrs) | #414 | api | fix/auth-frontend-remediation | AUTH-V02 | w-9 | 2026-02-16T11:26Z | 2026-02-16T11:29Z | 8K | 8K | |
| AUTH-013 | done | 3.4: Add TRUSTED_ORIGINS, COOKIE_DOMAIN to .env.example | #414 | devops | fix/auth-frontend-remediation | AUTH-010 | w-11 | 2026-02-16T11:32Z | 2026-02-16T11:33Z | 3K | 3K | |
| AUTH-V03 | done | Phase 3 verification: quality gates pass | #414 | all | fix/auth-frontend-remediation | AUTH-010,AUTH-011,AUTH-012,AUTH-013 | AUTH-014 | orch | 2026-02-16T11:34Z | 2026-02-16T11:34Z | 5K | 2K |
Phase 4: Frontend Foundation (#415)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-014 | done | 4.1: Fix theme storage key (jarvis-theme -> mosaic-theme) | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | w-12 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 5K | 5K | |
| AUTH-015 | done | 4.2: Create AuthErrorBanner component (PDA-friendly, blue theme) | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | AUTH-020 | w-13 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 12K | 12K |
| AUTH-016 | done | 4.3: Create AuthDivider component | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | AUTH-020 | w-12 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 5K | 5K |
| AUTH-017 | done | 4.4: Create OAuthButton component (replaces LoginButton) | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | AUTH-020 | w-13 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 12K | 12K |
| AUTH-018 | done | 4.5: Create LoginForm component with email/password validation | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | AUTH-020 | w-13 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 15K | 15K |
| AUTH-019 | done | 4.6: Create SessionExpiryWarning component | #415 | web | fix/auth-frontend-remediation | AUTH-V03 | AUTH-025 | w-12 | 2026-02-16T11:35Z | 2026-02-16T11:44Z | 10K | 10K |
| AUTH-V04 | done | Phase 4 verification: quality gates pass | #415 | all | fix/auth-frontend-remediation | AUTH-014,AUTH-015,AUTH-016,AUTH-017,AUTH-018,AUTH-019 | AUTH-020 | orch | 2026-02-16T11:45Z | 2026-02-16T11:45Z | 5K | 2K |
Phase 5: Login Page Integration (#416)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-020 | done | 5.1-5.2: Fetch /auth/config and render providers dynamically | #416 | web | fix/auth-frontend-remediation | AUTH-V04,AUTH-V02 | AUTH-021 | w-14 | 2026-02-16T11:46Z | 2026-02-16T11:52Z | 20K | 15K |
| AUTH-021 | done | 5.3-5.4: Error display from query params + loading states | #416 | web | fix/auth-frontend-remediation | AUTH-020 | AUTH-022 | w-15 | 2026-02-16T11:53Z | 2026-02-16T11:57Z | 12K | 12K |
| AUTH-022 | done | 5.5: Delete old LoginButton.tsx and update imports | #416 | web | fix/auth-frontend-remediation | AUTH-020 | w-16 | 2026-02-16T11:53Z | 2026-02-16T11:54Z | 5K | 4K | |
| AUTH-023 | done | 5.6-5.7: Responsive layout + accessibility audit | #416 | web | fix/auth-frontend-remediation | AUTH-020,AUTH-021 | w-17 | 2026-02-16T11:58Z | 2026-02-16T12:03Z | 12K | 25K | |
| AUTH-V05 | done | Phase 5 verification: quality gates pass | #416 | all | fix/auth-frontend-remediation | AUTH-020,AUTH-021,AUTH-022,AUTH-023 | AUTH-024 | orch | 2026-02-16T12:04Z | 2026-02-16T12:04Z | 5K | 2K |
Phase 6: Error Recovery & Polish (#417)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-024 | done | 6.1: Create auth-errors.ts with PDA error parsing and mapping | #417 | web | fix/auth-frontend-remediation | AUTH-V05 | AUTH-025 | w-18 | 2026-02-16T12:10Z | 2026-02-16T12:15Z | 12K | 12K |
