From 02a84b074a6dafece399f589daa89d880af95fc9 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Tue, 2 Jun 2026 05:17:09 -0400 Subject: [PATCH] plan(phase1): ScadaBridge re-arch C4 done+reviewed (TransportExport excludes keys); C5 (retire entity) next --- .../2026-06-02-auth-audit-normalization-phase1.md | 15 ++++++++++++++- ...6-06-02-auth-audit-normalization.md.tasks.json | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/docs/plans/2026-06-02-auth-audit-normalization-phase1.md b/docs/plans/2026-06-02-auth-audit-normalization-phase1.md index b6b6ab1..930687a 100644 --- a/docs/plans/2026-06-02-auth-audit-normalization-phase1.md +++ b/docs/plans/2026-06-02-auth-audit-normalization-phase1.md @@ -260,7 +260,20 @@ CentralUI blast radius (string keyId + scopes replace int Id + ApprovedApiKeyIds guidance ("method saved, key scopes partially applied — review on API Keys page"), create validation order, concurrent- edit reconciler test. CentralUI.Tests 595 green; all other suites unchanged. TransportExport + SQL Server entities/repo untouched (C4/C5). (Also removed a stray `Name` artifact file from an accidental redirect — not committed.) -- **C4/C5 — PENDING** (C4 next: TransportExport excludes API keys — methods-only; then C5 retires the SQL Server entity). +- **C4 — DONE + reviewed** (SB commits `731cfd3` rewire, `b13d7b3` review polish). TransportExport excludes inbound API + keys (methods-only) end-to-end — UI selection, `ExportSelection`, DependencyResolver, EntitySerializer/DTOs, BundleExporter, + manifest/summary, CLI `--api-keys`, ManagementActor `HandleExportBundle`, and the IMPORT path (BundleImporter/ArtifactDiff: + no key creation; method overwrite PRESERVES the destination's existing `ApprovedApiKeyIds`, doesn't clobber). Method export + drops `ApprovedApiKeyIds`. Backward-compat: legacy bundles with an `apiKeys` section still deserialize (tolerant `ApiKeys?` + field via shared `BundleJsonOptions` + `WhenWritingNull`) and are IGNORED on import with an `ImportResult.ApiKeysIgnored` + count + audit stamp; new exports omit the field. UI info note added. Spec PASS, code-review APPROVED (note: review I-1 + "added-unrestricted count" intentionally SKIPPED — wrong model: inbound auth is scope-based, the verifier ignores + `ApprovedApiKeyIds`, so a new method is callable by NO key until a scope is granted). Transport.Tests 60, IntegrationTests + 34 green. SQL Server `ApiKey`/`ApiMethod` entities + repo untouched (C5). +- **C5 (=E) — PENDING** (next/last: retire SQL Server `ApiKey` entity + repo key methods + `ApprovedApiKeyIds` + residual + `ApiKeyValidator`/`ApiKeyHasher`; EF migration; runbook + CHANGELOG). +- Aside (unrelated to C4): the 6 `StaleTagMonitor`/`StaleTagMonitorRaceTests` failures seen under parallel load are + pre-existing flaky OPC-UA timer tests (pass in isolation), NOT caused by this work. ## Resolved decisions (2026-06-02) diff --git a/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json b/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json index 29d7fcc..8c70d1a 100644 --- a/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json +++ b/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json @@ -36,7 +36,7 @@ {"id": 33, "subject": "Task 1.3-C1: ScadaBridge re-pin 0.1.3 + IInboundApiKeyAdmin seam (additive) + baseline reds fixed", "status": "completed", "blockedBy": [32]}, {"id": 34, "subject": "Task 1.3-C2: ManagementActor + CLI + Commons messages onto seam", "status": "completed", "blockedBy": [33]}, {"id": 35, "subject": "Task 1.3-C3: CentralUI pages onto seam (string keyId + scopes)", "status": "completed", "blockedBy": [33]}, - {"id": 36, "subject": "Task 1.3-C4: TransportExport exclude API keys (methods-only)", "status": "pending", "blockedBy": [33, 35]}, + {"id": 36, "subject": "Task 1.3-C4: TransportExport exclude API keys (methods-only)", "status": "completed", "blockedBy": [33, 35]}, {"id": 37, "subject": "Task 1.3-C5 (=E): retire SQL Server ApiKey entity + EF migration + runbook", "status": "pending", "blockedBy": [34, 35, 36]} ], "lastUpdated": "2026-06-02"