fix(security): add username validation, constant-time login, default credential rejection, and tooling
This commit is contained in:
26
tasks/todo.md
Normal file
26
tasks/todo.md
Normal file
@@ -0,0 +1,26 @@
|
||||
# Aegis — Task Tracker
|
||||
|
||||
## In Progress
|
||||
|
||||
- [ ] Clean Architecture foundation: domain enums, value objects, entities, repository ports + implementations
|
||||
|
||||
## Completed
|
||||
|
||||
- [x] Domain exceptions hierarchy (domain/errors.py)
|
||||
- [x] TestEntity with state machine (domain/test_entity.py)
|
||||
- [x] Unit of Work (domain/unit_of_work.py)
|
||||
- [x] Error handler middleware (middleware/error_handler.py)
|
||||
- [x] Redis-backed token blacklist (auth.py)
|
||||
- [x] CI pipeline (.github/workflows/ci.yml)
|
||||
- [x] Heatmap service extracted (services/heatmap_service.py)
|
||||
- [x] Scoring bulk queries (bulk_technique_scores)
|
||||
- [x] Architecture skill file (.cursor/rules/aegis-architecture.md)
|
||||
- [x] Agent validation script (scripts/agent_validate_backend.sh)
|
||||
|
||||
## Backlog
|
||||
|
||||
- [ ] Application layer use cases
|
||||
- [ ] Migrate fat routers to use repositories
|
||||
- [ ] Scoring config persistence (DB instead of mutable settings)
|
||||
- [ ] Structured JSON logging
|
||||
- [ ] Frontend type generation from OpenAPI
|
||||
Reference in New Issue
Block a user