Files

24 lines
1.2 KiB
JSON

{
"task_id": "2026-04-24-action-csrf-centralization-step4",
"analysis_ref": ".agents/runs/2026-04-24-action-csrf-centralization-step4/analysis.json",
"summary": "Complete centralization of legacy request method and CSRF checks for all remaining non-admin core pages.",
"scope": {
"in": [
"Migrate remaining pages/* (excluding pages/admin) off direct requestInput()->method() and Session::checkCsrfToken()",
"Preserve existing error/redirect behavior in auth and page-edit flows",
"Add non-admin architecture contract"
],
"out": [
"modules/*/pages",
"service/repository business logic changes"
]
},
"success_criteria": [
{ "id": "SC-001", "criterion": "Remaining non-admin method checks use helper-compatible patterns (no direct requestInput()->method())." },
{ "id": "SC-002", "criterion": "Remaining non-admin CSRF checks use actionRequireCsrf (no direct Session::checkCsrfToken())." },
{ "id": "SC-003", "criterion": "New CorePageRequestGuardContractTest prevents regression in non-admin core pages." },
{ "id": "SC-004", "criterion": "Architecture + required gate set remains green." }
],
"required_quality_gate_ids": ["QG-001", "QG-002", "QG-003", "QG-006", "QG-008", "QG-009"]
}