| AUTH-025 | done | 6.2: Add retry logic for network errors (3x exponential backoff) | #417 | web | fix/auth-frontend-remediation | AUTH-V05 | w-20 | 2026-02-16T12:16Z | 2026-02-16T12:22Z | 10K | 15K | |
| AUTH-026 | done | 6.3-6.4: AuthProvider session-expiring state + SessionExpiryWarning | #417 | web | fix/auth-frontend-remediation | AUTH-V05,AUTH-019 | w-19 | 2026-02-16T12:10Z | 2026-02-16T12:15Z | 15K | 20K | |
| AUTH-027 | done | 6.5: Update auth-client.ts error messages to PDA-friendly | #417 | web | fix/auth-frontend-remediation | AUTH-024 | w-21 | 2026-02-16T12:16Z | 2026-02-16T12:18Z | 8K | 10K | |
| AUTH-V06 | done | Phase 6 verification: quality gates pass | #417 | all | fix/auth-frontend-remediation | AUTH-024,AUTH-025,AUTH-026,AUTH-027 | orch | 2026-02-16T12:23Z | 2026-02-16T12:24Z | 5K | 2K |
Phase 7: Review Remediation (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTH-028 | done | 7.1: Frontend fixes — wire fetchWithRetry, dedupe errors, fix OAuth/catch/signout | #411 | web | fix/auth-frontend-remediation | AUTH-V06 | AUTH-030 | w-22 | 2026-02-16T18:29Z | 2026-02-16T18:33Z | 20K | 15K |
| AUTH-029 | done | 7.2: Backend fixes — COOKIE_DOMAIN, TRUSTED_ORIGINS validation, verifySession | #411 | api | fix/auth-frontend-remediation | AUTH-V06 | AUTH-030 | w-23 | 2026-02-16T18:29Z | 2026-02-16T18:31Z | 15K | 12K |
| AUTH-030 | done | 7.3: Missing tests — getAccessToken, isAdmin, null cases, getClientIp | #411 | all | fix/auth-frontend-remediation | AUTH-028,AUTH-029 | AUTH-V07 | w-24 | 2026-02-16T18:34Z | 2026-02-16T18:37Z | 15K | 15K |
| AUTH-V07 | done | Phase 7 verification: 191 web + 106 API tests passing | #411 | all | fix/auth-frontend-remediation | AUTH-030 | orch | 2026-02-16T18:37Z | 2026-02-16T18:38Z | 5K | 2K |
Phase 8: QA Remediation — Backend Error Handling (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA-001 | done | CRITICAL: AuthGuard — let infrastructure errors propagate instead of wrapping as 401 | #411 | api | fix/auth-frontend-remediation | QA-V08 | w-25 | 2026-02-16T19:00Z | 2026-02-16T19:10Z | 12K | 9K | |
| QA-002 | done | CRITICAL+HIGH: verifySession — invert error classification (allowlist auth errors, re-throw everything else) + typed return type + health check escalation | #411 | api | fix/auth-frontend-remediation | QA-001,QA-V08 | w-26 | 2026-02-16T19:00Z | 2026-02-16T19:15Z | 25K | 8K | |
| QA-003 | done | MEDIUM: auth.config.ts — replace null coalescing with throw in getOidcPlugins + include error details in getTrustedOrigins catch | #411 | api | fix/auth-frontend-remediation | QA-V08 | w-27 | 2026-02-16T19:16Z | 2026-02-16T19:25Z | 10K | 3K | |
| QA-004 | done | MEDIUM: auth.controller.ts — use HttpException(401) instead of raw Error in getSession + PDA-friendly handleAuth error message | #411 | api | fix/auth-frontend-remediation | QA-V08 | w-28 | 2026-02-16T19:16Z | 2026-02-16T19:22Z | 10K | 7K | |
| QA-V08 | done | Phase 8 verification: 128 auth tests pass, 2 pre-existing failures (DB/package), no regressions | #411 | all | fix/auth-frontend-remediation | QA-001,QA-002,QA-003,QA-004 | QA-005 | orch | 2026-02-16T19:26Z | 2026-02-16T19:27Z | 5K | 2K |
