admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7fb5295b88f13266b879fce799fde681e11a47a
goodgo-platform/docs/audits
History
Ho Ngoc Hai abeb8fd322 feat(auth): complete MFA grace period for required roles + ops monitoring 
Finishes the half-implemented MFA enforcement work and ships the SLO
monitoring rules at the same time.

MFA grace period (auth):
- New `mfa-policy.ts` central source of truth: `MFA_REQUIRED_ROLES = [ADMIN]`,
  `MFA_GRACE_PERIOD_DAYS = 14`, `MFA_REAUTH_WINDOW_MINUTES = 15`.
- New columns `User.mfaGraceStartedAt` + `User.mfaLastVerifiedAt`
  (migration `20260429000000_add_mfa_grace_columns`).
- `JwtPayload.mfa: 'none' | 'grace' | 'enrollment_required'` claim now
  carried in every access token so the FE + admin guards can react.
- `LoginUserHandler.resolveMfaGraceClaim()`:
  * If role requires MFA and user has not enrolled, lazy-stamp
    `mfaGraceStartedAt` on first login (returns `mfa: 'grace'`,
    `remainingDays: 14`).
  * After window expires → `mfa: 'enrollment_required'`, `remainingDays: 0`
    (callers must force enrolment on sensitive routes).
  * Otherwise → `mfa: 'none'`.
- `LocalStrategy` now passes `totpEnabled` + `mfaGraceStartedAt` through
  to the command so the handler can branch without an extra query.
- `IUserRepository` + `PrismaUserRepository` get
  `updateMfaGraceStartedAt` / `updateMfaLastVerifiedAt`.
- `UserEntity` carries the two new fields end-to-end (props, getters,
  `createNew` + `createPasswordless` factories). Fixed an orphan-property
  syntax bug in `createPasswordless` that was breaking typecheck.
- `oauth.service.ts` `UserEntity` construction now includes `deletedAt`
  + the two MFA fields (was missing required props).
- Add missing `jsonwebtoken` + `@types/jsonwebtoken` to `apps/api`
  (transitively pulled in via `jwt-rotation.ts` from commit 3705193 but
  never declared, so `tsc --noEmit` was failing).
- Update `login-user.handler.spec.ts` + `local.strategy.spec.ts` to cover
  grace-window + enrolment-required branches. 338/338 auth tests pass.

