notid/integreat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8899c643edbaa2f4bd43bc24052963e953c7a4e3
integreat/.beads/issues.jsonl

65 lines
25 KiB
JSON
Raw Blame History

{"id":"integreat-00t","title":"Security: Input validation and sanitization in import functions","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:28.0129384-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:28.0129384-08:00"}
{"id":"integreat-01o","title":"Security: Remove hardcoded API keys in insight_outcome_recommendation","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:46.141653019-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:46.141653019-08:00"}
{"id":"integreat-08c","title":"Performance: Fix N+1 query problem in sales_summaries","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:47.102267818-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:47.102267818-08:00"}
{"id":"integreat-0ic","title":"Clientize sales summaries and add schema cleanup","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:43.768991121-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:43.768991121-08:00"}
{"id":"integreat-0tf","title":"Security: Remove hardcoded cookie secret","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:54.956951237-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:54.956951237-08:00"}
{"id":"integreat-0z7","title":"Complete test coverage for transactions and invoice functionality","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:54.738460045-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:54.738460045-08:00"}
{"id":"integreat-104","title":"Code Review: auto_ap.permissions","status":"closed","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:58.102943422-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:00.915797483-08:00","closed_at":"2026-02-08T09:30:00.915797483-08:00","close_reason":"Closed"}
{"id":"integreat-1b8","title":"Code Review: auto_ap.ledger","status":"closed","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:58.457434281-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:52.517437805-08:00","closed_at":"2026-02-08T09:30:52.517437805-08:00","close_reason":"Closed"}
{"id":"integreat-1ex","title":"Security: Implement rate limiting","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:55.32191677-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:55.32191677-08:00"}
{"id":"integreat-1ff","title":"Code Review: iol_ion","status":"closed","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:59.195722157-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:30.631572319-08:00","closed_at":"2026-02-08T09:30:30.631572319-08:00","close_reason":"Closed"}
{"id":"integreat-1ht","title":"Security: Add input validation and sanitization","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:55.707181622-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:55.707181622-08:00"}
{"id":"integreat-1m3","title":"Security: Remove hardcoded JWT secrets","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:54.57377807-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:54.57377807-08:00"}
{"id":"integreat-1qy","title":"Code Review: auto_ap.routes","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:55.26442193-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:55.26442193-08:00"}
{"id":"integreat-278","title":"Security: Remove hardcoded Google credentials in auth.clj","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:19.491341584-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:19.491341584-08:00"}
{"id":"integreat-35k","title":"Fix session handling and authentication route issues","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:50.662486708-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:50.662486708-08:00"}
{"id":"integreat-3a7","title":"Refactor clients module for better reusability, schemas, and bug fixes","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:44.681764032-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:44.681764032-08:00"}
{"id":"integreat-3cp","title":"Code Review: auto_ap.import","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:54.573843708-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:54.573843708-08:00"}
{"id":"integreat-3pr","title":"Code Review: auto_ap.ss_routes","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:57.020989213-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:57.020989213-08:00"}
{"id":"integreat-46f","title":"Security: Rate limiting for external API calls","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:28.429193916-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:28.429193916-08:00"}
