b56bef0747
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Update CLAUDE.md to point to universal orchestrator guide - Add docs/tasks.md with 28 tasks across 4 phases: - Phase 1: Critical Security (MS-SEC-001 to MS-SEC-010) - Phase 2: High Security (MS-HIGH-001 to MS-HIGH-006) - Phase 3: Code Quality (MS-CQ-001 to MS-CQ-007) - Phase 4: Test Coverage (MS-TEST-001 to MS-TEST-005) - Add project-specific task-tracking.md reference Based on comprehensive codebase review (124 findings).
11 KiB
11 KiB
Tasks
| id | status | description | issue | repo | branch | depends_on | blocks | agent | started_at | completed_at | estimate | used |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MS-SEC-001 | not-started | SEC-ORCH-2: Add authentication to orchestrator API (spawn/kill/status endpoints) | orchestrator | fix/security-remediation | MS-SEC-002,MS-SEC-003,MS-SEC-004 | 15K | ||||||
| MS-SEC-002 | not-started | SEC-WEB-2: Fix WikiLinkRenderer XSS - sanitize entire HTML with DOMPurify before wiki-link processing | web | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | 10K | |||||
| MS-SEC-003 | not-started | SEC-ORCH-1: Fix secret scanner error handling - return explicit error state instead of false | orchestrator | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | 8K | |||||
| MS-SEC-004 | not-started | SEC-API-2/3: Fix guards swallowing DB errors - let Prisma errors propagate as 500s | api | fix/security-remediation | MS-SEC-001 | MS-SEC-010 | 10K | |||||
| MS-SEC-005 | not-started | SEC-API-1: Validate OIDC configuration at startup - fail fast if enabled but unconfigured | api | fix/security-remediation | MS-SEC-004 | MS-SEC-010 | 8K | |||||
| MS-SEC-006 | not-started | SEC-ORCH-3: Enable Docker sandbox by default, log warning when disabled | orchestrator | fix/security-remediation | MS-SEC-003 | MS-SEC-010 | 8K | |||||
| MS-SEC-007 | not-started | SEC-ORCH-4: Add inter-service authentication (orchestrator-coordinator API key) | orchestrator | fix/security-remediation | MS-SEC-006 | MS-SEC-010 | 15K | |||||
| MS-SEC-008 | not-started | SEC-ORCH-5/CQ-ORCH-3: Replace KEYS with SCAN in Valkey client | orchestrator | fix/security-remediation | MS-SEC-007 | MS-SEC-010 | 12K | |||||
| MS-SEC-009 | not-started | SEC-WEB-1: Sanitize OAuth callback parameters - validate error against allowlist | web | fix/security-remediation | MS-SEC-002 | MS-SEC-010 | 8K | |||||
| MS-SEC-010 | not-started | Phase 1 verification: Run security tests, validate all critical fixes | api | fix/security-remediation | MS-SEC-002,MS-SEC-003,MS-SEC-004,MS-SEC-005,MS-SEC-006,MS-SEC-007,MS-SEC-008,MS-SEC-009 | MS-HIGH-001 | 10K | |||||
| MS-HIGH-001 | not-started | SEC-WEB-3: Route all fetch() calls through API client for CSRF (ImportExportActions, KanbanBoard, ActiveProjectsWidget) | web | fix/high-security | MS-SEC-010 | MS-HIGH-006 | 15K | |||||
| MS-HIGH-002 | not-started | SEC-WEB-4: Remove or gate mock data in production paths (federation, workspaces, teams pages) | web | fix/high-security | MS-SEC-010 | MS-HIGH-006 | 12K | |||||
| MS-HIGH-003 | not-started | SEC-ORCH-11: Add rate limiting to orchestrator API with @nestjs/throttler | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | 10K | |||||
| MS-HIGH-004 | not-started | SEC-ORCH-10: Add Docker container hardening (CapDrop ALL, ReadonlyRootfs, PidsLimit) | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | 12K | |||||
| MS-HIGH-005 | not-started | SEC-ORCH-12: Add max concurrent agents enforcement with configurable limit | orchestrator | fix/high-security | MS-SEC-010 | MS-HIGH-006 | 10K | |||||
| MS-HIGH-006 | not-started | Phase 2 verification: Run security tests, validate all high-priority fixes | api | fix/high-security | MS-HIGH-001,MS-HIGH-002,MS-HIGH-003,MS-HIGH-004,MS-HIGH-005 | MS-CQ-001 | 10K | |||||
| MS-CQ-001 | not-started | CQ-API-1/2: Fix memory leaks - WebSocket timer, runner jobs interval | api | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 10K | |||||
| MS-CQ-002 | not-started | CQ-ORCH-1: Fix session Map memory leak - cleanup on terminal states | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 12K | |||||
| MS-CQ-003 | not-started | CQ-WEB-1/4: Fix stale closures in useWebSocket and useChat hooks | web | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 15K | |||||
| MS-CQ-004 | not-started | CQ-WEB-5: Fix boolean logic bug in ReactFlowEditor (?? to ||) | web | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 5K | |||||
| MS-CQ-005 | not-started | CQ-ORCH-5: Add atomic state transitions with Valkey Lua script | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 15K | |||||
| MS-CQ-006 | not-started | CQ-ORCH-6: Fix N+1 queries with MGET batch retrieval | orchestrator | fix/code-quality | MS-HIGH-006 | MS-CQ-007 | 12K | |||||
| MS-CQ-007 | not-started | Phase 3 verification: Run all tests, validate code quality fixes | api | fix/code-quality | MS-CQ-001,MS-CQ-002,MS-CQ-003,MS-CQ-004,MS-CQ-005,MS-CQ-006 | MS-TEST-001 | 10K | |||||
| MS-TEST-001 | not-started | Add tests for knowledge.service.ts (916 lines, untested) | api | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | 25K | |||||
| MS-TEST-002 | not-started | Add tests for admin.guard.ts and embeddings.service.ts | api | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | 15K | |||||
| MS-TEST-003 | not-started | Re-enable 23 skipped widget tests in web | web | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | 20K | |||||
| MS-TEST-004 | not-started | Investigate coordinator 16% coverage - fix test configuration | coordinator | fix/test-coverage | MS-CQ-007 | MS-TEST-005 | 15K | |||||
| MS-TEST-005 | not-started | Final verification: Full test suite, coverage report, quality gates pass | api | fix/test-coverage | MS-TEST-001,MS-TEST-002,MS-TEST-003,MS-TEST-004 | 15K |