Blame
|
1 | --- |
||||||
|
2 | ## How to read this document |
||||||
| 3 | ||||||||
| 4 | - **Dependencies** list task IDs that must be complete before this task starts |
|||||||
| 5 | - **Parallel group** identifies tasks that can run simultaneously within a phase |
|||||||
| 6 | - **Target** identifies which repo and branch the work goes into |
|||||||
| 7 | - Tasks are numbered `P{phase}-{sequence}` (e.g., P0-3) |
|||||||
| 8 | - Acceptance criteria are binary — pass or fail, no judgment calls |
|||||||
| 9 | ||||||||
| 10 | --- |
|||||||
| 11 | ||||||||
| 12 | ## Phase 4: Git Remote + Launch Prep |
|||||||
| 13 | ||||||||
| 14 | **Goal:** Git clone/pull access, rate limiting, monitoring, backups, landing page. Free tier shippable after this phase. |
|||||||
| 15 | ||||||||
| 16 | ### P4-1: Git Smart HTTP |
|||||||
| 17 | ||||||||
| 18 | **Parallel group:** Phase 4 (parallel with P4-3, P4-4, P4-5, P4-6) |
|||||||
| 19 | **Dependencies:** P1-7 (routing) |
|||||||
| 20 | **Target:** `wikibot-io` repo, `feat/P4-1-git-http` |
|||||||
| 21 | ||||||||
| 22 | **Description:** |
|||||||
| 23 | Implement Git smart HTTP protocol for read-only clone/pull access (free tier). Lambda handles `git-upload-pack` for clone/fetch. Use dulwich for pure-Python Git protocol handling (no `git` binary dependency). |
|||||||
| 24 | ||||||||
| 25 | Route: `{username}.wikibot.io/{wiki}.git/*` |
|||||||
| 26 | ||||||||
| 27 | **Deliverables:** |
|||||||
| 28 | - `app/git/smart_http.py` — Git smart HTTP handlers (info/refs, git-upload-pack) |
|||||||
| 29 | - API Gateway routes for `/{wiki}.git/*` |
|||||||
| 30 | - Integration test: `git clone https://user.wikibot.io/wiki.git` |
|||||||
| 31 | ||||||||
| 32 | **Acceptance criteria:** |
|||||||
| 33 | - [ ] `git clone` succeeds for authorized user |
|||||||
| 34 | - [ ] `git pull` fetches latest changes |
|||||||
| 35 | - [ ] `git push` rejected for free tier (read-only) |
|||||||
| 36 | - [ ] Unauthorized clone rejected (unless public wiki) |
|||||||
| 37 | - [ ] Public wiki clonable without auth |
|||||||
| 38 | ||||||||
| 39 | --- |
|||||||
| 40 | ||||||||
| 41 | ### P4-2: Git Auth |
|||||||
| 42 | ||||||||
| 43 | **Parallel group:** Phase 4 |
|||||||
| 44 | **Dependencies:** P4-1, P2-2 |
|||||||
| 45 | **Target:** `wikibot-io` repo, `feat/P4-2-git-auth` |
|||||||
| 46 | ||||||||
| 47 | **Description:** |
|||||||
| 48 | Git credential authentication. Users authenticate `git clone/pull` with their MCP bearer token as password (username ignored or set to `token`). The Lambda validates the bearer token against the wiki's stored hash. |
|||||||
| 49 | ||||||||
| 50 | **Deliverables:** |
|||||||
| 51 | - Git credential validation in smart HTTP handler |
|||||||
| 52 | - Documentation: how to configure `git credential helper` for wikibot.io |
|||||||
| 53 | - Integration test: authenticated clone, rejected unauthorized clone |
|||||||
| 54 | ||||||||
| 55 | **Acceptance criteria:** |
|||||||
| 56 | - [ ] `git clone https://token:<bearer>@user.wikibot.io/wiki.git` succeeds |
|||||||
| 57 | - [ ] Invalid token rejected with 401 |
|||||||
| 58 | - [ ] Git credential helper instructions work |
|||||||
| 59 | ||||||||
| 60 | --- |
|||||||
| 61 | ||||||||
| 62 | ### P4-3: WAF Setup |
|||||||
| 63 | ||||||||
| 64 | **Parallel group:** Phase 4 (independent) |
|||||||
| 65 | **Dependencies:** None (can apply to existing API Gateway) |
|||||||
| 66 | **Target:** `wikibot-io` repo, `feat/P4-3-waf` |
|||||||
| 67 | ||||||||
| 68 | **Description:** |
|||||||
| 69 | AWS WAF on API Gateway and CloudFront. IP-based rate limiting, OWASP Top 10 managed rule set, bot control. |