{"id":"integreat-4ag","title":"Code Review: iol-ion.query - Security and Code Quality Issues","description":"Code review of /home/noti/dev/integreat/iol_ion/src/iol_ion/query.clj revealed critical security and maintainability issues:\\n\\n## Security Issues:\\n- **Regex Injection Vulnerability** (line 67-68): User input passed directly to regex compilation without sanitization, enabling ReDoS attacks\\n- **No input validation on date parameters** (lines 25-30, 46-54, 83-162): Invalid dates could cause Denial of Service attacks\\n- **No validation of client IDs** (lines 46-54, 83-162): Malicious client IDs could bypass access controls\\n- **Unsafe timezone handling** (line 70-75): Hardcoded timezone without validation or fallback could cause failures\\n- **Permission checking lacks validation** (lines 59-64): Assumes identity structure without validation\\n\\n## Code Quality Issues:\\n- **Extreme code duplication** (lines 83-162): 8 scan functions with identical structure except for index names and entity types\\n- **Obsolete function** (lines 7-9): marked as \"not working in Datomic Cloud\" but still used\\n- **Magic numbers** (lines 25-30, 86-89): Hardcoded years (2001-2030) and days (90) should be configuration\\n- **Inconsistent client handling**: Mixed use of vs direct client IDs\\n\\n## Performance Issues:\\n- **Inefficient database queries** (lines 83-162): Sequential scans in for-loops instead of bulk operations\\n- **Repeated timezone conversions**: Each call to local-now converts to same timezone unnecessarily\\n\\n## Recommendations:\\n1. Add input validation for all user-supplied parameters\\n2. Create a utility function to handle regex compilation safely\\n3. Extract common scan logic into a single reusable function\\n4. Replace deprecated entid function or remove its usage\\n5. Move magic numbers to configuration constants\\n6. Optimize database queries with bulk operations\\n7. Add proper error handling and validation for all functions","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:30:53.593616294-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:59.771987594-08:00"}
{"id":"integreat-4mc","title":"Clean up legacy code and remove commented out templates","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:48.479644441-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:48.479644441-08:00"}
{"id":"integreat-54l","title":"Code Review: auto_ap.background","status":"closed","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:58.809902284-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:31:14.526449134-08:00","closed_at":"2026-02-08T09:31:14.526449134-08:00","close_reason":"Closed"}
{"id":"integreat-59c","title":"Security: Fix SQL injection vulnerability in exports.clj","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:19.959391674-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:19.959391674-08:00"}
{"id":"integreat-5a1","title":"Concurrency: Fix thread safety issues in sysco.clj","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:48.485672868-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:48.485672868-08:00"}
{"id":"integreat-6cf","title":"Implement autopay and unpaid API unification","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:49.217286047-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:49.217286047-08:00"}
{"id":"integreat-74f","title":"Security: Transaction validation and data integrity","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:29.251711914-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:29.251711914-08:00"}
{"id":"integreat-7cx","title":"Code Review: auto_ap.shared_views","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:57.754073898-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:57.754073898-08:00"}
{"id":"integreat-7de","title":"Security: Database connection management in imports","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:27.574962301-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:27.574962301-08:00"}
{"id":"integreat-7en","title":"Code Review: auto_ap.ss.admin.background-jobs - Security and Code Quality Issues","description":"Code review of /home/noti/dev/integreat/src/clj/auto_ap/ssr/admin/background_jobs.clj revealed critical security and maintainability issues:\\n\\n## Security Issues:\\n- **No job name validation** (lines 53-58): Job names used to construct task ARNs without validation, enabling injection attacks\\n- **Hardcoded network configuration** (lines 150-52): Subnets and security groups hardcoded with direct IPs\\n- **Hardcoded security group IDs** (lines 151-52): Security credentials directly embedded in code\\n- **No rate limiting** (lines 56-61): Job execution lacks rate limiting, enabling DoS attacks\\n- **Fragile job name sanitization** (lines 161-62): Regex replacement approach is insecure\\n- **No URL validation** (lines 74, 84-86): S3 URLs not validated before use\\n\\n## Code Quality Issues:\\n- **Poor error handling** (lines 30-37): AWS API errors not handled, could crash page\\n- **Code duplication** (lines 46-52, 53-58): and have identical logic\\n- **Magic strings** (lines 33-42, 224-42): Job names hardcoded in select options and processing\\n- **Inconsistent error handling**: Mixed approach to form errors and API errors\\n\\n## Performance Issues:\\n- **Inefficient task querying** (lines 30-37): Two separate AWS API calls instead of one\\n- **Nested AWS calls** (lines 35-36): Multiple nested API calls increase complexity\\n- **No caching**: Repeated API calls to without memoization\\n\\n## Recommendations:\\n1. Add input validation for all user-supplied parameters\\n2. Extract hardcoded configuration to environment variables or config files\\n3. Implement rate limiting on job execution\\n4. Use secure sanitization for job names\\n5. Add proper error handling for AWS API calls\\n6. Remove code duplication by extracting common logic\\n7. Optimize AWS API calls and add caching where appropriate\\n8. Validate S3 URLs before use","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:31:15.621682311-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:31:22.196700831-08:00"}
