[ { "id": "INT-000001", "title": "CORS Configuration Will Break Production", "status": "resolved", "priority": "P0", "owner": "backend", "evidence": { "files": [ { "path": "veza-backend-api/internal/config/config.go", "lines": "L638-L664" } ] }, "fix_plan": { "minimal_steps": [ "Add validation in config.go", "Call validation on startup", "Update docker-compose.production.yml" ] }, "resolution": { "resolved_at": "2025-12-22T12:00:00Z", "resolved_by": "gemini-cli", "changes_made": [ "Verified validation logic exists in config.go (ValidateForEnvironment)", "Updated docker-compose.production.yml to set APP_ENV=production and CORS_ALLOWED_ORIGINS" ], "verification": "Manual test: Server fails to start with empty CORS in prod mode (verified via go run)" } }, { "id": "INT-000002", "title": "Multiple Auth Storage Mechanisms", "status": "resolved", "priority": "P0", "owner": "frontend", "resolution": { "resolved_at": "2025-12-22T12:15:00Z", "resolved_by": "gemini-cli", "changes_made": [ "Removed fallback token storage logic in api/client.ts", "Deleted apps/web/src/utils/token-manager.ts (deprecated)", "Updated Login/Register tests to use TokenStorage mock", "Updated trackDownloadService, ExportPlaylistButton, ImportPlaylistButton to use TokenStorage" ], "verification": "Code audit confirmed no direct localStorage token access remains outside TokenStorage." } }, { "id": "INT-000003", "title": "Type Mismatch User.id string vs number", "status": "open", "priority": "P0", "owner": "frontend+backend" }, { "id": "INT-000004", "title": "Deprecated ApiService Response Format", "status": "open", "priority": "P0", "owner": "frontend" }, { "id": "INT-000005", "title": "Missing CSRF Protection", "status": "open", "priority": "P0", "owner": "backend+frontend" } ]