mirror of https://github.com/azaion/admin.git synced 2026-06-21 15:51:10 +00:00

Files

T

Oleksandr Bezdieniezhnykh f369153149 [AZ-552] [AZ-553] [AZ-554] [AZ-555] Cycle-2 hotfix: deploy/infra chain

Batch 5 (cycle 2 hotfix sprint, batch 1 of 2). 6 story points under epic
AZ-530. Addresses 2 Critical + 2 High deploy-blocking findings from
security_report_cycle2.md (F-INFRA-1..F-INFRA-4).

AZ-552 — drop_jwt_secret_deploy_preflight (1 pt, F-INFRA-1 Critical)
  scripts/start-services.sh swaps obsolete JwtConfig__Secret preflight
  for the cycle-2 trio (KeysFolder + ActiveKid + DataProtection.KeysFolder).
  .env.example, env/api/env.ps1, _docs/04_deploy/* updated to match. Repo
  scan in scripts/ and .env.example returns 0 offenders.

AZ-553 — bind_mount_es256_keys (2 pts, F-INFRA-2 Critical)
  start-services.sh bind-mounts DEPLOY_HOST_JWT_KEYS_DIR read-only at
  /etc/azaion/jwt-keys; preflight fails fast on a missing or empty host
  directory with operator-actionable error messages.

AZ-554 — persist_dataprotection_keys (2 pts, F-INFRA-3 High)
  Program.cs DataProtection wiring now fails fast in Production when
  KeysFolder is unset OR not probe-writable. start-services.sh bind-mounts
  DEPLOY_HOST_DP_KEYS_DIR read-write at /var/lib/azaion/dp-keys.
  Development behaviour unchanged (ephemeral default).

AZ-555 — secrets_readme_es256_rewrite (1 pt, F-INFRA-4 High)
  secrets/README.md schema fully rewritten; new "Host-side directories"
  subsection with bind-mount table + ownership/permission guidance.
  Cycle-1 JwtConfig__Secret removed from live schema (one prose
  deprecation paragraph retained).

Adjacent hygiene
  module-layout.md "Owns" extended to include scripts/, secrets/, env/,
  .env.example (gap from Step 9 new-task layout-delta).

Tests
  e2e/Azaion.E2E/Tests/Cycle2HotfixDeployTests.cs — 19 facts (8 exec,
  11 Skip with rationale per AZ-537/AZ-538 precedent). Skipped tests
  cover preflight/restart/Production-only paths verified at deploy gate.

Build: 0W 0E across Azaion.AdminApi + Azaion.E2E.
Test run deferred to autodev Step 11 (Run Tests).
Tracker transition deferred to next batch (MCP availability unverified
in this session — Leftovers pattern).

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-14 09:35:57 +03:00

5.2 KiB

Raw Blame History

Dependencies Table

Date: 2026-05-14 (post cycle-2 hotfix batch 1; previous 2026-05-14) Total Tasks: 25 (7 done test tasks + 4 done product tasks + 5 done cross-workspace + 3 done CMMC + 5 done auth-modernization + 4 done cycle-2 hotfix + 2 todo cycle-2 hotfix) Total Complexity Points: 82 (77 done + 5 todo)

Task	Name	Complexity	Dependencies	Epic	Status
AZ-189	test_infrastructure	5	None	AZ-188	done
AZ-190	auth_tests	3	AZ-189	AZ-188	done
AZ-191	user_mgmt_tests	5	AZ-189, AZ-190	AZ-188	done
AZ-192	hardware_tests	3	AZ-189, AZ-190	AZ-188	done
AZ-193	resource_tests	5	AZ-189, AZ-190, AZ-192	AZ-188	done
AZ-194	security_tests	3	AZ-189, AZ-190	AZ-188	done
AZ-195	resilience_perf_tests	5	AZ-189, AZ-190	AZ-188	done
AZ-183	resources_table_update_api	3	None	AZ-181	done
AZ-196	register_device_endpoint	2	None	AZ-181	done
AZ-197	remove_hardware_id	3	None	AZ-181	done
AZ-513	classes_crud_routes	3	None	AZ-509	done
AZ-531	refresh_token_flow	5	None	AZ-529	done
AZ-532	asymmetric_signing_jwks	5	None	AZ-529	done
AZ-533	mission_token_uav	5	AZ-531	AZ-529	done
AZ-534	totp_2fa_login	5	None (coord. AZ-531/537)	AZ-529	done
AZ-535	logout_revocation	3	AZ-531	AZ-529	done
AZ-536	argon2id_password_hashing	3	None	AZ-530	done
AZ-537	login_rate_limit_lockout	3	None (coord. AZ-536)	AZ-530	done
AZ-538	cors_https_only_hsts	2	None	AZ-530	done
AZ-552	drop_jwt_secret_deploy_preflight	1	None	AZ-530	done
AZ-553	bind_mount_es256_keys	2	AZ-552	AZ-530	done
AZ-554	persist_dataprotection_keys	2	AZ-553	AZ-530	done
AZ-555	secrets_readme_es256_rewrite	1	AZ-552, AZ-553, AZ-554	AZ-530	done
AZ-556	unify_login_error_codes	2	None	AZ-530	todo
AZ-557	mfa_brute_force_lockout	3	AZ-534, AZ-537	AZ-530	todo

Notes

AZ-529 / AZ-530 added 2026-05-14: two new epics covering the auth-mechanism modernization and a focused CMMC compliance pass.
- AZ-529 — Auth Mechanism Modernization (5 tasks, 23 pts): refresh-token flow, asymmetric signing + JWKS, mission tokens for UAV, TOTP 2FA, logout/revocation. AZ-531 is the foundation that AZ-533 and AZ-535 build on; AZ-532 is independent and can land first or in parallel.
- AZ-530 — CMMC Compliance Hardening (3 tasks, 8 pts): Argon2id password hashing, /login rate limit + lockout, CORS https-only + HSTS. All three are independent and shippable now; AZ-536 + AZ-537 both touch UserService.ValidateUser so land AZ-536 first.
MFA scope: TOTP enrollment + login validation lives in admin only (AZ-534). Other services (satellite-provider, gps-denied, ui) consume the amr claim if they need step-up checks — they do NOT enforce MFA themselves.
Cross-workspace verifier work (satellite-provider, gps-denied, ui must switch from HS256 shared secret to JWKS verification, plus add denylist polling) is intentionally deferred to per-workspace tickets, to be filed once admin's AZ-529 epic is close to shipping.
AZ-513 added 2026-05-13 (cross-workspace prerequisite from ui/ workspace AZ-512). Filed under epic AZ-509.
AZ-197 originally listed Component: Admin API, Loader; the Loader workspace was architecturally retired (see suite/_docs/_repo-config.yaml unresolved:loader-retirement-arch-doc) and the spec was adapted on 2026-05-13 to be admin-only.
AZ-552..AZ-557 added 2026-05-14 as the cycle-2 hotfix sprint blocking the next deploy. All six roll up to AZ-530 per the cycle-2-hotfix / AZ-530-followup Jira labels. Source of truth: _docs/05_security/security_report_cycle2.md "Tracker Follow-Ups" section. 11 story points total. Recommended landing order: AZ-552 → AZ-553 → AZ-554 → AZ-555 (docs) in one PR train; AZ-556 + AZ-557 (auth-surface) can land in parallel with the deploy chain. None of the six depend on the deferred Medium / Low items (AZ-NEW-7..AZ-NEW-15 — see security_report_cycle2.md "Open" table).

5.2 KiB Raw Blame History

Dependencies Table

Notes

5.2 KiB

Raw Blame History