Phase 9: QA Remediation — Frontend Error Handling (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA-005 | done | CRITICAL+HIGH: auth-context.tsx — production logging, replace isBackendError with parseAuthError, fix signOut classification, add session-expired state | #411 | web | fix/auth-frontend-remediation | QA-V08 | QA-007,QA-V09 | w-29 | 2026-02-16T19:28Z | 2026-02-16T19:45Z | 25K | 85K |
| QA-006 | done | MEDIUM: auth-client.ts — log JSON parse error in signInWithCredentials + add logging to getAccessToken/isAdmin silent defaults | #411 | web | fix/auth-frontend-remediation | QA-V08 | QA-V09 | w-30 | 2026-02-16T19:28Z | 2026-02-16T19:50Z | 12K | 15K |
| QA-007 | done | HIGH: login/page.tsx — show explicit error state instead of silent email-only fallback when config fetch fails | #411 | web | fix/auth-frontend-remediation | QA-005 | QA-V09 | w-31 | 2026-02-16T19:51Z | 2026-02-16T19:56Z | 15K | 18K |
| QA-008 | done | LOW: auth-errors.ts — derive KNOWN_CODES from Object.keys(ERROR_MESSAGES) to eliminate duplication | #411 | web | fix/auth-frontend-remediation | QA-V08 | QA-V09 | w-32 | 2026-02-16T19:51Z | 2026-02-16T19:53Z | 3K | 4K |
| QA-V09 | done | Phase 9 verification: 194 auth web tests pass, no regressions | #411 | all | fix/auth-frontend-remediation | QA-005,QA-006,QA-007,QA-008 | QA-009 | orch | 2026-02-16T19:57Z | 2026-02-16T19:58Z | 5K | 2K |
Phase 10: QA Remediation — Comment & Documentation Fixes (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA-009 | done | CRITICAL: Fix updateAge comment (not idle timeout — it's session refresh throttle), fix .env.example OIDC vars, fix username->email bug in signInWithCredentials | #411 | api,web | fix/auth-frontend-remediation | QA-V09 | QA-V10 | w-33 | 2026-02-16T19:59Z | 2026-02-16T20:05Z | 12K | 12K |
| QA-010 | done | MINOR: Fix JSDoc issues — response.ok is 2xx not "200", remove "Automatic token refresh" claim, remove "Enable for now" comment, fix CSRF comment placement, fix 403 mapping comment | #411 | api,web | fix/auth-frontend-remediation | QA-V09 | QA-V10 | w-34 | 2026-02-16T19:59Z | 2026-02-16T20:03Z | 8K | 8K |
| QA-V10 | done | Phase 10 verification: 71 tests pass, no regressions | #411 | all | fix/auth-frontend-remediation | QA-009,QA-010 | QA-011 | orch | 2026-02-16T20:06Z | 2026-02-16T20:07Z | 5K | 2K |
Phase 11: QA Remediation — Type Design Improvements (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA-011 | done | HIGH: Unify 4 request-with-user types (RequestWithSession, AuthRequest, BetterAuthRequest, RequestWithUser) into AuthenticatedRequest | #411 | api | fix/auth-frontend-remediation | QA-V10 | QA-V11 | w-35 | 2026-02-16T20:08Z | 2026-02-16T20:16Z | 20K | 15K |
| QA-012 | done | LOW: Add RetryOptions value clamping (maxRetries>=0, baseDelayMs>=100, backoffFactor>=1) | #411 | web | fix/auth-frontend-remediation | QA-V10 | QA-V11 | w-36 | 2026-02-16T20:08Z | 2026-02-16T20:12Z | 5K | 4K |
| QA-V11 | done | Phase 11 verification: 125 tests pass (106 API + 19 web), types compile | #411 | all | fix/auth-frontend-remediation | QA-011,QA-012 | QA-013 | orch | 2026-02-16T20:17Z | 2026-02-16T20:18Z | 5K | 2K |
Phase 12: QA Remediation — Test Coverage Gaps (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA-013 | done | Add signOut failure path test — verify user cleared + authError set to proper type on apiPost rejection | #411 | web | fix/auth-frontend-remediation | QA-V11 | QA-V12 | w-37 | 2026-02-16T20:19Z | 2026-02-16T20:26Z | 10K | 4K |