Ops monitoring:
- New `monitoring/prometheus/slo-rules.yml` with recording + alerting
  rules for the agreed SLOs.
- Wire it into `prometheus.yml` + alertmanager routing.
- Capture the SLO soak-test results in
  `docs/audits/slo-soak-test-log.md`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 12:00:23 +07:00
..
ACCESSIBILITY_AUDIT_2026-04-10.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_AUDIT_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_AUDIT_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_CODE_FIXES_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_DETAILED_FIXES.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_FINDINGS_SUMMARY.txt
fix(docs): update remaining Next.js 14 references to Next.js 15
2026-04-16 06:05:47 +07:00
ACCESSIBILITY_FIXES_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ACCESSIBILITY_QUICK_SUMMARY.txt
chore(docs): consolidate 22 audit files from root into docs/audits/
2026-04-10 23:16:00 +07:00
ADMIN_AUDIT_ARCHITECTURE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ADMIN_AUDIT_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ADMIN_AUDIT_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ADMIN_AUDIT_QUICK_FILES.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ADMIN_MODULE_TEST_ANALYSIS.md
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
AGENT_PROFILE_CODE_EXAMPLES.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AGENT_PROFILE_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AGENT_PROFILE_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AGENT_PROFILE_README.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
ANALYSIS_SUMMARY.txt
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
API_AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_DETAILED_CHECKLIST.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_EXECUTIVE_SUMMARY.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_FILES_GENERATED.txt
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
AUDIT_INDEX_2026-04-12.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_INDEX_PRICING.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_INDEX_ROOT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_INDEX.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
AUDIT_LISTINGS_PROPERTY_MANAGEMENT.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
AUDIT_QUICK_REFERENCE_2026-04-12.md
docs: dịch 22 file Markdown còn lại sang tiếng Việt có dấu (TEC-2881)
2026-04-19 03:26:14 +07:00
AUDIT_QUICK_START.txt
chore: organize docs — move 37 files from root into docs/ subfolders
2026-04-13 12:09:14 +07:00
AUDIT_README.md
docs: dịch 22 file Markdown còn lại sang tiếng Việt có dấu (TEC-2881)
2026-04-19 03:26:14 +07:00
AUDIT_REPORT_2026_04_21.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
AUDIT_REPORT_2026-04-11.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_SUMMARY_2026-04-11.txt
fix(docs): update remaining Next.js 14 references to Next.js 15
2026-04-16 06:05:47 +07:00
AUDIT_SUMMARY_2026-04-12.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
AUDIT_SUMMARY.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
AUDIT_SUMMARY.txt
docs: move 8 audit report files to docs/audits/
2026-04-11 19:15:24 +07:00
AUDIT_TECHNICAL_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
BACKEND_API_AUDIT_EXCHANGE_UI.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
BACKEND_API_AUDIT_QUICK_REFERENCE.txt
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
CANONICAL_INDEX.md
docs(GOO-33): comprehensive documentation sprint
2026-04-22 23:29:20 +07:00
CODE_AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
CODE_QUALITY_AUDIT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
CODEBASE_AUDIT_2026-04-11.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
COMPREHENSIVE_AUDIT_2026-04-11.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
COMPREHENSIVE_AUDIT_2026-04-12.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
COMPREHENSIVE_AUDIT_REPORT_2026-04-11.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
COMPREHENSIVE_CODEBASE_AUDIT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
CQRS_HANDLER_AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
CQRS_HANDLER_AUDIT.csv
docs: move 8 audit report files to docs/audits/
2026-04-11 19:15:24 +07:00
CQRS_HANDLER_ERROR_HANDLING_GUIDE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
DETAILED_HANDLER_COMPARISON.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
EXPLORATION_COMPLETE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
FRONTEND_AUDIT_2026-04-10.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
FRONTEND_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
IMAGE_AUDIT_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
IMAGE_AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
IMAGE_AUDIT_SUMMARY.txt
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
IMAGE_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INFRASTRUCTURE_AUDIT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INFRASTRUCTURE_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INFRASTRUCTURE_RUNBOOK.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INQUIRIES_COMPLETE_FILE_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INQUIRIES_EXPLORATION_SUMMARY.txt
docs: move additional exploration docs to docs/audits/
2026-04-11 01:41:23 +07:00
INQUIRIES_MODULE_EXPLORATION_2.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INQUIRIES_MODULE_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
INQUIRIES_MODULE_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
MCP_DOCUMENTATION_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
MCP_FILES_LISTING.txt
docs: move additional exploration docs to docs/audits/
2026-04-11 01:41:23 +07:00
MCP_MODULE_EXPLORATION_2.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
MCP_MODULE_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
MCP_QUICK_REFERENCE_2.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
MCP_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
PRICING_AUDIT_SUMMARY.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
PRICING_CHECKOUT_AUDIT.md
docs: dịch 22 file Markdown còn lại sang tiếng Việt có dấu (TEC-2881)
2026-04-19 03:26:14 +07:00
PROPERTY_DETAIL_COMPONENTS_MAP.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
PROPERTY_DETAIL_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
PROPERTY_DETAIL_PAGE_ANALYSIS.md
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
PROPERTY_DETAIL_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
QUICK_REFERENCE_ROOT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
README_AUDIT_FILES.md
docs: consolidate exploration & audit reports under docs/ (TEC-3094)
2026-04-21 16:29:24 +07:00
README_INFRASTRUCTURE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
README_INQUIRIES_EXPLORATION.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
README_PROPERTY_DETAIL.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
README_TEST_COVERAGE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
README.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
slo-soak-test-log.md
feat(auth): complete MFA grace period for required roles + ops monitoring
2026-04-29 12:00:23 +07:00
START_HERE_ROOT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_AUDIT_README.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_COVERAGE_ANALYSIS_ROOT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_COVERAGE_AUDIT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_COVERAGE_QUICK_REFERENCE_ROOT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_COVERAGE_QUICK_REFERENCE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_FILES_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TEST_TEMPLATES.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
TESTING_INDEX.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
WEB_AUDIT_QUICK_REFERENCE.txt
docs: consolidate audit and analysis reports into docs/audits/
2026-04-11 01:37:50 +07:00
WEB_AUDIT_REPORT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
WEB_AUDIT_SUMMARY.md
docs: dịch 22 file Markdown còn lại sang tiếng Việt có dấu (TEC-2881)
2026-04-19 03:26:14 +07:00
WEB_NEXT15_UPGRADE_ASSESSMENT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
WEB_README_AUDIT.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
WEB_START_HERE.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00
WEB_UPGRADE_CHECKLIST.md
chore: update project documentation, audit reports, and initialize IDE configuration files
2026-04-19 03:12:54 +07:00

README.md

Báo Cáo Kiểm Thử

Tất cả các báo cáo kiểm thử và khám phá mã nguồn cho Nền Tảng GoodGo, được tạo ra trong các chu kỳ đánh giá mã và đảm bảo chất lượng.

