chore(orchestrator): Wave 1 complete — fix merge conflicts, mark tasks done

Fix typecheck: addMessage/findById now require userId (from PR #293). Mark M2-001/002/005/006 done. All Wave 1 tasks complete (9/65). PRs #290, #292, #293, #294 merged. Issues #224-226, #232-237 closed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 15:35:28 -05:00
parent 05a805eeca
commit 6b0f789634
2 changed files with 24 additions and 18 deletions
--- a/docs/TASKS.md
+++ b/docs/TASKS.md
@@ -15,12 +15,12 @@
 | M1-006 | not-started | sonnet | M1: Persistence    | Conversation search: full-text search on messages table via /api/conversations/search                           | —    | #229                                 |
 | M1-007 | not-started | sonnet | M1: Persistence    | TUI: /history command to display conversation message count and context usage                                   | —    | #230                                 |
 | M1-008 | not-started | haiku  | M1: Persistence    | Verify: send messages → kill TUI → resume with -c → agent references prior context                              | —    | #231                                 |
-| M2-001 | not-started | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search                                      | —    | #232                                 |
-| M2-002 | not-started | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights()                                       | —    | #233                                 |
+| M2-001 | done        | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search                                      | #290 | #232 closed                          |
+| M2-002 | done        | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights()                                       | #290 | #233 closed                          |
 | M2-003 | done        | sonnet | M2: Security       | Audit PreferencesRepo: verify all queries filter by userId                                                      | #294 | #234 closed — already scoped         |
 | M2-004 | done        | sonnet | M2: Security       | Audit agent memory tools: verify memory*search, memory_save*_, memory*get*_ scope to session user               | #294 | #235 closed — FIXED userId injection |
-| M2-005 | not-started | sonnet | M2: Security       | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages           | —    | #236                                 |
-| M2-006 | not-started | sonnet | M2: Security       | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents                            | —    | #237                                 |
+| M2-005 | done        | sonnet | M2: Security       | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages           | #293 | #236 closed                          |
+| M2-006 | done        | sonnet | M2: Security       | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents                            | #293 | #237 closed                          |
 | M2-007 | not-started | sonnet | M2: Security       | Integration test: create two users, populate data, verify cross-user isolation on every query path              | —    | #238 TDD                             |
 | M2-008 | not-started | sonnet | M2: Security       | Audit Valkey keys: verify session keys include userId or are not enumerable across users                        | —    | #239                                 |
 | M3-001 | not-started | opus   | M3: Providers      | Refactor ProviderService into IProviderAdapter pattern: register(), listModels(), healthCheck(), createClient() | —    | #240 Verify Pi SDK compat            |