Explore Help

Scott.Idem/OSIT-AE-API-FastAPI

1

0

You've already forked OSIT-AE-API-FastAPI

Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files

9d89d4c8e49387ad07112e9d36ec8816263e0787

OSIT-AE-API-FastAPI/documentation/AGENT_TODO.md

Scott Idem f518d7a433 Saving notes

2026-02-20 19:46:03 -05:00

2.6 KiB

Raw Blame History

Backend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: 🟢 STABLE - Security Hardening Complete.

📋 Active Tasks

Core Isolation: Harden apply_forced_account_filter to Fail-Closed.
IDAA Baseline: Remove public_read from Event, CMS, and Archive objects.
Detailed Feedback: Implement descriptive 403 Forbidden reasons.
Audit Suite: Establish test_e2e_v3_security_audit.py as a permanent safeguard.
Polymorphic For_ID Patterns: Add ID Vision to Address, Contact, and DataStore objects.
Event File Hash_SHA256 Fix: Populate hosted_file_hash_sha256 correctly.
Step 1: ID Vision Parity Audit
- Audit Core Event Models (Badge, Session, Presentation).
- Audit File/Exhibit Models (File, Template, Tracking).
- Whitelist account_id in all Event search definitions.
- Audit Relational "Low-Priority" Models (Address, Contact, DataStore).
- V3 Uniform Lookup System: Phase 1 & 2 Complete (Hierarchical ranking, Whitelisting, Priority filtering).
- Verify SQL Views join in all required _random IDs for performance.
Step 2: Coordination (Verify Frontend uses x-account-id instead of token).

🛡️ Security & Privacy Baseline (IDAA)

Status: ENFORCED.
Principle: Every object requires an Account Context except site_domain.
Maintenance: Run tests/e2e/test_e2e_v3_security_audit.py after ANY router or registry change.

🚧 Upcoming Strategic Goals (V3.1+)

IDAA Novi-Mailman Bridge: Establish synchronization between Novi AMS and Mailman 3 mailing lists.
Lookup System Batch 2: Migration of post_topic, user_status, file_purpose (ON HOLD).
Lookup Resolve Whitelist: Extend resolve endpoint to respect site policies.
Zoom Events Integration: Implement cron synchronization for OAuth2 ticket retrieval.
Aether V4 Architecture: Migration to V4 core standards (Lifecycle fields).

📝 Session Notes (Feb 20, 2026)

Implemented: V3 Uniform Lookup router and methods with ROW_NUMBER() hierarchy.
Standardized: Normalization of lu_v3_* tables (group, priority, sort, underscore names).
Added: Site-specific whitelisting via site.cfg_json -> lookup_policy.
Enhanced: only_priority filtering and COALESCE sort stability for all lookups.
Resolved: Type-safe authorization check for sites (string-based account_id_random comparison).
Verified: E2E suite test_e2e_v3_lookup.py passes at 100% for all scenarios.

Reference in New Issue View Git Blame Copy Permalink

Powered by Gitea Version: 1.25.4 Page: 15ms Template: 2ms

English

Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語简体中文繁體中文（台灣）繁體中文（香港） 한국어

Licenses API