Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Serious notes about security updates.

Browse Source
This commit is contained in:
Scott Idem
2026-02-13 19:21:51 -05:00
parent f62bd9fb79
commit b03888d37f
3 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
documentation/AGENT_TODO.md
View File

@@ -1,18 +1,21 @@
# Frontend Agent Task List
> Use this file to track steps for complex features or bug fixes.
> **Status:** 🔵 Active - Launcher Stabilization complete.
> **Status:** 🔴 Sev-1 Security Incident Recovery / Stabilized.
## 📋 Active Task: Badge Rendering Fix
- [x] **Step 1:** Investigate `event_badge_template` table for corrupted numeric IDs. (Confirmed Fine / Database Integrity OK)
- [ ] **Step 2:** Refactor `badge_template` lookup in `+page.svelte` to use V3 Triple ID pattern (`id_random` or `event_badge_template_id_random`).
- [ ] **Step 3:** Implement inline field editing using `Element_ae_crud_v2.svelte` for badge fields (Admin tool pattern).
- [ ] **Step 4:** Finalize & Commit.
## 📋 Active Task: Post-Incident Security Recovery
- [ ] **Step 1:** Conduct full audit of `PUBLIC_AE_API_SECRET_KEY` usage. Determine if it can be moved to server-side only.
- [ ] **Step 2:** Replace simulation tests (`tests/verify_jwt_logic.js`) with real Playwright integration tests hitting the local dev API.
- [ ] **Step 3:** Implement formal error boundaries for 403/401 API responses to provide user-friendly "Session Expired" or "Access Denied" UI.
## 🚧 Upcoming High Priority
- **CRUD v2 Refactor:** Implement V3 API alignment for `Element_ae_crud_v2.svelte`.
- **Badge Rendering Fix:** Refactor `badge_template` lookup to use V3 Triple ID pattern.
- **CRUD v2 Refactor:** Finalize retirement of `Element_ae_crud_v2.svelte` in favor of V3 Editor.
- **Temp Cleanup:** Auto-removal of native `.tmp` files older than 24h.
## ✅ Completed Recently
- [x] **[IDAA]** Verify Bulletin Board functionality.
- [x] **[IDAA]** Verify Recovery Meetings functionality.
- [x] **[Journals]** Fix buttons missing `type="button"`.
- [x] **[Security]** Purged redundant `x-aether-api-token` from frontend and notified backend.
- [x] **[Security]** Fixed misplaced `Access-Control-Allow-Origin` request headers.
- [x] **[Security]** Implemented "Account ID Scavenging" to fix hydration race conditions.
- [x] **[API]** Unified all CRUD helpers to standard V3 `/v3/crud/...` paths.
- [x] **[Framework]** Implemented `AE_Obj_Field_Editor_V3` with Svelte 5 Runes.
- [x] **[IDAA]** Verify Bulletin Board and Recovery Meetings functionality.