Scrum4Me

History

Madhura68 a1d1f99216 proxy: add /ideas to protectedRoutes; verify demo-guard for /api/ideas (M12 T-501) - proxy.ts: /ideas added to protectedRoutes — unauthenticated users get redirected to /login when navigating to /ideas or /ideas/[id] - existing demo-guard catch-all (\`/api/* + non-GET\`) already blocks POST/PATCH/DELETE /api/ideas* with 403 — confirmed via 3 new tests - server-action endpoints (start-grill / start-make-plan / materialize / promote-to-idea) carry their own \`session.isDemo\` checks inside actions/ideas.ts and actions/todos.ts (defense in depth) Tests: 9/9 in proxy demo-guard suite (added 3 idea cases). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 19:56:41 +02:00
..
demo-guard.test.ts	proxy: add /ideas to protectedRoutes; verify demo-guard for /api/ideas (M12 T-501)	2026-05-04 19:56:41 +02:00

Madhura68 a1d1f99216 proxy: add /ideas to protectedRoutes; verify demo-guard for /api/ideas (M12 T-501)

- proxy.ts: /ideas added to protectedRoutes — unauthenticated users get
  redirected to /login when navigating to /ideas or /ideas/[id]
- existing demo-guard catch-all (\`/api/* + non-GET\`) already blocks
  POST/PATCH/DELETE /api/ideas* with 403 — confirmed via 3 new tests
- server-action endpoints (start-grill / start-make-plan / materialize /
  promote-to-idea) carry their own \`session.isDemo\` checks inside
  actions/ideas.ts and actions/todos.ts (defense in depth)

Tests: 9/9 in proxy demo-guard suite (added 3 idea cases).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-04 19:56:41 +02:00

demo-guard.test.ts

proxy: add /ideas to protectedRoutes; verify demo-guard for /api/ideas (M12 T-501)

2026-05-04 19:56:41 +02:00