-
Notifications
You must be signed in to change notification settings - Fork 0
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
Add difficulty + platform filters to Auth Methods Testing page (post-MVP)
from:md-migrationfrom:md-migrationfrom:md-migrationtype:choretype:choretype:choreStatus: Open.#241 In Rollingcat-Software/web-app;LoggerService client-log sink disabled until backend /client-logs endpoint exists (TODO Team A)
from:md-migrationfrom:md-migrationfrom:md-migrationtype:choretype:choretype:choreStatus: Open.#240 In Rollingcat-Software/web-app;Canonicalize identifier-step endpoint across dashboard and hosted login (/begin vs /preflight)
decision/recommend-firstOwner decision needed before action (design/destructive)Owner decision needed before action (design/destructive)surface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#233 In Rollingcat-Software/web-app;Type-safety bypass: double-unknown cast on session ID in SecondaryAuthFlow
bugSomething isn't workingSomething isn't workingsurface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#232 In Rollingcat-Software/web-app;UX polish: autofill/autocomplete on hosted-login fields + AuthFlowBuilder affordances
surface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#231 In Rollingcat-Software/web-app;Dead code: remove useAuthFlowBuilder hook + AuthFlowBuilderPage (replaced by useAuthMethods/AuthFlowBuilder)
dead-codeVerified-unused code slated for deletion (DI-aware V&V)Verified-unused code slated for deletion (DI-aware V&V)surface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#230 In Rollingcat-Software/web-app;Bug: password autofill paints the field blue on PasswordStep (missing -webkit-autofill override)
bugSomething isn't workingSomething isn't workingsurface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#229 In Rollingcat-Software/web-app;Biometric puzzles + auth-methods-testing soft-pass on 404 (training surface, not a hardened gate)
surface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#228 In Rollingcat-Software/web-app;Security: widget postMessage bridge uses trust-on-first-use; declared allowedOrigin allowlist never validated
securitySecurity-sensitive correctness or hardeningSecurity-sensitive correctness or hardeningsurface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#227 In Rollingcat-Software/web-app;Security: tokens stored in sessionStorage while TokenService JSDoc claims httpOnly (misleading + XSS-exfil)
securitySecurity-sensitive correctness or hardeningSecurity-sensitive correctness or hardeningsurface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#226 In Rollingcat-Software/web-app;Security: auth-methods-testing playground auto-enrolls the caller's real FACE/VOICE into prod (no admin guard)
securitySecurity-sensitive correctness or hardeningSecurity-sensitive correctness or hardeningsurface/webweb-app (React dashboard + hosted login)web-app (React dashboard + hosted login)Status: Open.#225 In Rollingcat-Software/web-app;