Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25de8b94002e2705b2d5b34971668eb26bb934aa
OSIT-AE-API-FastAPI/documentation/AGENT_TODO.md
Scott Idem f518d7a433 Saving notes
2026-02-20 19:46:03 -05:00

2.6 KiB
Raw Blame History

Backend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: 🟢 STABLE - Security Hardening Complete.

📋 Active Tasks

  • Core Isolation: Harden apply_forced_account_filter to Fail-Closed.
  • IDAA Baseline: Remove public_read from Event, CMS, and Archive objects.
  • Detailed Feedback: Implement descriptive 403 Forbidden reasons.
  • Audit Suite: Establish test_e2e_v3_security_audit.py as a permanent safeguard.
  • Polymorphic For_ID Patterns: Add ID Vision to Address, Contact, and DataStore objects.
  • Event File Hash_SHA256 Fix: Populate hosted_file_hash_sha256 correctly.
  • Step 1: ID Vision Parity Audit
    • Audit Core Event Models (Badge, Session, Presentation).
    • Audit File/Exhibit Models (File, Template, Tracking).
    • Whitelist account_id in all Event search definitions.
    • Audit Relational "Low-Priority" Models (Address, Contact, DataStore).
    • V3 Uniform Lookup System: Phase 1 & 2 Complete (Hierarchical ranking, Whitelisting, Priority filtering).
    • Verify SQL Views join in all required _random IDs for performance.
  • Step 2: Coordination (Verify Frontend uses x-account-id instead of token).

🛡️ Security & Privacy Baseline (IDAA)

  • Status: ENFORCED.
  • Principle: Every object requires an Account Context except site_domain.
  • Maintenance: Run tests/e2e/test_e2e_v3_security_audit.py after ANY router or registry change.

🚧 Upcoming Strategic Goals (V3.1+)

  • IDAA Novi-Mailman Bridge: Establish synchronization between Novi AMS and Mailman 3 mailing lists.
  • Lookup System Batch 2: Migration of post_topic, user_status, file_purpose (ON HOLD).
  • Lookup Resolve Whitelist: Extend resolve endpoint to respect site policies.
  • Zoom Events Integration: Implement cron synchronization for OAuth2 ticket retrieval.
  • Aether V4 Architecture: Migration to V4 core standards (Lifecycle fields).

📝 Session Notes (Feb 20, 2026)

  • Implemented: V3 Uniform Lookup router and methods with ROW_NUMBER() hierarchy.
  • Standardized: Normalization of lu_v3_* tables (group, priority, sort, underscore names).
  • Added: Site-specific whitelisting via site.cfg_json -> lookup_policy.
  • Enhanced: only_priority filtering and COALESCE sort stability for all lookups.
  • Resolved: Type-safe authorization check for sites (string-based account_id_random comparison).
  • Verified: E2E suite test_e2e_v3_lookup.py passes at 100% for all scenarios.
Reference in New Issue View Git Blame Copy Permalink