bytelyst/learning_ai_notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(roadmap): record agent write hardening

Browse Source
This commit is contained in:
Saravana Achu Mac 2026-05-05 10:09:25 -07:00
parent 8a53dfd489
commit 7eda8dda00
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md
View File

@ -142,7 +142,7 @@ Goal: production starts fail closed and do not silently run with development-onl
- [x] **P3.2** Add tests for production config validation: missing secret, default secret, memory DB in production, missing Cosmos env, encryption provider requirements. Commit: `8007fac`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/lib/config.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Added 11 focused config tests covering dev ergonomics, safe production config, missing/default/short production JWTs, memory DB rejection, missing Cosmos env, disabled encryption, production memory provider rejection, env key requirements, and AKV URL requirements.
- [x] **P3.3** Review all unauthenticated backend endpoints. Keep `/health`, `/api/bootstrap`, and public share reads intentional; protect diagnostics or make them explicitly dev/admin-gated. Commit: `56a051a`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/diagnostics.test.ts src/server.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Kept `/health`, `/api/bootstrap`, and `/api/public/note-shares/:token` intentionally public; moved diagnostics into `diagnosticsRoutes()` with dev/test open access and production `admin`/`owner` auth via shared auth middleware.
- [x] **P3.4** Add or verify rate limiting and abuse controls for public share, auth-facing, prompt, intake, and LLM-backed endpoints using shared platform patterns where available. Commit: `ee4a8ab`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/lib/rate-limit.test.ts src/modules/notes/copilot.test.ts src/modules/note-prompts/note-prompts.test.ts src/modules/intake/routes.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Added a shared in-memory sliding-window limiter backed by `TooManyRequestsError` from `@bytelyst/errors`, replaced the local intake limiter, and guarded public share reads plus prompt, Smart Action, embedding, URL extraction, merge/compare, copilot, title suggestion, and workspace chat endpoints before expensive work begins. Auth-facing endpoints remain owned by common-platform `platform-service`.
- [ ] **P3.5** Verify agent write paths enforce role, product scope, workspace membership, idempotency, dry-run, and audit trail behavior. Add missing tests. Commit:
- [x] **P3.5** Verify agent write paths enforce role, product scope, workspace membership, idempotency, dry-run, and audit trail behavior. Add missing tests. Commit: `8a53dfd`; Verified: `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend exec vitest run src/mcp/note-tools.test.ts src/mcp/register-note-tools.test.ts src/modules/note-agent-actions/routes.test.ts src/modules/note-agent-actions/routes.integration.test.ts`; `GITEA_NPM_TOKEN=dummy pnpm --filter @notelett/backend run typecheck`; `git diff --check`. Added defense-in-depth role checks inside executable MCP tools, user/product/workspace/note scope guards before writes, duplicate idempotency-key rejection before side effects, and regression coverage for dry-run no-persistence, audit metadata, scoped updates, create-draft workspace ownership, and link-note product scope.
- [ ] **P3.6** Verify field encryption coverage for note body, sensitive artifact metadata, prompt content if needed, and agent action details. Add migration notes if fields are newly encrypted. Commit:
Acceptance criteria: