 Oleksandr Bezdieniezhnykh
|
09449bda2c
|
[AZ-510][AZ-511][AZ-512][AZ-513] Cycle 3 Steps 12-15 + admin prereq
ci/woodpecker/push/build-arm Pipeline failed
Wrap up cycle 3 across the autodev existing-code Phase B steps that
follow Implement (Steps 12-15), plus the cross-workspace prerequisite
ticket filed for AZ-512.
Step 12 - Test-Spec Sync:
- Un-quarantine FT-P-01 in traceability-matrix (closed by AZ-510)
- Add AZ-510 chained /users/me failure-path test reference under AC-23
- Note AZ-512 deferral status under O9 (P12 Phase B target)
Step 13 - Update Docs (task mode):
- Refresh src__auth__AuthContext module doc with AZ-510 wire shape
(POST refresh + chained /users/me + bootstrapInflight guard)
- Add usersMe() to src__api__endpoints module doc + consumer note
- Rename src__features__annotations__classColors module doc to
src__class-colors__classColors (matches AZ-511 git mv); refresh header
- Refresh src__components__DetectionClasses + src__features__annotations
module group doc for the new class-colors barrel import path
- Update components/11_class-colors Module Inventory to point at the
renamed module doc filename
- Rewrite system-flows.md Flow F2 (Bearer auto-refresh) with the AZ-510
POST + chained /users/me sequence; close Finding B3 references
- Generate ripple_log_cycle3 documenting all changed source files,
their reverse-dependency search results, and the docs touched
Step 14 - Security Audit (cycle-3 delta):
- Resume mode against cycle-2 baseline; cycle-2 artifacts untouched
- Re-run bun audit on both roots: clean (cycle-2 inline fix held)
- Re-rate OWASP A06: FAIL -> PASS; A07: PASS_WITH_KNOWN -> PASS (B3
closed by AZ-510)
- New finding F-SAST-CY3-1 (LOW): __resetBootstrapInflightForTests
exposed via src/auth public barrel; defer to hygiene cycle
- Verdict: FAIL -> PASS_WITH_WARNINGS; one HIGH (F-SAST-1
mission-planner git-history key, unchanged) remains
- Add amendment banner to cycle-2 security_report.md
Step 15 - Performance Test:
- Static profile NFT-PERF-01 PASS (290 575 B gzipped vs 2 MB budget;
~14% of budget; no regression from AZ-510 surface additions)
- E2E profile SKIP (Playwright perf project still pending AZ-457..AZ-482);
legitimate skip per test-run skill, gap acknowledged in report
- AZ-510 200ms p95 chain NFR verified at spec level only - no CI gate
yet (covered by future AZ-457..AZ-482 work)
Cross-workspace prerequisite (AZ-513 just filed):
- Updated _docs/_process_leftovers/2026-05-13_az-512-admin-classes-prereq.md
to reflect AZ-513 filing on admin/ workspace (parent epic AZ-509,
Blocks link to AZ-512). Companion task spec added in admin/ repo
(separate commit there, owned by admin/ workspace).
State file: advanced to Step 16 (Deploy) per autodev existing-code flow.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-13 03:58:21 +03:00 |
|
|
Oleksandr Bezdieniezhnykh
|
f7dd6c98d8
|
[AZ-501] [AZ-502] Cycle 2 Step 14 security audit + inline fixes
ci/woodpecker/push/build-arm Pipeline failed
Security audit (5 phases) → reports under _docs/05_security/.
AZ-501 (F-SAST-1, HIGH): Externalize hardcoded Google Geocode key
from mission-planner/src/config.ts to VITE_GOOGLE_GEOCODE_KEY via
new GeocodeService.ts; fail-soft warn when unset; STC-SEC1D static
deny-list gate; +5 unit tests in tests/mission_planner_geocode.test.ts.
AZ-502 (F-DEP-1, HIGH): Force vite>=6.4.2 and postcss>=8.5.10 via
package.json overrides in both roots; clean reinstall clears all
bun audit advisories.
Test-spec sync (Step 12) + Update Docs (Step 13) deltas: AC-43, AC-44,
NFT-SEC-09b, FT-P-61, FT-N-17, ripple log, batch_12 report.
Pending user actions: revoke Google + OWM keys (AC-6 / AZ-499 AC-7).
229 PASS / 13 SKIP / 0 FAIL on static + fast suites.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-12 05:31:11 +03:00 |
|
|
Oleksandr Bezdieniezhnykh
|
510df68bcf
|
[AZ-447] autodev Steps 1-4 baseline: docs, tests, refactor specs
Captures the full output of autodev existing-code Phase A through
Step 4 (Code Testability Revision) for the Azaion UI workspace:
- Step 1 Document: _docs/02_document/ (FINAL_report, architecture,
glossary, components/, modules/, diagrams/, system-flows,
module-layout) plus _docs/00_problem/ + _docs/01_solution/ +
_docs/legacy/ + _docs/how_to_test + README.
- Step 2 Architecture Baseline: architecture_compliance_baseline.md.
- Step 3 Test Spec: _docs/02_document/tests/ (environment,
test-data, blackbox/performance/resilience/security/
resource-limit tests, traceability-matrix), enum_spec_snapshot,
expected_results/results_report.md (98 rows), plus the
run-tests.sh + run-performance-tests.sh runners.
- Step 4 Code Testability Revision: 01-testability-refactoring/
run dir (list-of-changes C01-C07, deferred_to_refactor,
analysis/research_findings + refactoring_roadmap) and the 7
child task specs AZ-448..AZ-454 under _docs/02_tasks/todo/
plus _dependencies_table.md.
- _docs/_autodev_state.md pins the cursor at Step 4 / refactor
Phase 4 entry so /autodev resumes cleanly.
Epic AZ-447 (UI testability gates) tracks the 7 child tasks that
will land in subsequent commits.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-11 00:38:49 +03:00 |
|