moving things to specific repos
This commit is contained in:
@@ -2,6 +2,8 @@
|
||||
|
||||
## Today
|
||||
|
||||
**22:16 UTC** - Completed FRE-483 Terms of Service document
|
||||
|
||||
### Task: FRE-449 - Micro Lending App
|
||||
- Checked out task
|
||||
- Created subtasks:
|
||||
@@ -31,7 +33,23 @@ FRE-452 (design) blocks FRE-456
|
||||
- CMO: 95d31f57-1a16-4010-9879-65f2bb26e685 (paused)
|
||||
- CMO is paused - marketing subtasks deferred
|
||||
|
||||
### FRE-473: Scope AI features
|
||||
- Completed scoping for Lendair AI features
|
||||
- 6 potential paid AI features identified
|
||||
- Top 3 for MVP: Loan Matching, Trust Score, Risk-Adjusted Returns
|
||||
- Plan: plans/micro_lending_ai_features_2026-03-22.md
|
||||
|
||||
### Decisions
|
||||
- Targeting unbanked/underbanked markets for micro lending
|
||||
- Kenya as first market for MVP
|
||||
- Transaction fees + premium features as revenue model
|
||||
- AI features: bundle model, ~$5-15/month subscription
|
||||
|
||||
### FRE-482: Terms of Service, ID collection etc
|
||||
- Created 4 subtasks (FRE-483 to FRE-486)
|
||||
- **FRE-483 DONE**: Drafted comprehensive ToS document
|
||||
- Platform fee: 1% lender origination, 2% borrower transaction
|
||||
- Late fee: $5 or 5% after 5-day grace; default at 90 days
|
||||
- Delaware law, binding arbitration, class action waiver
|
||||
- Full risk disclosures for peer-to-peer lending
|
||||
- Remaining subtasks: FRE-484 (ID verification), FRE-485 (credit score), FRE-486 (bank linking)
|
||||
|
||||
35
agents/cmo/memory/2026-03-22.md
Normal file
35
agents/cmo/memory/2026-03-22.md
Normal file
@@ -0,0 +1,35 @@
|
||||
# 2026-03-22
|
||||
|
||||
## Timeline
|
||||
|
||||
- **CMO heartbeat run**: Woke up with task FRE-451 (Marketing Plan: Micro Lending App) assigned to me
|
||||
- **Checked out** FRE-451, status `todo` → `in_progress`
|
||||
- **Reviewed** parent issue FRE-449 (Micro Lending) and technical plan FRE-450
|
||||
- **Researched** project structure at `/home/mike/code/lendair/` — confirmed iOS + web + plans directories
|
||||
- **Created** `plans/FRE-451.md` — comprehensive 12-section marketing plan
|
||||
- **Attached** plan document to issue via `PUT /api/issues/{id}/documents/plan`
|
||||
- **Closed** FRE-451 with status `done` and detailed completion comment
|
||||
|
||||
## What's Done
|
||||
|
||||
- [x] FRE-451: Marketing Plan for Lendair — COMPLETE
|
||||
|
||||
## Current State
|
||||
|
||||
- All open issues in company reviewed
|
||||
- FRE-449 (Micro Lending, parent): in_progress, CEO assigned
|
||||
- FRE-450 (Technical Plan, CTO): in_progress, CTO working on it
|
||||
- FRE-451 (Marketing Plan, CMO): **done** — this was my only assigned task
|
||||
|
||||
## Notes
|
||||
|
||||
- Company prefix is `FRE` (FrenoCorp)
|
||||
- Project workspace is `/home/mike/code/lendair` — primary workspace is `lendair` folder
|
||||
- No other CMO tasks currently assigned
|
||||
- Will await further assignments from CEO/board
|
||||
|
||||
## Next Time
|
||||
|
||||
- FRE-449 parent issue may need subtasks created once tech/marketing plans are approved
|
||||
- May need to coordinate on design spec (not yet assigned — may fall under CMO or a design agent)
|
||||
- Landing page copy and brand identity direction are my immediate execution priorities once CEO briefs me
|
||||
17
agents/cto/memory/2026-03-22.md
Normal file
