Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(idaa): mark Access Denied root cause investigation as resolved

Browse Source 
All 10 fixes applied and verified as of 2026-05-19. Collapsed the three
open issues into the completed checklist with commit references.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-05-19 16:06:45 -04:00
parent 53fd5e7de4
commit 71e79f032d
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
documentation/TODO__Agents.md
View File

@@ -77,6 +77,40 @@ guessing defaults.
## 🚧 Upcoming High Priority
### ~~[IDAA] Random "Access Denied" — Root Cause Review & Fixes~~ ✅ Resolved (2026-05-19)
All known root causes fixed across 10+ commits to `src/routes/idaa/(idaa)/+layout.svelte`.
Deploying as of 2026-05-19. Monitor for further member reports.
#### All fixes applied
- [x] Access Denied on iframe reload (sessionStorage URL preservation) — `2855e091f`
- [x] TTL cache bypassed when `$ae_loc` auth flags reset — `2855e091f`
- [x] "Verification Unavailable" screen distinct from "Access Denied" — `2855e091f`
- [x] "Try Again" without page reload (`retry_count` pattern) — `2855e091f`
- [x] Novi TTL extended to 45 minutes (from 5) — `2855e091f` + manual edit
- [x] 12 s AbortController hard timeout on Novi fetch — `e921ca973`
- [x] Network/AbortError gets 3 s grace + one retry — `e921ca973`
- [x] Clear Cache & Reload added to Access Denied state (iframe mode) — `2855e091f`
- [x] `VERIFY_TIMEOUT_MS` 8 s → 35 s (was firing mid-retry, causing premature Reset clicks) — `53fd5e7de`
- [x] `sessionStorage` try-catch (iOS Safari Private Browsing throws on access) — `53fd5e7de`
- [x] Appshell stores guarded behind `account_id``8850db89c`
- [x] Recovery meetings over-filtering bug (API `default_qry_str`) — `76e21b08f`
- [x] A→Z sort in recovery meetings API revalidation path — `c0386f27b`
- [x] `events.event` IDB content version bump (stale cache) — previous commit
#### Root layout SWR verified safe:
The root `+layout.ts` builds `ae_loc_init` as a plain site-config object (no `authenticated_access`,
`trusted_access`, or `access_type` fields). The root layout sync effect
`$ae_loc = { ...current_loc, ...ae_acct.loc }` therefore cannot overwrite Novi-set auth flags.
Confirmed safe — this is NOT a cause of Access Denied.
#### Remaining architectural note:
The long-term fix for the coarse `$ae_loc` reactivity (Svelte 4 store) causing Effect 2 to
re-run on unrelated writes is tracked under **[Stores] Svelte 4 → Svelte 5 State Migration**
below. The TTL + `verify_in_flight` guards are the current mitigation.
---
### [Stores] Svelte 4 → Svelte 5 State Migration (prerequisite for Phase 2c)
The app uses `svelte-persisted-store` (Svelte 4 store contract) for all core persisted state
(`ae_loc`, `idaa_loc`, `ae_api`, `ae_sess`, etc.). In Svelte 5 `$effect`, reading **any field**