| QA-014 | done | Add verifySession non-Error thrown value test — verify returns null for string/object throws | #411 | api | fix/auth-frontend-remediation | QA-V11 | QA-V12 | w-38 | 2026-02-16T20:19Z | 2026-02-16T20:23Z | 8K | 4K |
| QA-015 | done | Add handleCredentialsLogin error message fallback test + fix refreshSession test to actually call refresh | #411 | web | fix/auth-frontend-remediation | QA-V11 | QA-V12 | w-39 | 2026-02-16T20:27Z | 2026-02-16T20:30Z | 12K | 7K |
| QA-V12 | done | Phase 12 verification: 309 tests pass (201 web + 108 API) — final quality gate | #411 | all | fix/auth-frontend-remediation | QA-013,QA-014,QA-015 | orch | 2026-02-16T20:31Z | 2026-02-16T20:32Z | 5K | 2K |
Phase 13: QA Round 2 — Backend Hardening (#411)
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| QA2-001 | done | MEDIUM: Narrow verifySession allowlist — "token expired"/"session expired" instead of bare "expired", exact match "unauthorized" | #411 | api | fix/auth-frontend-remediation | QA2-003,QA2-V13 | w-40 | 2026-02-16T21:00Z | 2026-02-16T21:02Z | 10K | 4K | |
| QA2-002 | done | MEDIUM: Add runtime null checks in auth.controller getSession/getProfile — defense-in-depth for AuthenticatedRequest | #411 | api | fix/auth-frontend-remediation | QA2-V13 | w-42 | 2026-02-16T21:03Z | 2026-02-16T21:05Z | 8K | 5K | |
| QA2-003 | done | MEDIUM: Sanitize Bearer tokens from logged error stacks + add logger.warn for non-Error thrown values in verifySession | #411 | api | fix/auth-frontend-remediation | QA2-001 | QA2-V13 | w-44 | 2026-02-16T21:06Z | 2026-02-16T21:08Z | 8K | 5K |
| QA2-004 | done | MEDIUM: classifyAuthError — map invalid_credentials/session_expired to null instead of "backend" (don't show error banner for normal 401) | #411 | web | fix/auth-frontend-remediation | QA2-V13 | w-41 | 2026-02-16T21:00Z | 2026-02-16T21:02Z | 10K | 5K | |
| QA2-005 | done | MEDIUM: Login page — route BetterAuth result.error.message through parseAuthError for PDA-friendly sanitization | #411 | web | fix/auth-frontend-remediation | QA2-V13 | w-43 | 2026-02-16T21:03Z | 2026-02-16T21:05Z | 8K | 4K | |
| QA2-006 | done | LOW: AuthGuard user validation branch tests — malformed user (missing id/email/name), non-object user, string user | #411 | api | fix/auth-frontend-remediation | QA2-V13 | w-45 | 2026-02-16T21:06Z | 2026-02-16T21:09Z | 8K | 5K | |
| QA2-V13 | done | Phase 13 verification: 272 tests pass (126 web + 146 API), 2 pre-existing failures, no regressions | #411 | all | fix/auth-frontend-remediation | QA2-001,QA2-002,QA2-003,QA2-004,QA2-005,QA2-006 | orch | 2026-02-16T21:10Z | 2026-02-16T21:12Z | 5K | 2K |
Summary
| Phase | Issue | Tasks | Total Estimate |
|---|---|---|---|
| 1 - Critical Backend Fixes | #412 | 6 | 36K |
| 2 - Auth Config Discovery | #413 | 5 | 43K |
| 3 - Backend Hardening | #414 | 5 | 34K |
| 4 - Frontend Foundation | #415 | 7 | 64K |
| 5 - Login Page Integration | #416 | 5 | 54K |
| 6 - Error Recovery & Polish | #417 | 5 | 50K |
| 7 - Review Remediation | #411 | 4 | 55K |
| 8 - QA: Backend Error Handling | #411 | 5 | 62K |
| 9 - QA: Frontend Error Handling | #411 | 5 | 60K |
| 10 - QA: Comment Fixes | #411 | 3 | 25K |
| 11 - QA: Type Design | #411 | 3 | 30K |
| 12 - QA: Test Coverage | #411 | 4 | 35K |
| 13 - QA R2: Hardening + Tests | #411 | 7 | 57K |
| Total | 64 | 605K |
2026-02-17 Full Code/Security/QA Review
Reviewer: Jarvis (Codex runtime)
Scope: Monorepo code review + security review + QA verification
