Merge dev to main: Security improvements and comprehensive test infrastructure #39
Reference in New Issue
Block a user
Delete Branch "dev"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Merge 98 commits from dev to main with major security improvements and comprehensive test infrastructure.
Key Changes
Security Improvements (4 commits)
Test Infrastructure (67+ new tests)
Statistics
Testing
All tests passing in CI with 49% coverage threshold.
Breaking Changes
None - all changes are additive or security fixes.
After extensive testing, Docker Compose cannot create containers with external networks from within the workflow container due to Docker-in-Docker limitations. The workflow now builds the image successfully and provides clear instructions for manual deployment. CI builds the image ✅ Manual deployment required for network-connected containers- Fix logout test to expect {ok: true} instead of {message: ...} - Fix logout without auth test (endpoint doesn't require auth) - Fix password change tests to use current_password instead of old_password - Fix password change error code expectation (400 instead of 401) - Add Python venv caching to speed up backend tests - Add Node modules caching to speed up frontend tests - Cache is keyed by requirements/package-lock file hashes- Add OPCAuthz module with fine-grained access control - Users can only view/modify tasks they created or are assigned to - Admins have full access to all resources - Members can trigger PM agent, only admins can trigger CTO/COO - Only admins can approve CxO-level agent executions - Track task creator in metadata for authorization - Add metadata column with default '{}' to tasks table - Filter task and execution lists based on user permissions - Add 10 integration tests for authorization logic