azaion/ui
1
0
Fork 0
mirror of https://github.com/azaion/ui.git synced 2026-06-21 09:21:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
70fb452805fbd21162e0bf0c64c193183bff14d1
ui/_docs/_autodev_state.md
T
Oleksandr Bezdieniezhnykh 70fb452805 [AZ-510] Auth bootstrap: POST refresh + chained /users/me 
Replace the broken `GET /api/admin/auth/refresh` (no `credentials:'include'`)
mount-time bootstrap with `POST /api/admin/auth/refresh` (with credentials)
chained to `GET /api/admin/users/me`. Returning users with a valid HttpOnly
refresh cookie no longer flash through `/login`. Closes Finding B3 / Vision P3.

- Add module-scoped `bootstrapInflight` guard (StrictMode double-mount safety)
  + test-only reset hook exported via the `src/auth` barrel; `tests/setup.ts`
  resets it in `afterEach` to prevent pending-promise leakage between tests.
- Defensive `hasPermission` against legacy `/users/me` payloads omitting
  `permissions`; default MSW handler now seeds `permissions` explicitly.
- Add `endpoints.admin.usersMe()` builder (STC-ARCH-02 forbids the literal).
- Bulk-swap 15 test files from `http.get` -> `http.post` for the refresh
  override so intentional bootstrap-fail tests still fail correctly.
- Update auth component description; mark B3 closed.
- Code review verdict PASS; static + fast suites green (231 / 13 skipped).

Batch report: _docs/03_implementation/batch_13_cycle3_report.md

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 02:59:31 +03:00

28 lines
1.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Autodev State
## Current Step
flow: existing-code
step: 10
name: Implement
status: in_progress
sub_step:
phase: 14
name: loop
detail: "batch 2 of 3 (AZ-511 next)"
retry_count: 0
cycle: 3
tracker: jira
## Notes
- Cycle 3 entered via auto-loop from cycle 2 retrospective.
- Cycle 3 epic: **AZ-509** — Auth bootstrap + classColors carve-out + admin class edit.
- Cycle 3 tasks (in implementation order — fixes first per user instruction):
1. **AZ-510** — Auth bootstrap refresh consolidation (3 pts; closes Finding B3 / Vision P3). Spec: `_docs/02_tasks/todo/AZ-510_auth_bootstrap_consolidation.md`.
2. **AZ-511** — classColors carve-out to `src/class-colors/` (3 pts; closes Finding F3 + 5-coupled-places exemption). Spec: `_docs/02_tasks/todo/AZ-511_classcolors_carve_out.md`.
3. **AZ-512** — Admin edit existing detection class (3 pts; closes Vision P12 / F10). BLOCKING cross-workspace verification at impl time — `admin/` must expose `PATCH /api/admin/classes/{id}`. Spec: `_docs/02_tasks/todo/AZ-512_admin_edit_detection_class.md`.
- Total cycle 3 complexity: 9 points; all PBIs at 3 pts (within 25 budget).
- Cycle 2 leftovers still pending (carried forward from `_docs/_process_leftovers/2026-05-12_az-498-deploy-and-key-revocations.md`):
- L-AZ-498-DEPLOY → scheduled for cycle 3 Step 16 (cross-workspace gate).
- L-AZ-499-OWM-REVOKE / L-AZ-501-GOOGLE-REVOKE → await user manual action at OWM / Google Cloud dashboards.
- Step 9 (New Task) status: **completed** for cycle 3 — 3 tasks created, epic linked, dependencies table updated. Per existing-code auto-chain rules, Step 9 is a **session boundary**: a new conversation is recommended before Step 10 (Implement).
Reference in New Issue View Git Blame Copy Permalink