17
agents/cto/memory/2026-03-22.md
Normal file
@@ -0,0 +1,17 @@
|
||||
# 2026-03-22
|
||||
|
||||
## CTO Heartbeat Log
|
||||
|
||||
### Tasks Worked
|
||||
- Breaking down FRE-455 (Backend APIs) into discrete subtasks per board request
|
||||
- Created subtasks: FRE-476 (Users), FRE-477 (Loans), FRE-479 (Transfers), FRE-480 (Notifications), FRE-478 (Root Router)
|
||||
- Created FRE-481 (Database Schema Test Suite) for missing tests on FRE-453
|
||||
|
||||
### Oversight
|
||||
- Open issues: 2 in_progress (FRE-453, FRE-455), 10 in_review (code review pipeline healthy), 4 todo (AI features)
|
||||
- Code review pipeline: 10 items in review - good flow
|
||||
|
||||
### Notes
|
||||
- FRE-455 has been broken down per board request "Break this down into more discrete steps as individual issues"
|
||||
- FRE-453 code review flagged missing test suite - created FRE-481 to address
|
||||
- Two AI features (FRE-474, FRE-475) are assigned but not yet started
|
||||
34
agents/security-reviewer/MEMORY.md
Normal file
34
agents/security-reviewer/MEMORY.md
Normal file
@@ -0,0 +1,34 @@
|
||||
# Security Reviewer Memory
|
||||
|
||||
## Heartbeat Summary 2026-03-21
|
||||
|
||||
### Issues Reviewed and Resolved
|
||||
|
||||
- **FRE-439** (Test: Route System) — `done`
|
||||
- Verified security fixes in RouteService.swift: deleteRoute, updateRouteVisibility, incrementViewCount now require userId and verify ownership
|
||||
- Call sites verified: PublicRouteView.swift:43, RouteShareSheet.swift:90
|
||||
- Rate limiting: 3 increments/minute per user-route pair on view count
|
||||
|
||||
- **FRE-437** (Test: Workout Tracking Service) — `done`
|
||||
- No security issues found
|
||||
- WorkoutTrackingService: user data isolated by userId in all repository queries
|
||||
- NessaSyncService: uses authenticated user ID for all sync
|
||||
- SocialService: checks ownership before comment deletion
|
||||
- GRDB query builder prevents SQL injection
|
||||
|
||||
- **FRE-445** (Test: Onboarding) — `in_review`, reassigned to Code Reviewer
|
||||
- Tests are superficial: every test asserts only `XCTAssertNotNil(view)`
|
||||
- Missing: navigation flow, button behavior, permission tests, state persistence, edge cases
|
||||
- Code Reviewer to provide implementation guidance
|
||||
|
||||
### Known Security Concerns (Lower Priority)
|
||||
|
||||
- GPX/TCX import has no file size limit (RouteImportService.swift)
|
||||
- In-memory rate limit stores don't persist across app restarts
|
||||
- Rate limit store tokens grow unbounded (RouteService, RouteSuggestionService)
|
||||
|
||||
### Pattern
|
||||
|
||||
- Reviewer assigned as "security reviewer" but tasks include general test writing (from CTO)
|
||||
- Code Reviewer (f274248f) handles test quality reviews; I handle security of underlying code
|
||||
- Always verify production code security, not just test quality
|
||||
45
agents/security-reviewer/memory/2026-03-21.md
Normal file
45
agents/security-reviewer/memory/2026-03-21.md
Normal file
@@ -0,0 +1,45 @@
|
||||
# 2026-03-21 - Security Review Work
|
||||
|
||||
## Tasks Completed
|
||||
|
||||
### FRE-438: Test: Plan System
|
||||
- **Status**: ✅ Done (no issues)
|
||||
- Reviewed: PlanRepositories.swift, PlanUploadViewModel.swift, PlanDiscoveryViewModel.swift
|
||||
- **Findings**: No security issues. GRDB parameterized queries, proper auth checks.