{"id":"integreat-8jt","title":"Performance: Fix potential memory leak in client hydration","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:56.135939778-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:56.135939778-08:00"}
{"id":"integreat-8p7","title":"Code Review: auto_ap.client_routes","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:57.389725276-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:57.389725276-08:00"}
{"id":"integreat-9o2","title":"Code Review: auto_ap.ss","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:56.653394004-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:56.653394004-08:00"}
{"id":"integreat-adj","title":"Performance: Fix CSV writing efficiency in exports.clj","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:21.877285694-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:21.877285694-08:00"}
{"id":"integreat-ae3","title":"Investigate iol-ion module and security review requirements","description":"iol-ion appears to be an external or internal module that provides query functions used throughout the codebase:\\n\\nFunctions used:\\n- iol-ion.query/ident (line 98 in transaction_rules.clj)\\n- iol-ion.query/recent-date (line 317 in transaction_rules.clj)\\n- iol-ion.query/-\u003epattern (lines 323, 541 in transaction_rules.clj)\\n- iol-ion.query/dom (lines 361, 368 in transaction_rules.clj)\\n\\nNeeds investigation:\\n1. Is iol-ion a third-party library or internal module?\\n2. What security concerns exist in its usage?\\n3. Is there proper input validation in its functions?\\n4. Are there any potential injection vulnerabilities?\\n5. What are the dependencies and version requirements?\\n\\nSearch in:\\n- project.clj or deps.edn for dependencies\\n- src directory for module definition\\n- Documentation or README files","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:30:31.587996635-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:34.841745089-08:00"}
{"id":"integreat-aut","title":"Fix payment query parameter parsing and implement proper decoding","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:46.65410618-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:46.65410618-08:00"}
{"id":"integreat-bct","title":"Complete IOL integration with Datomic Cloud","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:51.056089489-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:51.056089489-08:00"}
{"id":"integreat-d8q","title":"Code Review: auto_ap.main","status":"in_progress","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:54.224210511-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:51.465831393-08:00"}
{"id":"integreat-dsb","title":"Performance: External API calls should be asynchronous","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:29.66389647-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:29.66389647-08:00"}
{"id":"integreat-edg","title":"Fix grid page helper issues and form bubbling problems","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:45.844140503-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:45.844140503-08:00"}
{"id":"integreat-g4b","title":"Complete wizard implementation and make it more modular","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:52.493115251-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:52.493115251-08:00"}
{"id":"integreat-gf0","title":"Performance: Fix memory leak in client cache","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:23:28.846092823-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:23:28.846092823-08:00"}
{"id":"integreat-ifw","title":"Add Plaid merchant integration and improve vendors module","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:45.076207245-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:45.076207245-08:00"}
{"id":"integreat-lov","title":"Security: Add input validation to all routes","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:21.423853589-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:21.423853589-08:00"}
{"id":"integreat-mt4","title":"Code Review: auto_ap.jobs","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:54.921445539-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:54.921445539-08:00"}
{"id":"integreat-mxf","title":"Security: Fix error information leakage","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:21:56.506580155-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:21:56.506580155-08:00"}
{"id":"integreat-opb","title":"Security: Fix SQL injection risk in close_auto_invoices","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:47.576841414-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:47.576841414-08:00"}
{"id":"integreat-oyo","title":"Componentize transaction rules and improve form handling","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:45.44170363-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:45.44170363-08:00"}
{"id":"integreat-pc1","title":"Complete real user testing for invoices and add credit from balance support","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:46.269009169-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:46.269009169-08:00"}
