284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
213 lines
7.8 KiB
JSON
213 lines
7.8 KiB
JSON
[
|
|
{
|
|
"id": "F001",
|
|
"description": "Add a tenant-scoped MSP SSO login-domain persistence model (migration + schema).",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #1", "Rollout / Migration #1"]
|
|
},
|
|
{
|
|
"id": "F002",
|
|
"description": "Add indexes to support fast domain lookup and tenant-scoped domain management operations.",
|
|
"implemented": true,
|
|
"prdRefs": ["Data / API / Integrations"]
|
|
},
|
|
{
|
|
"id": "F003",
|
|
"description": "Add server action to list configured MSP SSO login domains for the current tenant.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #2"]
|
|
},
|
|
{
|
|
"id": "F004",
|
|
"description": "Add server action to create/update/remove tenant MSP SSO login domains.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #2"]
|
|
},
|
|
{
|
|
"id": "F005",
|
|
"description": "Normalize login domains to lowercase and validate domain syntax in settings actions.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #1", "Functional Requirements #2"]
|
|
},
|
|
{
|
|
"id": "F006",
|
|
"description": "Implement domain conflict/ambiguity handling policy in domain-management actions.",
|
|
"implemented": true,
|
|
"prdRefs": ["Open Questions #1", "Security / Permissions #3"]
|
|
},
|
|
{
|
|
"id": "F007",
|
|
"description": "Add Providers settings UI section for tenant MSP SSO login domains.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #2", "Acceptance Criteria #1"]
|
|
},
|
|
{
|
|
"id": "F008",
|
|
"description": "Add add/remove/edit controls for multiple login domains in the Providers UI.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #2", "UX / UI Notes #1"]
|
|
},
|
|
{
|
|
"id": "F009",
|
|
"description": "Show domain validation/conflict failures as neutral actionable UI errors in Providers settings.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #2", "Security / Permissions #3"]
|
|
},
|
|
{
|
|
"id": "F010",
|
|
"description": "Add `POST /api/auth/msp/sso/discover` endpoint for MSP SSO domain discovery.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #3", "Endpoint"]
|
|
},
|
|
{
|
|
"id": "F011",
|
|
"description": "Parse and validate input email in discovery endpoint and derive normalized domain.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #4", "Endpoint"]
|
|
},
|
|
{
|
|
"id": "F012",
|
|
"description": "Apply rate limiting to discovery endpoint with neutral response behavior on limit hits.",
|
|
"implemented": true,
|
|
"prdRefs": ["Non-functional Requirements #2", "Security / Permissions #2"]
|
|
},
|
|
{
|
|
"id": "F013",
|
|
"description": "Resolve tenant context from domain mapping without any full-email user existence lookup.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #4", "Acceptance Criteria #4"]
|
|
},
|
|
{
|
|
"id": "F014",
|
|
"description": "Treat ambiguous domain mappings as unresolved (fail-closed for tenant resolution).",
|
|
"implemented": true,
|
|
"prdRefs": ["Data / API / Integrations", "Security / Permissions #3"]
|
|
},
|
|
{
|
|
"id": "F015",
|
|
"description": "Compute tenant-scoped Google readiness from tenant provider secrets when tenant is resolved.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #5"]
|
|
},
|
|
{
|
|
"id": "F016",
|
|
"description": "Compute tenant-scoped Microsoft readiness from tenant provider secrets when tenant is resolved.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #5"]
|
|
},
|
|
{
|
|
"id": "F017",
|
|
"description": "Compute app-fallback provider availability when tenant is unresolved.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #5", "Acceptance Criteria #3"]
|
|
},
|
|
{
|
|
"id": "F018",
|
|
"description": "Return invariant discovery response schema `{ ok: true, providers: [] }` with allowed provider IDs only.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #3", "Non-functional Requirements #1"]
|
|
},
|
|
{
|
|
"id": "F019",
|
|
"description": "Add signed discovery-context cookie helper carrying tenant/source/providers metadata only.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #6", "Non-functional Requirements #4"]
|
|
},
|
|
{
|
|
"id": "F020",
|
|
"description": "Set and rotate discovery-context cookie from discovery endpoint; clear stale cookie on invalid input.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #6", "Functional Requirements #7"]
|
|
},
|
|
{
|
|
"id": "F021",
|
|
"description": "Update MSP `SsoProviderButtons` to call discovery endpoint when a valid email is entered.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #7", "UX / UI Notes #2"]
|
|
},
|
|
{
|
|
"id": "F022",
|
|
"description": "Keep SSO buttons disabled while discovery is pending or email is invalid.",
|
|
"implemented": true,
|
|
"prdRefs": ["UX / UI Notes #2"]
|
|
},
|
|
{
|
|
"id": "F023",
|
|
"description": "Enable only providers returned by discovery and keep unsupported providers disabled.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #7", "Acceptance Criteria #2"]
|
|
},
|
|
{
|
|
"id": "F024",
|
|
"description": "Persist last-selected provider locally and preselect it when still eligible (without bypassing server checks).",
|
|
"implemented": true,
|
|
"prdRefs": ["UX / UI Notes #5", "Open Questions #3"]
|
|
},
|
|
{
|
|
"id": "F025",
|
|
"description": "Update `/api/auth/msp/sso/resolve` to consume discovery-context cookie for tenant/provider source selection.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #8", "Existing endpoint updates"]
|
|
},
|
|
{
|
|
"id": "F026",
|
|
"description": "Reject resolver attempts when requested provider is not in discovered allowed provider set.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #8", "Acceptance Criteria #5"]
|
|
},
|
|
{
|
|
"id": "F027",
|
|
"description": "When discovery context is missing/invalid, resolver falls back to app-level provider path only.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #9", "Acceptance Criteria #3"]
|
|
},
|
|
{
|
|
"id": "F028",
|
|
"description": "Keep resolver external failure behavior generic/non-enumerating across unknown user and known user paths.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #9", "Non-functional Requirements #1", "Acceptance Criteria #4"]
|
|
},
|
|
{
|
|
"id": "F029",
|
|
"description": "Keep OAuth callback user mapping behavior unchanged for unknown users (no pre-auth user detection path).",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #10"]
|
|
},
|
|
{
|
|
"id": "F030",
|
|
"description": "Keep MSP credentials login flow unchanged while adding domain-based SSO discovery.",
|
|
"implemented": true,
|
|
"prdRefs": ["Primary Flow D", "Functional Requirements #11"]
|
|
},
|
|
{
|
|
"id": "F031",
|
|
"description": "Keep client portal login and client SSO affordances unchanged.",
|
|
"implemented": true,
|
|
"prdRefs": ["Non-goals #2", "Functional Requirements #11"]
|
|
},
|
|
{
|
|
"id": "F032",
|
|
"description": "Document provider setup order including tenant login-domain setup before MSP SSO use.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #11", "Acceptance Criteria #1"]
|
|
},
|
|
{
|
|
"id": "F033",
|
|
"description": "Update env/docs guidance for app-fallback behavior when domain is unresolved.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #11", "Open Questions #2"]
|
|
},
|
|
{
|
|
"id": "F034",
|
|
"description": "Ensure CE and EE route/component wiring both use the same discovery + resolver gating behavior.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #12", "Acceptance Criteria #7"]
|
|
},
|
|
{
|
|
"id": "F035",
|
|
"description": "Preserve existing `/auth/msp/signin` URLs and existing emailed links without hostname migration requirements.",
|
|
"implemented": true,
|
|
"prdRefs": ["Functional Requirements #11", "Acceptance Criteria #6"]
|
|
}
|
|
]
|