|||||||
| 70 | ||||||||
| 71 | **Deliverables:** |
|||||||
| 72 | - `infra/components/waf.py` — WAF web ACL, managed rules, rate limiting |
|||||||
| 73 | - Rate limit: 100 requests/minute per IP (adjustable) |
|||||||
| 74 | - OWASP managed rule set attached |
|||||||
| 75 | ||||||||
| 76 | **Acceptance criteria:** |
|||||||
| 77 | - [ ] WAF attached to API Gateway and CloudFront |
|||||||
| 78 | - [ ] Rate limiting triggers on excessive requests |
|||||||
| 79 | - [ ] OWASP rules active |
|||||||
| 80 | - [ ] Legitimate traffic not affected |
|||||||
| 81 | ||||||||
| 82 | --- |
|||||||
| 83 | ||||||||
| 84 | ### P4-4: Monitoring and Alerting |
|||||||
| 85 | ||||||||
| 86 | **Parallel group:** Phase 4 (independent) |
|||||||
| 87 | **Dependencies:** None |
|||||||
| 88 | **Target:** `wikibot-io` repo, `feat/P4-4-monitoring` |
|||||||
| 89 | ||||||||
| 90 | **Description:** |
|||||||
| 91 | CloudWatch dashboards, alarms, and alerting for production readiness. |
|||||||
| 92 | ||||||||
| 93 | **Deliverables:** |
|||||||
| 94 | - `infra/components/monitoring.py` — dashboards, alarms, SNS topics |
|||||||
| 95 | - Dashboard: Lambda invocations, errors, duration, cold starts; API Gateway 4xx/5xx rates; DynamoDB throttles; EFS IOPS |
|||||||
| 96 | - Alarms: Lambda error rate > 5%, API 5xx rate > 1%, DynamoDB throttle, EFS burst credit depletion |
|||||||
| 97 | - SNS email notifications for alarms |
|||||||
| 98 | ||||||||
| 99 | **Acceptance criteria:** |
|||||||
| 100 | - [ ] Dashboard viewable in CloudWatch console |
|||||||
| 101 | - [ ] Alarms trigger on test conditions |
|||||||
| 102 | - [ ] Email notifications received |
|||||||
| 103 | ||||||||
| 104 | --- |
|||||||
| 105 | ||||||||
| 106 | ### P4-5: Backup Strategy |
|||||||
| 107 | ||||||||
| 108 | **Parallel group:** Phase 4 (independent) |
|||||||
| 109 | **Dependencies:** None |
|||||||
| 110 | **Target:** `wikibot-io` repo, `feat/P4-5-backups` |
|||||||
| 111 | ||||||||
| 112 | **Description:** |
|||||||
| 113 | AWS Backup for EFS (daily snapshots, 30-day retention). DynamoDB PITR (already enabled in P2-1, verify here). |
|||||||
| 114 | ||||||||
| 115 | **Deliverables:** |
|||||||
| 116 | - `infra/components/backups.py` — AWS Backup vault, plan, selection for EFS |
|||||||
| 117 | - Verification that DynamoDB PITR is enabled |
|||||||
| 118 | - Runbook: how to restore from EFS backup, how to restore DynamoDB to point-in-time |
|||||||
| 119 | ||||||||
| 120 | **Acceptance criteria:** |
|||||||
| 121 | - [ ] AWS Backup plan created with daily schedule |
|||||||
| 122 | - [ ] EFS filesystem selected for backup |
|||||||
| 123 | - [ ] 30-day retention configured |
|||||||
| 124 | - [ ] DynamoDB PITR verified active |
|||||||
| 125 | - [ ] Restore runbook written and tested (at least one test restore) |
|||||||
| 126 | ||||||||
| 127 | --- |
|||||||
| 128 | ||||||||
| 129 | ### P4-6: Landing Page and Docs |
|||||||
| 130 | ||||||||
| 131 | **Parallel group:** Phase 4 (independent) |
|||||||
| 132 | **Dependencies:** P3-7 (static hosting infrastructure) |
|||||||
| 133 | **Target:** `wikibot-io` repo, `feat/P4-6-landing` |
|||||||
| 134 | ||||||||
| 135 | **Description:** |
|||||||
| 136 | Public landing page at `wikibot.io` for new visitors. Explains what wikibot.io is, shows pricing (free tier), and has a signup CTA. Basic docs covering: getting started, MCP setup, wiki conventions. |
|||||||
| 137 | ||||||||
|
138 | **Design spec:** [[Design/Landing_Page]] — content, structure, tone, logo requirements, deliverables. |
||||||
| 139 | ||||||||
|
140 | **Deliverables:** |
||||||
