Backend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: 🟢 STABLE - Security Hardening Complete.

📋 Active Tasks

Core Isolation: Harden apply_forced_account_filter to Fail-Closed.
IDAA Baseline: Remove public_read from Event, CMS, and Archive objects.
Detailed Feedback: Implement descriptive 403 Forbidden reasons.
Audit Suite: Establish test_e2e_v3_security_audit.py as a permanent safeguard.
Step 1: Audit low-priority MariaDB models for ID Vision parity.
Step 2: Refactor api_crud_v2.py (Reduce file size < 800 lines).
Step 3: Coordination (Verify Frontend uses x-account-id instead of token).

Status: ENFORCED.
Principle: Every object requires an Account Context except site_domain.
Maintenance: Run tests/e2e/test_e2e_v3_security_audit.py after ANY router or registry change.

Zoom Events Integration: Implement cron synchronization for OAuth2 ticket retrieval.
Aether V4 Architecture: Migration to V4 core standards (Lifecycle fields).

Resolved: Critical "Fail Open" search leak where missing context returned all records.
Hardened: Removed public_read from Events, Presentations, Posts, and Files.
Standardized: Updated 10+ core models with Vision Transformer pattern.
Verification: Security Audit Suite verified at 100% pass rate.