284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
24 lines
4.1 KiB
JSON
24 lines
4.1 KiB
JSON
[
|
|
{ "id": "F001", "group": "presets", "implemented": true, "prdRefs": ["Data model"], "description": "Migration: agent_idp_providers gains kind ('google'|'microsoft'|'custom', default 'custom') + entra_tenant_id (nullable); existing rows = custom" },
|
|
{ "id": "F002", "group": "presets", "implemented": true, "prdRefs": ["Data model", "Risks"], "description": "OIDC discovery helper: fetch .well-known/openid-configuration -> { issuer, jwks_uri }, cached, reusing jose/fetch" },
|
|
{ "id": "F003", "group": "presets", "implemented": true, "prdRefs": ["Primary flows", "Data model"], "description": "Provider presets module: google (fixed issuer accounts.google.com + well-known JWKS, default subject_claim 'sub'); microsoft (issuer from entra tenant id, discover JWKS, default subject_claim 'azp')" },
|
|
{ "id": "F004", "group": "presets", "implemented": true, "prdRefs": ["Primary flows"], "description": "addTrustedIdp accepts { kind, entraTenantId } and resolves issuer/jwks_uri/subject_claim via preset + discovery; custom still accepts raw issuer/jwks/audience/claim" },
|
|
{ "id": "F005", "group": "presets", "implemented": true, "prdRefs": ["Data model"], "description": "/api/v1/mcp/idp-providers route + @product/mcp seam pass kind + entraTenantId through to addTrustedIdp" },
|
|
{ "id": "F006", "group": "presets", "implemented": true, "prdRefs": ["Primary flows", "UX"], "description": "Admin UI: provider dropdown (Microsoft Entra / Google / Custom) with conditional fields (Microsoft: tenant id; Google: none; Custom: raw)" },
|
|
{ "id": "F007", "group": "presets", "implemented": true, "prdRefs": ["Risks"], "description": "Admin UI shows the resolved issuer + JWKS read-only after a preset is chosen (transparency)" },
|
|
|
|
{ "id": "F008", "group": "reuse", "implemented": true, "prdRefs": ["Goals"], "description": "Service: detect tenant's existing Microsoft/Entra connection (microsoft_profiles / entra_managed_tenants / known tid) -> suggested entra tenant id" },
|
|
{ "id": "F009", "group": "reuse", "implemented": true, "prdRefs": ["Primary flows"], "description": "Admin UI: 'You're already connected to Microsoft — enable agent access?' one-click prefill of the Microsoft preset" },
|
|
|
|
{ "id": "F010", "group": "hosted", "implemented": true, "prdRefs": ["Goals", "Data model"], "description": "Hosted detection helper (SaaS): shared app secrets present + hosted flag" },
|
|
{ "id": "F011", "group": "hosted", "implemented": true, "prdRefs": ["Goals"], "description": "Built-in trusted issuers for Google + Microsoft (shared-app audience), available on hosted without per-tenant agent_idp_providers rows" },
|
|
{ "id": "F012", "group": "hosted", "implemented": true, "prdRefs": ["Data model"], "description": "idpToken validation consults built-in hosted issuers in addition to agent_idp_providers" },
|
|
{ "id": "F013", "group": "hosted", "implemented": true, "prdRefs": ["Primary flows"], "description": "PRM (/.well-known/oauth-protected-resource) advertises the built-in authorization_servers on hosted" },
|
|
{ "id": "F014", "group": "hosted", "implemented": true, "prdRefs": ["The key distinction"], "description": "Hosted: bind an agent to a built-in issuer + subject without manual IdP registration (interactive/human-delegated path)" },
|
|
|
|
{ "id": "F015", "group": "guidance", "implemented": true, "prdRefs": ["Risks"], "description": "Per-provider subject-claim guidance in the UI (Microsoft app token azp/appid vs user oid/sub; Google service account sub), preset-defaulted + editable" },
|
|
{ "id": "F016", "group": "guidance", "implemented": true, "prdRefs": ["Risks"], "description": "Friendly error on duplicate (issuer, subject) binding (one agent per identity)" },
|
|
{ "id": "F017", "group": "guidance", "implemented": false, "prdRefs": ["The key distinction"], "description": "Guided wizard: copy-paste steps/values to create the agent's directory identity (Entra app registration / Google service account) for unattended agents" },
|
|
{ "id": "F018", "group": "guidance", "implemented": false, "prdRefs": ["DoD"], "description": "Docs update (docs/mcp-server.md): the easy path (presets, reuse, hosted) + the irreducible unattended-machine-agent caveat" }
|
|
]
|