Tasks

id	status	description	issue	repo	branch	depends_on	blocks	agent	started_at	estimate
MS-SEC-001	in-progress	SEC-ORCH-2: Add authentication to orchestrator API	#337	orchestrator	fix/security		MS-SEC-002	worker-1	2026-02-05T15:15:00Z	15K
MS-SEC-002	not-started	SEC-WEB-2: Fix WikiLinkRenderer XSS (sanitize HTML before wiki-links)	#337	web	fix/security	MS-SEC-001	MS-SEC-003			8K
MS-SEC-003	not-started	SEC-ORCH-1: Fix secret scanner error handling (return error state)	#337	orchestrator	fix/security	MS-SEC-002	MS-SEC-004			8K
MS-SEC-004	not-started	SEC-API-2+3: Fix guards swallowing DB errors (propagate as 500s)	#337	api	fix/security	MS-SEC-003	MS-SEC-005			10K
MS-SEC-005	not-started	SEC-API-1: Validate OIDC config at startup (fail fast if missing)	#337	api	fix/security	MS-SEC-004	MS-SEC-006			8K
MS-SEC-006	not-started	SEC-ORCH-3: Enable Docker sandbox by default, warn when disabled	#337	orchestrator	fix/security	MS-SEC-005	MS-SEC-007			10K
MS-SEC-007	not-started	SEC-ORCH-4: Add auth to inter-service communication (API key)	#337	orchestrator	fix/security	MS-SEC-006	MS-SEC-008			15K
MS-SEC-008	not-started	SEC-ORCH-5+CQ-ORCH-3: Replace KEYS with SCAN in Valkey client	#337	orchestrator	fix/security	MS-SEC-007	MS-SEC-009			12K
MS-SEC-009	not-started	SEC-ORCH-6: Add Zod validation for deserialized Redis data	#337	orchestrator	fix/security	MS-SEC-008	MS-SEC-010			12K
MS-SEC-010	not-started	SEC-WEB-1: Sanitize OAuth callback error parameter	#337	web	fix/security	MS-SEC-009	MS-SEC-011			5K
MS-SEC-011	not-started	CQ-API-6: Replace hardcoded OIDC values with env vars	#337	api	fix/security	MS-SEC-010	MS-SEC-012			8K
MS-SEC-012	not-started	CQ-WEB-5: Fix boolean logic bug in ReactFlowEditor	#337	web	fix/security	MS-SEC-011	MS-SEC-013			3K
MS-SEC-013	not-started	SEC-API-4: Add workspaceId query verification tests	#337	api	fix/security	MS-SEC-012	MS-SEC-V01			20K
MS-SEC-V01	not-started	Phase 1 Verification: Run full quality gates	#337	all	fix/security	MS-SEC-013	MS-HIGH-001			5K
MS-HIGH-001	not-started	SEC-API-5: Fix OpenAI embedding service dummy key handling	#338	api	fix/high	MS-SEC-V01	MS-HIGH-002			8K
MS-HIGH-002	not-started	SEC-API-6: Add structured logging for embedding failures	#338	api	fix/high	MS-HIGH-001	MS-HIGH-003			8K
MS-HIGH-003	not-started	SEC-API-7: Bind CSRF token to session with HMAC	#338	api	fix/high	MS-HIGH-002	MS-HIGH-004			12K
MS-HIGH-004	not-started	SEC-API-8: Log ERROR on rate limiter fallback, add health check	#338	api	fix/high	MS-HIGH-003	MS-HIGH-005			10K
MS-HIGH-005	not-started	SEC-API-9: Implement proper system admin role	#338	api	fix/high	MS-HIGH-004	MS-HIGH-006			15K
MS-HIGH-006	not-started	SEC-API-10: Add rate limiting to auth catch-all	#338	api	fix/high	MS-HIGH-005	MS-HIGH-007			8K
MS-HIGH-007	not-started	SEC-API-11: Validate DEFAULT_WORKSPACE_ID as UUID	#338	api	fix/high	MS-HIGH-006	MS-HIGH-008			5K
MS-HIGH-008	not-started	SEC-WEB-3: Route all fetch() through API client (CSRF)	#338	web	fix/high	MS-HIGH-007	MS-HIGH-009			12K
