Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renamed the todo file for agents.

Browse Source
This commit is contained in:
Scott Idem
2026-03-10 16:26:51 -04:00
parent 25de8b9400
commit d35f374a45
4 changed files with 45 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
GEMINI.md
View File

@@ -35,6 +35,6 @@ You must follow the safety, testing, and coordination standards defined in:
## 🤝 Coordination & Continuity ## 🤝 Coordination & Continuity
- **Handshake:** Use the `message` tool to notify the Frontend Agent of API changes. - **Handshake:** Use the `message` tool to notify the Frontend Agent of API changes.
- **Active Tasks:** Track your progress in `documentation/AGENT_TODO.md`. - **Active Tasks:** Track your progress in `documentation/TODO__Agents.md`.
- **Lookup Milestone:** Batch 1 (Country, Subdivision, Timezone) complete. V3.1 goal set for Batch 2 and Novi-Mailman bridge. - **Lookup Milestone:** Batch 1 (Country, Subdivision, Timezone) complete. V3.1 goal set for Batch 2 and Novi-Mailman bridge.
- **Learning:** Review `ARCH__V3_CORE_STANDARDS.md` for V4 lifecycle field migration planning. - **Learning:** Review `ARCH__V3_CORE_STANDARDS.md` for V4 lifecycle field migration planning.

39
documentation/AGENT_TODO.md
View File

@@ -1,39 +0,0 @@
# Backend Agent Task List
> Use this file to track steps for complex features or bug fixes.
> **Status:** 🟢 STABLE - Security Hardening Complete.
## 📋 Active Tasks
- [x] **Core Isolation:** Harden `apply_forced_account_filter` to Fail-Closed.
- [x] **IDAA Baseline:** Remove `public_read` from Event, CMS, and Archive objects.
- [x] **Detailed Feedback:** Implement descriptive 403 Forbidden reasons.
- [x] **Audit Suite:** Establish `test_e2e_v3_security_audit.py` as a permanent safeguard.
- [x] **Polymorphic For_ID Patterns:** Add ID Vision to Address, Contact, and DataStore objects.
- [x] **Event File Hash_SHA256 Fix:** Populate hosted_file_hash_sha256 correctly.
- [ ] **Step 1: ID Vision Parity Audit**
- [x] Audit Core Event Models (Badge, Session, Presentation).
- [x] Audit File/Exhibit Models (File, Template, Tracking).
- [x] Whitelist `account_id` in all Event search definitions.
- [x] Audit Relational "Low-Priority" Models (Address, Contact, DataStore).
- [x] **V3 Uniform Lookup System:** Phase 1 & 2 Complete (Hierarchical ranking, Whitelisting, Priority filtering).
- [ ] Verify SQL Views join in all required `_random` IDs for performance.
- [ ] **Step 2:** Coordination (Verify Frontend uses `x-account-id` instead of token).
## 🛡️ Security & Privacy Baseline (IDAA)
- **Status:** **ENFORCED**.
- **Principle:** Every object requires an Account Context except `site_domain`.
- **Maintenance:** Run `tests/e2e/test_e2e_v3_security_audit.py` after ANY router or registry change.
## 🚧 Upcoming Strategic Goals (V3.1+)
- **IDAA Novi-Mailman Bridge:** Establish synchronization between Novi AMS and Mailman 3 mailing lists.
- **Lookup System Batch 2:** Migration of `post_topic`, `user_status`, `file_purpose` (ON HOLD).
- **Lookup Resolve Whitelist:** Extend `resolve` endpoint to respect site policies.
- **Zoom Events Integration:** Implement cron synchronization for OAuth2 ticket retrieval.
- **Aether V4 Architecture:** Migration to V4 core standards (Lifecycle fields).
## 📝 Session Notes (Feb 20, 2026)
- **Implemented:** V3 Uniform Lookup router and methods with `ROW_NUMBER()` hierarchy.
- **Standardized:** Normalization of `lu_v3_*` tables (group, priority, sort, underscore names).
- **Added:** Site-specific whitelisting via `site.cfg_json` -> `lookup_policy`.
- **Enhanced:** `only_priority` filtering and `COALESCE` sort stability for all lookups.
- **Resolved:** Type-safe authorization check for sites (string-based `account_id_random` comparison).
- **Verified:** E2E suite `test_e2e_v3_lookup.py` passes at 100% for all scenarios.