{"id":"integreat-qj2","title":"Improve component structure and implement better error handling","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:52.132393487-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:52.132393487-08:00"}
{"id":"integreat-rlj","title":"Complete wizard step structure and modularize page components","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:53.993488192-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:53.993488192-08:00"}
{"id":"integreat-s53","title":"Security: Remove hardcoded NTG API key in exports.clj","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:20.457790327-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:20.457790327-08:00"}
{"id":"integreat-s5h","title":"Resource: Fix resource leaks in import_uploaded_invoices","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:48.026329699-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:48.026329699-08:00"}
{"id":"integreat-syf","title":"Code Review: auto_ap.graphql","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:20:55.620533412-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:20:55.620533412-08:00"}
{"id":"integreat-uc3","title":"Security: Input sanitization and validation in job functions","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:24:46.60155898-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:24:46.60155898-08:00"}
{"id":"integreat-vk3","title":"Add feature flags system and signature support","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:51.419253869-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:51.419253869-08:00"}
{"id":"integreat-vkf","title":"Improve form handling and remove unused code","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:49.592681075-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:49.592681075-08:00"}
{"id":"integreat-vvk","title":"Performance: Fix N+1 query problems in exports.clj","status":"open","priority":1,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:26:20.96494325-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:26:20.96494325-08:00"}
{"id":"integreat-w1i","title":"Improve input components and data grid implementations","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:47.721945968-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:47.721945968-08:00"}
{"id":"integreat-y3e","title":"Improve typeahead component and implement proper query handling","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:53.602661377-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:53.602661377-08:00"}
{"id":"integreat-y72","title":"Enhance ledger reports and improve navigation/aside components","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:48.101954827-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:48.101954827-08:00"}
{"id":"integreat-yq9","title":"Remove deprecated code and clean up unused functions","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:54.367393577-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:54.367393577-08:00"}
{"id":"integreat-zly","title":"Code Review: auto_ap.permissions - Security and Maintainability Issues","description":"Code review of /home/noti/dev/integreat/src/cljc/auto_ap/permissions.cljc revealed critical security and maintainability issues:\\n\\n## Security Issues:\\n- Client access control bypass: Non-admins completely blocked if client-id is nil (lines 22-24)\\n- No input validation: Client IDs and user data not validated (lines 10-11, 17)\\n- Trust-based user object: No schema validation for user data\\n\\n## Maintainability Issues:\\n- Extreme code duplication: Permission logic repeated 4 times across different role checks (lines 26-141)\\n- Magic strings: Inconsistent role representation (mixing keywords and strings)\\n- Hardcoded permissions: No separation from business logic\\n- No unit tests: No test coverage for permission checks\\n\\n## Performance Issues:\\n- Redundant set creation on every call (lines 22-23)\\n- Repeated condition checks for each role\\n\\n## Recommendations:\\n1. Implement schema validation for user data using malli\\n2. Extract permissions to data structure following DRY principle\\n3. Add client-id validation with pos-int?\\n4. Add unit tests for all permission sets\\n5. Move set creation outside function or add short-circuit for admin role\\n\\nSee full review for detailed analysis and refactoring suggestions.","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T09:30:01.992071212-08:00","created_by":"Bryce","updated_at":"2026-02-08T09:30:05.576405896-08:00"}
{"id":"integreat-zn0","title":"Implement cash drawer shift functionality","status":"open","priority":3,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:51.76190647-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:51.76190647-08:00"}
{"id":"integreat-zt8","title":"Complete invoice totals implementation to include expense accounts","status":"open","priority":2,"issue_type":"task","owner":"bryce@brycecovertoperations.com","created_at":"2026-02-08T08:56:48.848572114-08:00","created_by":"Bryce","updated_at":"2026-02-08T08:56:48.848572114-08:00"}
Reference in New Issue View Git Blame Copy Permalink