Branch: fix/auth-frontend-remediation
Verification Snapshot
pnpm lint: passpnpm typecheck: passpnpm --filter @mosaic/api test -- src/mosaic-telemetry/mosaic-telemetry.module.spec.ts src/auth/auth-rls.integration.spec.ts src/credentials/user-credential.model.spec.ts src/job-events/job-events.performance.spec.ts src/knowledge/services/fulltext-search.spec.ts: pass (DB-bound suites intentionally skipped unlessRUN_DB_TESTS=true)pnpm audit --prod: pass (0 vulnerabilities after overrides + lock refresh)
Remediation Tasks
| id | status | severity | category | description | evidence |
|---|---|---|---|---|---|
| REV-2026-001 | done | high | security+functional | Web dashboard widgets call orchestrator GET /agents directly without X-API-Key, but orchestrator protects all /agents routes with OrchestratorApiKeyGuard. This creates a broken production path or pressures exposing a sensitive API key client-side. Add a server-side proxy/BFF route and remove direct browser calls. |
apps/web/src/app/api/orchestrator/agents/route.ts:1, apps/web/src/components/widgets/AgentStatusWidget.tsx:32, apps/web/src/components/widgets/TaskProgressWidget.tsx:103 |
| REV-2026-002 | done | high | security | RLS context helpers are now applied in TasksService service boundaries (create, findAll, findOne, update, remove) with safe fallback behavior for test doubles; controller now passes user context for list/detail paths, and regression tests assert context usage. |
apps/api/src/tasks/tasks.service.ts:27, apps/api/src/tasks/tasks.controller.ts:54, apps/api/src/tasks/tasks.service.spec.ts:15 |
| REV-2026-003 | done | medium | security | Docker sandbox defaults still use bridge networking; isolation hardening is incomplete by default. Move default to none and explicitly opt in to egress where required. |
apps/orchestrator/src/config/orchestrator.config.ts:32, apps/orchestrator/src/spawner/docker-sandbox.service.ts:115, apps/orchestrator/src/spawner/docker-sandbox.service.ts:265 |
| REV-2026-004 | done | high | security | Production dependency chain hardened via root overrides: replaced legacy request with @cypress/request, pinned tough-cookie and qs to patched ranges, and forced patched ajv; lockfile updated and production audit now reports zero vulnerabilities. |
package.json:68, pnpm-lock.yaml:1, pnpm audit --prod --json (0 vulnerabilities) |
| REV-2026-005 | done | high | qa | API test suite is not hermetic for default pnpm test: database-backed tests run when DATABASE_URL exists but credentials are invalid, causing hard failures. Gate integration/perf suites behind explicit integration flag and connectivity preflight, or split commands in turbo pipeline. |
apps/api/src/credentials/user-credential.model.spec.ts:18, apps/api/src/knowledge/services/fulltext-search.spec.ts:30, apps/api/src/job-events/job-events.performance.spec.ts:19, apps/api/src/auth/auth-rls.integration.spec.ts:10 |
| REV-2026-006 | done | medium | qa+architecture | MosaicTelemetryModule imports AuthModule, causing telemetry module tests to fail on unrelated ENCRYPTION_KEY auth config requirements. Decouple telemetry module dependencies or provide test-safe module overrides. |
apps/api/src/mosaic-telemetry/mosaic-telemetry.module.ts:36, apps/api/src/mosaic-telemetry/mosaic-telemetry.module.spec.ts:1 |
| REV-2026-007 | done | medium | qa | Frontend skip cleanup completed for scoped findings: TasksWidget, CalendarWidget, and LinkAutocomplete coverage now runs with deterministic assertions and no stale it.skip markers in those suites. |