MS-HIGH-009	not-started	SEC-WEB-4: Gate mock data behind NODE_ENV check	#338	web	fix/high	MS-HIGH-008	MS-HIGH-010			10K
MS-HIGH-010	not-started	SEC-WEB-5: Log auth errors, distinguish backend down	#338	web	fix/high	MS-HIGH-009	MS-HIGH-011			8K
MS-HIGH-011	not-started	SEC-WEB-6: Enforce WSS, add connect_error handling	#338	web	fix/high	MS-HIGH-010	MS-HIGH-012			8K
MS-HIGH-012	not-started	SEC-WEB-7+CQ-WEB-7: Implement optimistic rollback on Kanban	#338	web	fix/high	MS-HIGH-011	MS-HIGH-013			12K
MS-HIGH-013	not-started	SEC-WEB-8: Handle non-OK responses in ActiveProjectsWidget	#338	web	fix/high	MS-HIGH-012	MS-HIGH-014			8K
MS-HIGH-014	not-started	SEC-WEB-9: Disable QuickCaptureWidget with Coming Soon	#338	web	fix/high	MS-HIGH-013	MS-HIGH-015			5K
MS-HIGH-015	not-started	SEC-WEB-10+11: Standardize API base URL and auth mechanism	#338	web	fix/high	MS-HIGH-014	MS-HIGH-016			12K
MS-HIGH-016	not-started	SEC-ORCH-7: Add circuit breaker to coordinator loops	#338	coordinator	fix/high	MS-HIGH-015	MS-HIGH-017			15K
MS-HIGH-017	not-started	SEC-ORCH-8: Log queue corruption, backup file	#338	coordinator	fix/high	MS-HIGH-016	MS-HIGH-018			10K
MS-HIGH-018	not-started	SEC-ORCH-9: Whitelist allowed env vars in Docker	#338	orchestrator	fix/high	MS-HIGH-017	MS-HIGH-019			10K
MS-HIGH-019	not-started	SEC-ORCH-10: Add CapDrop, ReadonlyRootfs, PidsLimit	#338	orchestrator	fix/high	MS-HIGH-018	MS-HIGH-020			12K
MS-HIGH-020	not-started	SEC-ORCH-11: Add rate limiting to orchestrator API	#338	orchestrator	fix/high	MS-HIGH-019	MS-HIGH-021			10K
MS-HIGH-021	not-started	SEC-ORCH-12: Add max concurrent agents limit	#338	orchestrator	fix/high	MS-HIGH-020	MS-HIGH-022			8K
MS-HIGH-022	not-started	SEC-ORCH-13: Block YOLO mode in production	#338	orchestrator	fix/high	MS-HIGH-021	MS-HIGH-023			8K
MS-HIGH-023	not-started	SEC-ORCH-14: Sanitize issue body for prompt injection	#338	coordinator	fix/high	MS-HIGH-022	MS-HIGH-024			12K
MS-HIGH-024	not-started	SEC-ORCH-15: Warn when VALKEY_PASSWORD not set	#338	orchestrator	fix/high	MS-HIGH-023	MS-HIGH-025			5K
MS-HIGH-025	not-started	CQ-ORCH-6: Fix N+1 with MGET for batch retrieval	#338	orchestrator	fix/high	MS-HIGH-024	MS-HIGH-026			10K
MS-HIGH-026	not-started	CQ-ORCH-1: Add session cleanup on terminal states	#338	orchestrator	fix/high	MS-HIGH-025	MS-HIGH-027			10K
MS-HIGH-027	not-started	CQ-API-1: Fix WebSocket timer leak (clearTimeout in catch)	#338	api	fix/high	MS-HIGH-026	MS-HIGH-028			8K
MS-HIGH-028	not-started	CQ-API-2: Fix runner jobs interval leak (clearInterval)	#338	api	fix/high	MS-HIGH-027	MS-HIGH-029			8K
MS-HIGH-029	not-started	CQ-WEB-1: Fix useWebSocket stale closure (use refs)	#338	web	fix/high	MS-HIGH-028	MS-HIGH-030			10K
MS-HIGH-030	not-started	CQ-WEB-4: Fix useChat stale messages (functional updates)	#338	web	fix/high	MS-HIGH-029	MS-HIGH-V01			10K
MS-HIGH-V01	not-started	Phase 2 Verification: Run full quality gates	#338	all	fix/high	MS-HIGH-030	MS-MED-001			5K

11 KiB Raw Blame History

Tasks

11 KiB

Raw Blame History