2
documentation/GUIDE__DEVELOPMENT.md
View File

@@ -32,5 +32,5 @@ You are not working in a vacuum. You MUST coordinate with the Frontend Agent.
Before starting work: Before starting work:
1. Read `~/agents_sync/README.md` to understand the fleet status and cross-agent tasks. 1. Read `~/agents_sync/README.md` to understand the fleet status and cross-agent tasks.
2. Check `README.md` in the project root for technical specs. 2. Check `README.md` in the project root for technical specs.
3. Review your local `documentation/AGENT_TODO.md` for active tasks. 3. Review your local `documentation/TODO__Agents.md` for active tasks.
4. You must be able to explain what needs to be done and why before you start coding. This is important, as it demonstrates understanding and ensures alignment with project goals. 4. You must be able to explain what needs to be done and why before you start coding. This is important, as it demonstrates understanding and ensures alignment with project goals.

43
documentation/TODO__Agents.md Normal file
View File

@@ -0,0 +1,43 @@
# Backend Agent Task List
> Use this file to track steps for complex features or bug fixes.
> **Status:** 🔵 DEPLOYMENT READY - Unified Docker Orchestration Complete.
## 🚀 Recent Infrastructure Wins
- [x] **Self-Contained Build:** `Dockerfile` and `requirements.txt` moved to project root.
- [x] **Dependency Pruning:** Removed 6 redundant/unused Python packages.
- [x] **Unified Orchestration:** API now builds as part of the `aether_container_env` stack.
## 📋 Operational Hardening (Next Steps)
- [ ] **Healthcheck:** Implement `/health` route to verify DB/Redis status for Docker orchestration.
- [ ] **Config Refactor:** Switch `app/config.py` to `pydantic-settings` to use direct Env Vars (Stop mounting config files).
- [ ] **Locking:** Generate a `requirements.lock` for bit-identical builds.
## 📋 Feature Tasks
- [x] **Core Isolation:** Harden `apply_forced_account_filter` to Fail-Closed.
- [x] **IDAA Baseline:** Remove `public_read` from Event, CMS, and Archive objects.
- [x] **Detailed Feedback:** Implement descriptive 403 Forbidden reasons.
- [x] **Polymorphic For_ID Patterns:** Add ID Vision to Address, Contact, and DataStore objects.
- [x] **Event File Hash_SHA256 Fix:** Populate hosted_file_hash_sha256 correctly.
- [ ] **Step 1: ID Vision Parity Audit**
- [x] Audit Core Event Models (Badge, Session, Presentation).
- [x] Audit File/Exhibit Models (File, Template, Tracking).
- [x] Whitelist `account_id` in all Event search definitions.
- [x] Audit Relational "Low-Priority" Models (Address, Contact, DataStore).
- [x] **V3 Uniform Lookup System:** Phase 1 & 2 Complete.
- [ ] Verify SQL Views join in all required `_random` IDs for performance.
- [ ] **Step 2:** Coordination (Verify Frontend uses `x-account-id` instead of token).
## 🛡️ Security & Privacy Baseline (IDAA)
- **Status:** **ENFORCED**.
- **Maintenance:** Run `tests/e2e/test_e2e_v3_security_audit.py` after ANY router or registry change.
## 🚧 Strategic Goals (V3.5+)
- [ ] **Pydantic V2 / SQLAlchemy 2.0:** Major framework upgrade for performance and type safety.
- [ ] **Novi-Mailman Bridge:** Synchronization between Novi AMS and Mailman 3.
- [ ] **Lookup System Batch 2:** Migration of `post_topic`, `user_status`, `file_purpose`.
- [ ] **Zoom Events Integration:** Implement cron synchronization for OAuth2 ticket retrieval.
## 📝 Session Notes (March 10, 2026)
- **Unified Stack:** Merged API orchestration into the master environment.
- **Root Assets:** Docker assets are now part of this git repo again.
- **Pruning:** Successfully reduced dependency bloat in `requirements.txt`.