Bắt Đầu Nhanh

Mục Tiêu Bắt Đầu Tại Đây
Tổng quan toàn bộ mã nguồn COMPREHENSIVE_CODEBASE_AUDIT.md
Chất lượng mã & các mẫu thiết kế CODE_QUALITY_AUDIT.md
Các khoảng trống độ phủ kiểm thử AUDIT_SUMMARY.txt (sau đó xem TEST_COVERAGE_AUDIT.md)
Trạng thái khả năng tiếp cận ACCESSIBILITY_QUICK_SUMMARY.txt
Phân tích chuyên sâu mô-đun Admin ADMIN_AUDIT_INDEX.md
Chất lượng API API_AUDIT_REPORT.md
Phân tích giao diện người dùng FRONTEND_EXPLORATION.md

Chỉ Mục Theo Danh Mục

Tổng Quát / Xuyên Suốt

Tệp Kích Thước Mô Tả
AUDIT_INDEX.md 4.4 KB Chỉ mục chính về chất lượng mã và kiểm thử
AUDIT_SUMMARY.txt 8.4 KB Bảng tóm tắt điều hành
COMPREHENSIVE_CODEBASE_AUDIT.md 15 KB Đánh giá kiến trúc toàn diện
CODE_QUALITY_AUDIT.md 21 KB Phân tích phong cách, mẫu thiết kế và chất lượng mã

Khả Năng Tiếp Cận

Tệp Kích Thước Mô Tả
ACCESSIBILITY_QUICK_SUMMARY.txt 3.9 KB Tóm tắt nhanh các phát hiện về a11y
ACCESSIBILITY_FINDINGS_SUMMARY.txt 20 KB Các phát hiện chi tiết về a11y
ACCESSIBILITY_AUDIT_INDEX.md 9.1 KB Chỉ mục tài liệu kiểm thử khả năng tiếp cận
ACCESSIBILITY_AUDIT_2026-04-10.md 47 KB Kiểm thử khả năng tiếp cận đầy đủ (2026-04-10)
ACCESSIBILITY_AUDIT_QUICK_REFERENCE.md 8.6 KB Hướng dẫn tham khảo nhanh về a11y
ACCESSIBILITY_CODE_FIXES_INDEX.md 7.1 KB Chỉ mục các sửa lỗi mã a11y đã áp dụng
ACCESSIBILITY_DETAILED_FIXES.md 8.9 KB Mô tả chi tiết các sửa lỗi a11y
ACCESSIBILITY_FIXES_REPORT.md 8.4 KB Tóm tắt các sửa lỗi a11y đã áp dụng

Mô-đun Admin

Tệp Kích Thước Mô Tả
ADMIN_AUDIT_INDEX.md 14 KB Chỉ mục kiểm thử mô-đun admin
ADMIN_AUDIT_EXPLORATION.md 24 KB Khám phá và phân tích mô-đun admin
ADMIN_AUDIT_QUICK_FILES.md 9.0 KB Tham khảo tệp nhanh cho mô-đun admin
ADMIN_AUDIT_ARCHITECTURE.md 28 KB Phân tích chuyên sâu kiến trúc mô-đun admin

API

Tệp Kích Thước Mô Tả
API_AUDIT_REPORT.md 11 KB Kiểm thử chất lượng và tính nhất quán của API

Giao Diện Người Dùng

Tệp Kích Thước Mô Tả
FRONTEND_EXPLORATION.md 19 KB Khám phá và phân tích mã nguồn giao diện người dùng
FRONTEND_AUDIT_2026-04-10.md 9.2 KB Kiểm thử giao diện người dùng (2026-04-10)

Độ Phủ Kiểm Thử

Tệp Kích Thước Mô Tả
TEST_AUDIT_README.md 8.5 KB Hướng dẫn tài liệu kiểm thử
TEST_COVERAGE_AUDIT.md 28 KB Phân tích độ phủ kiểm thử toàn diện
TEST_COVERAGE_QUICK_REFERENCE.md 13 KB Tra cứu nhanh độ phủ kiểm thử

Đã Tạo

Tất cả các báo cáo được tạo ra trong chu kỳ đánh giá mã nguồn tháng 4 năm 2026.

Reference in New Issue View Git Blame Copy Permalink