Files
breadcrumb-the-shire/agent-system/runs/SESSION-REDIRECT-PRESERVE-001/review-guards.json
fs 04995e3712 feat(session): preserve intended URL across session timeout and add expiry warning dialog
When a session expires, the user's current URL is now captured and restored
after re-authentication (via remember-me cookie or manual login), instead of
always redirecting to the dashboard. A JavaScript session warning dialog
appears ~2 minutes before idle timeout, allowing users to extend their session
with a single click. Includes open-redirect prevention via URL validation,
Microsoft SSO callback support, and 33 unit tests.

Refs: SESSION-REDIRECT-PRESERVE-001

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 14:28:49 +01:00

60 lines
3.0 KiB
JSON

{
"task_id": "SESSION-REDIRECT-PRESERVE-001",
"verdict": "pass",
"checked_guard_ids": [
"GR-CORE-001",
"GR-CORE-003",
"GR-CORE-010",
"GR-SEC-001",
"GR-UI-015",
"GR-UI-011",
"GR-UI-012",
"GR-LANG-001",
"GR-LANG-002",
"GR-TEST-001",
"GR-TEST-002"
],
"checked_quality_gate_ids": [
"QG-001",
"QG-002",
"QG-006"
],
"findings": [
{
"id": "F-001",
"severity": "low",
"rule_ref": "GR-CORE-010",
"summary": "Execution report evidence for GR-CORE-010 describes DI container registration instead of DB schema idempotency. The guard is about idempotent SQL scripts in db/updates/. Since this task introduces no DB schema changes, the guard is trivially satisfied (no action needed), but the evidence text is misleading.",
"file": "agent-system/runs/SESSION-REDIRECT-PRESERVE-001/execution-report.json"
},
{
"id": "F-002",
"severity": "low",
"rule_ref": "GR-UI-011",
"summary": "Execution report evidence for GR-UI-011 describes i18n usage (t() helper), but the guard requires JS reuse-first (prefer existing exports over new functions). Actual verification: app-session-warning.js is a new component for a new feature with no existing equivalent, so creating a new module is justified. Guard satisfied, but evidence description was incorrect.",
"file": "web/js/components/app-session-warning.js"
},
{
"id": "F-003",
"severity": "low",
"rule_ref": "GR-UI-012",
"summary": "Execution report evidence for GR-UI-012 describes a11y attributes (aria-labelledby, aria-live), but the guard requires CSS reuse-first (prefer existing classes over new rules). Actual verification: no new CSS files were added; the dialog reuses existing button classes (primary, secondary outline) and the native <dialog> element. Guard satisfied, but evidence description was incorrect.",
"file": "templates/partials/app-session-warning-dialog.phtml"
},
{
"id": "F-004",
"severity": "low",
"rule_ref": "GR-UI-015",
"summary": "Execution report evidence for GR-UI-015 describes dialog focus trap and ESC prevention, but the guard requires i18n key completeness (all language files updated in same merge). Actual verification: all 4 new keys (Session expiring, Your session will expire in {countdown}..., Extend session, Log out) are present in both default_en.json and default_de.json with non-empty values. Guard satisfied, but evidence description was incorrect.",
"file": "i18n/default_en.json"
},
{
"id": "F-005",
"severity": "medium",
"rule_ref": "QG-006",
"summary": "QG-006 (CS Fixer) was marked as skipped in the execution report with the note that formatting was auto-applied on save. GR-LANG-002 requires passing composer cs:check without diff. The check was never explicitly run and verified. Recommend running 'composer cs:check' to confirm compliance before merge.",
"file": "agent-system/runs/SESSION-REDIRECT-PRESERVE-001/execution-report.json"
}
]
}