|
||||
|
||||
### FRE-441: Test: Social Features (Clubs & Challenges)
|
||||
- **Status**: ✅ Done (no issues)
|
||||
- Reviewed: SocialRepositories.swift, ClubRepositories.swift, AdditionalRepositories.swift
|
||||
- **Findings**: No security issues. Proper SQL binding throughout.
|
||||
|
||||
### FRE-427: Feature: HIIT Workout Plan Execution
|
||||
- **Status**: ✅ Done (no issues)
|
||||
- Reviewed: HIITPlan.swift, HIITExecutionViewModel.swift, HIITExecutionView.swift, HIITIntervalCard.swift
|
||||
- **Findings**: No security concerns. Client-side timer only.
|
||||
|
||||
### FRE-442: Test: Auth & Account
|
||||
- **Status**: Already completed before today
|
||||
- **Note**: Critical issue (SecureStorage using UserDefaults) was fixed by another agent before my review
|
||||
|
||||
## Key Observations
|
||||
|
||||
1. **Nessa codebase** uses GRDB for database operations - proper parameterized queries throughout
|
||||
2. **SQL injection protection**: All repository methods use GRDB's type-safe query builder or proper SQL arguments binding
|
||||
3. **Authorization**: Delete operations verify user ownership before proceeding
|
||||
4. **HIIT feature**: Pure client-side workout timer, no security surface
|
||||
|
||||
## 2026-03-21 - Second heartbeat (evening)
|
||||
|
||||
### FRE-443: Test: Sync & Data
|
||||
- **Status**: Already reviewed earlier today (no code changes since)
|
||||
- My security review comment (most recent) assigned back to Code Reviewer with:
|
||||
- 6 code quality issues (compilation errors, broken mock injection)
|
||||
- 5 source code security findings (no retry logic, unencrypted offline maps, no deduplication, privacy override, Sendable concern)
|
||||
- Code Reviewer then submitted back to me for final verification, but no changes made
|
||||
- No new assignments in inbox — exiting cleanly
|
||||
|
||||
## Company Context
|
||||
|
||||
- Company: FrenoCorp
|
||||
- Working in project for Nessa fitness app (iOS/Swift)
|
||||
- CTO is chainOfCommand manager
|
||||
19
agents/security-reviewer/memory/2026-03-22.md
Normal file
19
agents/security-reviewer/memory/2026-03-22.md
Normal file
@@ -0,0 +1,19 @@
|
||||
# 2026-03-22 - Daily Notes
|
||||
|
||||
## Heartbeat 17:15 UTC
|
||||
|
||||
### Security Reviews Completed
|
||||
|
||||
**FRE-463 (iOS Screens: Main Navigation and Home)** - APPROVED, marked done
|
||||
- All 6 prior issues (2 HIGH, 3 MEDIUM, 1 LOW) verified fixed
|
||||
- Keychain accessibility, shared TRPCService, balance placeholder, JSON encoding, user enumeration, debug prints all confirmed fixed
|
||||
|
||||
**FRE-469 (Clerk Webhook Handlers)** - PARTIALLY APPROVED, assigned back to Code Reviewer
|
||||
- 1 MEDIUM: `deletedAt: Date.now()` uses milliseconds, should be seconds (clerk.ts:96)
|
||||
- 1 LOW: No rate limiting on webhook endpoint (informational, infrastructure concern)
|
||||
- Good: HMAC-SHA256 signature verification, timingSafeEqual, 5-min timestamp window, upsert logic, soft delete
|
||||
|
||||
### Notes
|
||||
- Company ID: e4a42be5-3bd4-46ad-8b3b-f2da60d203d4 (FrenoCorp)
|
||||
- My agent ID: 036d6925-3aac-4939-a0f0-22dc44e618bc
|
||||
- Company prefix: FRE
|
||||
Reference in New Issue
Block a user