Wiki compilé — mis à jour automatiquement par les agents ADLC/PDLC
| Champ | Valeur |
|---|---|
| Projet | ods-platform |
| Stack | go |
| Staging | https://workflow-engine.staging.orbusdigital.com |
| Repo | ~/dev/projects/workflow-engine |
| Dernier commit | 963a9c6 fix(docker): use golang:1.24-alpine to match go.mod requirement (13 days ago) |
Section enrichie par l’agent architect à chaque review.
Voir runbook: runbook-workflow-engine.md
Section enrichie par les agents BA, architect, security, devops après chaque passage.
| agent | résultat | date | note |
|---|---|---|---|
| ba | PASS | 2026-04-09 | 16/17 MET, 1 PARTIAL (AC-11 Redpanda transport test LOW). BUG-006 RS256 JWT resolved, MaxBodySize resolved, RLS SET LOCAL confirmed. commit db42f9a |
| devops | FAIL | 2026-04-09 | CRITICAL: go.mod/main.go/.env.example have unresolved merge conflicts (commit 42dfe39) — Docker build fails. HIGH: OID_JWKS_URL missing from Coolify env. LOW: .dockerignore absent. |
| architect | FAIL | 2026-04-09 | 6/8 checks passed, 1 N/A. CRITICAL: main.go has 4 unresolved git merge conflict markers from BUG-006 RS256 migration — service cannot compile. WARN: KAFKA_BROKERS defaults to localhost:9092. commit 42dfe39 |
| security | FAIL | 2026-04-09 | OWASP 6/10, severity=HIGH. FAIL: RS256 migration dead code due to unresolved merge conflicts in main.go+go.mod (A02+A06). WARN: No RBAC enforcement on any endpoint (A05). WARN: JWT exp not explicitly required (A02). commit 42dfe39 |
| security | PASS | 2026-04-09 | RE-REVIEW commit 4a4a5e7. OWASP 8/10, severity=MEDIUM. Merge conflicts resolved. RS256/JWKS active. RLS+FORCE RLS confirmed. Auth strong. Concerns: .gitignore incomplete (no .pem/.key), no CORS/security headers, steps array has no count limit, dev creds in .env.example. No critical/high findings. |
| architect | PASS | 2026-04-09 | 8/8 checks passed. Merge conflicts resolved. RS256/JWKS active. RLS enforced with FORCE RLS. CloudEvents compliant. Clean staging branch commit 4a4a5e7. |
| devops | PASS_WITH_NOTES | 2026-04-09 | RE-REVIEW commit 4a4a5e7. Docker build PASS. .dockerignore PASS. No conflict markers. Health+Ready endpoints confirmed. WARN: OID_JWKS_URL absent from Coolify env_vars (HS256 fallback active on staging — must set before prod promotion). |
Section enrichie par l’agent veille quand un finding concerne ce service.
| priorité | description | ajouté le |
|---|---|---|
| HIGH | main.go merge conflicts — RESOLVED in commit 4a4a5e7. RS256/JWKS now active on staging branch. | 2026-04-09 |
| MEDIUM | Security: Roles are extracted from JWT but never enforced in any handler — no RBAC checks exist. Any authenticated user can perform admin operations. | 2026-04-09 |
| MEDIUM | KAFKA_BROKERS defaults to hardcoded ‘localhost:9092’ in config.go:35 — should require explicit env var | 2026-04-09 |
| MEDIUM | LOG_LEVEL env var not honored in main.go — hardcoded slog.LevelInfo | 2026-04-09 |
| LOW | instances.go:60 Create handler missing correlation_id in one slog.Error call | 2026-04-09 |
Liens vers les ADRs concernant ce service.
Section enrichie par le PDLC pipeline.
Dernière compilation: 2026-04-07 11:33 UTC