azaion/ui
1
0
Fork 0
mirror of https://github.com/azaion/ui.git synced 2026-06-21 11:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
70fb452805fbd21162e0bf0c64c193183bff14d1
ui/_docs/_autodev_state.md
T
Oleksandr Bezdieniezhnykh 70fb452805 [AZ-510] Auth bootstrap: POST refresh + chained /users/me 
Replace the broken `GET /api/admin/auth/refresh` (no `credentials:'include'`)
mount-time bootstrap with `POST /api/admin/auth/refresh` (with credentials)
chained to `GET /api/admin/users/me`. Returning users with a valid HttpOnly
refresh cookie no longer flash through `/login`. Closes Finding B3 / Vision P3.

- Add module-scoped `bootstrapInflight` guard (StrictMode double-mount safety)
  + test-only reset hook exported via the `src/auth` barrel; `tests/setup.ts`
  resets it in `afterEach` to prevent pending-promise leakage between tests.
- Defensive `hasPermission` against legacy `/users/me` payloads omitting
  `permissions`; default MSW handler now seeds `permissions` explicitly.
- Add `endpoints.admin.usersMe()` builder (STC-ARCH-02 forbids the literal).
- Bulk-swap 15 test files from `http.get` -> `http.post` for the refresh
  override so intentional bootstrap-fail tests still fail correctly.
- Update auth component description; mark B3 closed.
- Code review verdict PASS; static + fast suites green (231 / 13 skipped).

Batch report: _docs/03_implementation/batch_13_cycle3_report.md

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 02:59:31 +03:00

1.7 KiB
Raw Blame History

Autodev State

Current Step

flow: existing-code step: 10 name: Implement status: in_progress sub_step: phase: 14 name: loop detail: "batch 2 of 3 (AZ-511 next)" retry_count: 0 cycle: 3 tracker: jira

Notes

  • Cycle 3 entered via auto-loop from cycle 2 retrospective.
  • Cycle 3 epic: AZ-509 — Auth bootstrap + classColors carve-out + admin class edit.
  • Cycle 3 tasks (in implementation order — fixes first per user instruction):
    1. AZ-510 — Auth bootstrap refresh consolidation (3 pts; closes Finding B3 / Vision P3). Spec: _docs/02_tasks/todo/AZ-510_auth_bootstrap_consolidation.md.
    2. AZ-511 — classColors carve-out to src/class-colors/ (3 pts; closes Finding F3 + 5-coupled-places exemption). Spec: _docs/02_tasks/todo/AZ-511_classcolors_carve_out.md.
    3. AZ-512 — Admin edit existing detection class (3 pts; closes Vision P12 / F10). BLOCKING cross-workspace verification at impl time — admin/ must expose PATCH /api/admin/classes/{id}. Spec: _docs/02_tasks/todo/AZ-512_admin_edit_detection_class.md.
  • Total cycle 3 complexity: 9 points; all PBIs at 3 pts (within 25 budget).
  • Cycle 2 leftovers still pending (carried forward from _docs/_process_leftovers/2026-05-12_az-498-deploy-and-key-revocations.md):
    • L-AZ-498-DEPLOY → scheduled for cycle 3 Step 16 (cross-workspace gate).
    • L-AZ-499-OWM-REVOKE / L-AZ-501-GOOGLE-REVOKE → await user manual action at OWM / Google Cloud dashboards.
  • Step 9 (New Task) status: completed for cycle 3 — 3 tasks created, epic linked, dependencies table updated. Per existing-code auto-chain rules, Step 9 is a session boundary: a new conversation is recommended before Step 10 (Implement).
Reference in New Issue View Git Blame Copy Permalink