e5b94123a5
Mapped prefixed backend fields 'hosted_file_hash_sha256' and 'hosted_file_size' to flat 'hash_sha256' and 'file_size' properties in the Event File data layer. This resolves component crashes (TypeError: slice on null) by ensuring IndexedDB is populated with valid hash strings. Updated AGENT_TODO.md to reflect recently completed tasks.
1.5 KiB
1.5 KiB
Frontend Agent Task List
Use this file to track steps for complex features or bug fixes. Status: 🔴 Sev-1 Security Incident Recovery / Stabilized.
📋 Active Task: Post-Incident Security Recovery
- Step 1: Conduct full audit of
PUBLIC_AE_API_SECRET_KEYusage. Determine if it can be moved to server-side only. - Step 2: Replace simulation tests (
tests/verify_jwt_logic.js) with real Playwright integration tests hitting the local dev API. - Step 3: Implement formal error boundaries for 403/401 API responses to provide user-friendly "Session Expired" or "Access Denied" UI.
🚧 Upcoming High Priority
- CRUD v2 Refactor: Finalize retirement of
Element_ae_crud_v2.sveltein favor of V3 Editor. - Temp Cleanup: Auto-removal of native
.tmpfiles older than 24h.
✅ Completed Recently
- [UI] Badge Rendering Fix: Refactored
badge_templatelookup to use V3 Triple ID pattern. - [API] event_session Search Fix: Resolved 400 error (
Unauthorized search field 'account_id') via backend update. - [Security] Purged redundant
x-aether-api-tokenfrom frontend and notified backend. - [Security] Fixed misplaced
Access-Control-Allow-Originrequest headers. - [Security] Implemented "Account ID Scavenging" to fix hydration race conditions.
- [API] Unified all CRUD helpers to standard V3
/v3/crud/...paths. - [Framework] Implemented
AE_Obj_Field_Editor_V3with Svelte 5 Runes. - [IDAA] Verify Bulletin Board and Recovery Meetings functionality.