Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b03888d37f45415d799ea7339049fa9cc67471f0
OSIT-AE-App-Svelte/documentation/AGENT_TODO.md
Scott Idem b03888d37f Serious notes about security updates.
2026-02-13 19:21:51 -05:00

1.4 KiB
Raw Blame History

Frontend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: 🔴 Sev-1 Security Incident Recovery / Stabilized.

📋 Active Task: Post-Incident Security Recovery

  • Step 1: Conduct full audit of PUBLIC_AE_API_SECRET_KEY usage. Determine if it can be moved to server-side only.
  • Step 2: Replace simulation tests (tests/verify_jwt_logic.js) with real Playwright integration tests hitting the local dev API.
  • Step 3: Implement formal error boundaries for 403/401 API responses to provide user-friendly "Session Expired" or "Access Denied" UI.

🚧 Upcoming High Priority

  • Badge Rendering Fix: Refactor badge_template lookup to use V3 Triple ID pattern.
  • CRUD v2 Refactor: Finalize retirement of Element_ae_crud_v2.svelte in favor of V3 Editor.
  • Temp Cleanup: Auto-removal of native .tmp files older than 24h.

Completed Recently

  • [Security] Purged redundant x-aether-api-token from frontend and notified backend.
  • [Security] Fixed misplaced Access-Control-Allow-Origin request headers.
  • [Security] Implemented "Account ID Scavenging" to fix hydration race conditions.
  • [API] Unified all CRUD helpers to standard V3 /v3/crud/... paths.
  • [Framework] Implemented AE_Obj_Field_Editor_V3 with Svelte 5 Runes.
  • [IDAA] Verify Bulletin Board and Recovery Meetings functionality.
Reference in New Issue View Git Blame Copy Permalink