| 141 | - Landing page (within SPA or separate static page) |
|||||||
| 142 | - Getting Started guide |
|||||||
| 143 | - MCP setup documentation |
|||||||
| 144 | - Pricing section (free tier only for now, "premium coming soon") |
|||||||
| 145 | ||||||||
| 146 | **Acceptance criteria:** |
|||||||
| 147 | - [ ] Landing page loads at `https://wikibot.io/` |
|||||||
| 148 | - [ ] Getting Started guide covers: signup → create wiki → connect MCP → first note |
|||||||
| 149 | - [ ] MCP setup docs cover Claude.ai and Claude Code |
|||||||
| 150 | - [ ] CTA links to signup/login |
|||||||
| 151 | ||||||||
| 152 | --- |
|||||||
| 153 | ||||||||
| 154 | ### P4-7: Phase 4 E2E Test |
|||||||
| 155 | ||||||||
| 156 | **Parallel group:** Phase 4 (final) |
|||||||
| 157 | **Dependencies:** All P4 tasks |
|||||||
| 158 | **Target:** `wikibot-io` repo, `feat/P4-7-e2e` |
|||||||
| 159 | ||||||||
| 160 | **Description:** |
|||||||
| 161 | Full free-tier user journey: discover → signup → create wiki → connect MCP → write notes → clone repo → manage collaborators. This is the launch readiness test. |
|||||||
| 162 | ||||||||
| 163 | **Deliverables:** |
|||||||
| 164 | - `tests/e2e/test_phase4.py` |
|||||||
|
165 | - Results written to Dev/Phase 4 Summary per Agent Conventions documentation loop |
||||||
|
166 | |||||||
| 167 | **Acceptance criteria:** |
|||||||
| 168 | - [ ] Landing page → signup → dashboard flow works |
|||||||
| 169 | - [ ] Wiki creation, MCP connection, note writing all work |
|||||||
| 170 | - [ ] Git clone of wiki repo succeeds |
|||||||
| 171 | - [ ] Collaborator invitation and access works |
|||||||
| 172 | - [ ] Rate limiting doesn't block normal usage |
|||||||
| 173 | - [ ] Monitoring dashboard shows the test traffic |
|||||||
| 174 | - [ ] Backup has run at least once |
|||||||
|
175 | - [ ] No security warnings in WAF logs from legitimate traffic |
||||||
| 176 | ||||||||
| 177 | --- |
|||||||
| 178 | ||||||||
| 179 | ### P4-8: Pre-Launch Security Review |
|||||||
| 180 | ||||||||
| 181 | **Parallel group:** Phase 4 (after P4-7, before launch) |
|||||||
| 182 | **Dependencies:** P4-7 (E2E test — system must be functionally complete first) |
|||||||
| 183 | **Target:** `wikibot-io` repo, `feat/P4-8-security` |
|||||||
| 184 | ||||||||
| 185 | **Description:** |
|||||||
| 186 | Structured security review of the full attack surface before opening to users. Not a third-party pentest — a systematic walkthrough of auth, access control, input validation, infrastructure config, and data exposure. The full checklist is in [[Tasks/Launch_Checklist]] under "Security Review." |
|||||||
| 187 | ||||||||
| 188 | This is a gate: launch does not proceed until all security checklist items pass. |
|||||||
| 189 | ||||||||
| 190 | **Deliverables:** |
|||||||
| 191 | - Security review results documented (Dev/P4-8_Security_Review) |
|||||||
| 192 | - Any vulnerabilities found are filed as issues and fixed |
|||||||
| 193 | - All items in Launch_Checklist "Security Review" section checked off |
|||||||
| 194 | ||||||||
| 195 | **Acceptance criteria:** |
|||||||
| 196 | - [ ] All auth/access control checks pass (tenant isolation, token handling, ACL enforcement) |
|||||||
| 197 | - [ ] All input validation checks pass (path traversal, XSS, injection, MCP fuzzing) |
|||||||
| 198 | - [ ] All infrastructure checks pass (secrets management, EFS isolation, HTTPS, CORS, rate limiting) |
|||||||
| 199 | - [ ] All data exposure checks pass (error responses, git isolation, search scoping, cache isolation) |
|||||||
| 200 | - [ ] No unresolved high-severity findings |
|||||||