docs(currency): flip stale "not started" status for shipped features#48
Merged
Conversation
A code-vs-docs audit (15-agent workflow) found the product surface is ahead of what the docs/comments claim: several merged features were still labelled "not started" / "stub" / "deferred". This corrects the framing so future audits don't re-litigate shipped work. Docs + code COMMENTS only — no runtime behavior changes. dev-docs status lines flipped to verified reality (all cited commits are ancestors of develop): - federation-v1-design / -implementation-plan → Shipped (PR #23 4fa3af0, PR #24 0b70b31); Phase 6 per-realm TTL + durable leased-membership v2 kept as the genuine remainder. - saml-federation + index → Shipped (PR #17 8fc3df0); SLO + SAML IdP-mode kept explicitly deferred. - versioning-publishing-conventions → Shipped (GHCR retention, moving Docker tags, NuGet feed-gate are live workflows). - app-resources-as-permissions → ID-anchored model shipped. - white-label-customization (index) → Phase 1 shipped (8c8dea5/2ec0e58/ ae2f9ca); page-builder runtime + custom-CSS kept deferred. - production-readiness-audit → SAML SP DONE (PR #17), rescored 1→3; LDAP/AD kept open. - identity-lifecycle-untangle → auto-membership externalClaims contradiction RESOLVED (PR #24); durable-lease piece kept open. - permission-modell §5 + userinfo-hybrid-flat-emission → corrected to "groups NOT emitted (IdP-internal)" — matches AuthorizationEndpoints.cs + UserInfoPerAudienceTests. (The line a future groups-claim decision would consciously lift; left at today's reality.) False in-code comments removed/corrected (comment-only): - SamlEndpoints.cs: dropped the false "handlers are 501 stubs" note — they delegate to the live SamlLoginFlow. - SamlSetup.cs: dropped the "still to come task #13/#14/#15" block. - Program.cs: SAML hook is wired, not a "placeholder". - AuthorizationEndpoints.cs: claims injection is shipped via IPermissionService, not "deferred / legacy IRoleRepository". - CI workflow comments: :staging → :beta (the tag actually pushed). Deliberately NOT touched: signing-key rotation-overlap docs — those belong to the separate rotation thread (implement-vs-document still open). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
A code-vs-docs audit (a 15-agent verification workflow) found that Modgud's product surface is ahead of what the docs/comments claim — several merged features were still labelled "not started" / "stub" / "deferred". This PR corrects the framing so future audits don't re-litigate shipped work.
Docs + code COMMENTS only — no runtime behavior changes. Every cited commit was verified as an ancestor of
develop; every XML-doccrefresolves.Dev-docs status lines flipped to verified reality
federation-v1-design.md,-implementation-plan.md) → Shipped (PR docs(federation): federation v1 spec (A-G decided) + English-only session docs #234fa3af0, PR feat(federation): Federation v1 (broker → session-derived authz) + v1.1 token layer #240b70b31). Phase 6 (per-realm session TTL) + durable leased-membership (v2) kept as the genuine remainder.saml-federation.md,index.md) → Shipped (PR feat: SAML 2.0 SP federation + login-provider single-modal Add+Edit #178fc3df0). SLO + SAML IdP-mode kept explicitly deferred.versioning-publishing-conventions.md) → Shipped (GHCR retention, moving Docker tags, NuGet feed-gate are live workflows).app-resources-as-permissions.md,index.md) → ID-anchored model shipped.index.md) → Phase 1 shipped (8c8dea5/2ec0e58/ae2f9ca); page-builder runtime + custom-CSS kept deferred.externalClaimscontradiction marked RESOLVED (PR feat(federation): Federation v1 (broker → session-derived authz) + v1.1 token layer #24); durable-lease piece kept open.Corrected "groups emitted" framing (matches code + tests)
permission-modell.md§5 +userinfo-hybrid-flat-emission.md→ corrected to "groups NOT emitted (IdP-internal)", matchingAuthorizationEndpoints.cs:549("Groups stay out … no groups scope") andUserInfoPerAudienceTests. This is the line a future groups-claim decision would consciously lift — left at today's reality, not pre-empted.False in-code comments removed/corrected (comment-only)
SamlEndpoints.cs: dropped the false "handlers are 501 stubs" note — they delegate to the liveSamlLoginFlow.SamlSetup.cs: dropped the "still to come — task chore(deps): bump docker/metadata-action from 5 to 6 #13/chore(deps): bump docker/login-action from 3 to 4 #14/Bump the critter-stack group with 1 update #15" block.Program.cs: SAML hook is wired, not a "placeholder hook".AuthorizationEndpoints.cs: claims injection is shipped viaIPermissionService, not "deferred / legacyIRoleRepository".:staging→:beta(the tag actually pushed;:stagingis retired).Deliberately NOT touched
The signing-key rotation-overlap docs — those belong to the separate rotation thread (implement-vs-document is still an open decision).
🤖 Generated with Claude Code