apps/web/src/components/widgets/__tests__/TasksWidget.test.tsx:1, apps/web/src/components/widgets/__tests__/CalendarWidget.test.tsx:1, apps/web/src/components/knowledge/__tests__/LinkAutocomplete.test.tsx:1 |
| REV-2026-008 | done | low | tooling | Repo session bootstrap reliability issue: scripts/agent/session-start.sh fails due stale branch tracking ref, which can silently block required lifecycle checks. Update script to tolerate missing remote branch or self-heal branch config. |
scripts/agent/session-start.sh:10, scripts/agent/session-start.sh:16, scripts/agent/session-start.sh:34 |
2026-02-17 Orchestrator Streaming + Queue Control Follow-up
Orchestrator: Jarvis (Codex runtime)
Branch: fix/auth-frontend-remediation
Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ORCH-FU-001 | done | Add orchestrator SSE event stream endpoint and service fan-out (/agents/events) with initial snapshot + heartbeat |
#411 | orchestrator,web | fix/auth-frontend-remediation | REV-2026-001 | orch | 2026-02-17T15:00Z | 2026-02-17T15:18Z | 20K | 24K | |
| ORCH-FU-002 | done | Add queue control API (/queue/stats, /queue/pause, /queue/resume) and web proxy routes |
#411 | orchestrator,web | fix/auth-frontend-remediation | ORCH-FU-001 | orch | 2026-02-17T15:18Z | 2026-02-17T15:24Z | 12K | 15K | |
| ORCH-FU-003 | done | Wire TaskProgressWidget and AgentStatusWidget to live SSE updates with polling fallback |
#411 | web | fix/auth-frontend-remediation | ORCH-FU-001 | orch | 2026-02-17T15:24Z | 2026-02-17T15:33Z | 15K | 18K | |
| ORCH-FU-004 | done | Persist spawned state in lifecycle + align queue state transitions/events for spawned/non-spawned paths | #411 | orchestrator | fix/auth-frontend-remediation | ORCH-FU-001 | orch | 2026-02-17T15:33Z | 2026-02-17T15:40Z | 15K | 18K | |
| ORCH-FU-005 | done | Harden repo-local Mosaic linkage paths (~/.config/mosaic) and ignore orchestrator runtime artifacts |
#411 | docs,tooling | fix/auth-frontend-remediation | ORCH-FU-004 | orch | 2026-02-17T15:40Z | 2026-02-17T15:45Z | 8K | 6K | |
| ORCH-FU-V01 | done | Verification: orchestrator and web targeted test suites pass after follow-up changes | #411 | all | fix/auth-frontend-remediation | ORCH-FU-001 | orch | 2026-02-17T15:45Z | 2026-02-17T15:48Z | 5K | 3K |
Verification Snapshot
pnpm --filter @mosaic/orchestrator test -- src/api/queue/queue.controller.spec.ts src/api/agents/agents.controller.spec.ts src/api/agents/agents-killswitch.controller.spec.ts src/queue/queue.service.spec.ts src/config/orchestrator.config.spec.ts: pass (26files,737tests)pnpm --filter @mosaic/web test -- src/components/widgets/__tests__/TaskProgressWidget.test.tsx src/components/widgets/__tests__/AgentStatusWidget.test.tsx: pass (89files,1117tests,3skipped)
2026-02-17 Orchestrator Observability Follow-up
Orchestrator: Jarvis (Codex runtime)
Branch: feature/mosaic-stack-finalization
Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ORCH-OBS-001 | done | Add recent event buffer + endpoint (GET /agents/events/recent?limit=) for non-SSE polling clients |
#411 | orchestrator | feature/mosaic-stack-finalization | ORCH-FU-001 | orch | 2026-02-17T16:20Z | 2026-02-17T16:28Z | 10K | 8K | |
| ORCH-OBS-002 | done | Add web proxy route for recent orchestrator events (/api/orchestrator/events/recent) |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-001 | orch | 2026-02-17T16:28Z | 2026-02-17T16:31Z | 5K | 4K | |
| ORCH-OBS-003 | done | Add repo-level monitor script (scripts/agent/orchestrator-events.sh) for recent/watch modes |
#411 | tooling | feature/mosaic-stack-finalization | ORCH-OBS-001 | orch | 2026-02-17T16:31Z | 2026-02-17T16:36Z | 8K | 5K | |
| ORCH-OBS-004 | done | Add tests/docs updates for recent events and operator command usage | #411 | orchestrator,docs | feature/mosaic-stack-finalization | ORCH-OBS-001 | orch | 2026-02-17T16:36Z | 2026-02-17T16:40Z | 8K | 6K | |
| ORCH-OBS-005 | done | Fix HUD widget ID generation/parsing for hyphenated widget types (quick-capture, agent-status) |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-004 | orch | 2026-02-17T16:42Z | 2026-02-17T16:48Z | 8K | 6K | |
| ORCH-OBS-006 | done | Add WidgetRenderer regression tests for hyphenated widget IDs |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-005 | orch | 2026-02-17T16:48Z | 2026-02-17T16:50Z | 5K | 3K | |
| ORCH-OBS-007 | done | Add OrchestratorEventsWidget for live/recent orchestration visibility with Matrix signal hints |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-002 | orch | 2026-02-17T16:55Z | 2026-02-17T17:03Z | 12K | 9K | |
| ORCH-OBS-008 | done | Integrate new widget into HUD/WidgetRegistry and extend widget regression coverage | #411 | web | feature/mosaic-stack-finalization | ORCH-OBS-007 | orch | 2026-02-17T17:03Z | 2026-02-17T17:08Z | 10K | 7K | |
| ORCH-OBS-009 | done | Seed default/reset local HUD layout with orchestration widgets so visibility works out-of-box | #411 | web | feature/mosaic-stack-finalization | ORCH-OBS-008 | orch | 2026-02-17T17:10Z | 2026-02-17T17:14Z | 8K | 6K | |
| ORCH-OBS-010 | done | Enrich TaskProgressWidget with latest recent-event context from /api/orchestrator/events/recent |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-009 | orch | 2026-02-17T17:15Z | 2026-02-17T17:20Z | 8K | 6K | |
| ORCH-OBS-011 | done | Add orchestrator health proxy and readiness badge (ready/degraded) in events widget |
#411 | web | feature/mosaic-stack-finalization | ORCH-OBS-010 | orch | 2026-02-17T17:22Z | 2026-02-17T17:27Z | 8K | 6K |
2026-02-17 Issue 424 — Orchestrator Provider-Aware Startup
Orchestrator: Jarvis (Codex runtime)
Issue: #424
Branch: fix/orchestrator-runtime-provider-config
Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ORCH-424-001 | done | Remove hard startup dependency on CLAUDE_API_KEY unless provider explicitly requires it |
#424 | orchestrator | fix/orchestrator-runtime-provider-config | ORCH-424-002 | 2026-02-17T17:15:18-06:00 | 12K | ||||
| ORCH-424-002 | done | Add provider/runtime-aware validation and startup diagnostics for required key availability | #424 | orchestrator | fix/orchestrator-runtime-provider-config | ORCH-424-001 | ORCH-424-003 | 2026-02-17T17:15:18-06:00 | 10K | |||
| ORCH-424-003 | done | Update env example docs for Codex/OpenCode/Claude multi-provider startup behavior | #424 | orchestrator,docs | fix/orchestrator-runtime-provider-config | ORCH-424-002 | ORCH-424-V01 | 2026-02-17T17:15:18-06:00 | 8K | |||
| ORCH-424-V01 | done | Verification: pnpm lint && pnpm typecheck && pnpm test healthy for non-Claude startup/runtime paths |
#424 | all | fix/orchestrator-runtime-provider-config | ORCH-424-001,ORCH-424-002,ORCH-424-003 | 2026-02-17T17:15:18-06:00 | 5K |