2026-01-16 - 2026-07-16
Overview
8 Releases published by 1 user
Published
v0.1.8
Published
v0.1.7
Published
v0.1.6
Published
v0.1.4
Published
v0.1.3
Published
v0.1.2
Published
v0.1.1
Published
v0.1.0
222 Issues closed from 1 user
Closed
#258 [Task] Split auth session check from full user bootstrap
Closed
#245 [Debt] Refactor high-complexity core installer/configuration/runtime functions
Closed
#257 [Audit] Refactor core installer, catalog, and runtime validation complexity hotspots
Closed
#254 [Security audit] Harden module installer subprocess command provenance
Closed
#253 [Security audit] Centralize safe HTTP(S) fetch and URL validation in core
Closed
#255 [Security audit] Replace silent core exception handling with narrow logging
Closed
#256 [Security audit] Document safe SQLAlchemy text usage in migration helpers
Closed
#250 [Debt] Define shared platform API schema primitives across access, admin, policy, and tenancy
Closed
#252 [Debt] Define shared SQLAlchemy change-tracking helpers for modules
Closed
#249 [Debt] Centralize repeated WebUI API client request helpers
Closed
#251 [Debt] Provide shared module runtime proxy helper for modules
Closed
#247 [Feature] Notification settings and preferences surface
Closed
#248 [Feature] Emit notifications for core module installer queue lifecycle
Closed
#242 [Security] Review dynamic module import trust boundary
Closed
#240 [Security] Review dynamic SQL text findings and add safe identifier helpers
Closed
#239 [Security] Centralize outbound URL policy for core fetches and health checks
Closed
#232 [Security] Harden module installer shell command hooks
Closed
#238 [Security] Harden release-doctor shell command execution
Closed
#241 [Supply-chain] Pin Gitea workflow actions to immutable revisions
Closed
#244 [Security] Lock audit toolbox dependencies flagged by OSV
Closed
#237 [Security] Harden installer shell hook execution and command trust boundary
Closed
#243 [Security] Fix audit report capture and duplicate-scan noise
Closed
#236 [Security] Broaden audit/config secret redaction key matching
Closed
#235 [Security] Reject wildcard CORS with credentials at runtime
Closed
#233 [Security] Redact installer run-record secrets
Closed
#234 [Security] Stop persisting UI API keys in localStorage
Closed
#223 [Task] Define release migration squashing and baseline workflow
Closed
#165 [Feature] Define tenant deletion and module cleanup/veto contract
Closed
#86 [Feature] Add delete-veto orchestration through module providers
Closed
#231 [Feature] Target-state module update planner
Closed
#14 [Task] Consider backend-provided exact policy source metadata for "which specific scope caused this value"
Closed
#13 [Task] Surface governance source path more explicitly in tenant details and other admin panels
Closed
#16 [Task] Define inheritance/delegation constraints explicitly: may use, must use, may override, may not override, may merge, may delegate
Closed
#15 [Feature] Add impact analysis before delete, disable, unshare, policy changes, and cascading changes
Closed
#32 [Task] LDAP/OIDC/SAML provisioning; OIDC likely first
Closed
#35 [Task] WebUI-driven update/rollback with backup and rollback guardrails
Closed
#33 [Task] Catch error mail address
Closed
#81 [Feature] Ensure core-only startup still works enough to show shell/health, but access is required for authenticated product use
Closed
#85 [Feature] Define tenant lifecycle events: created, suspended, resumed, deletion requested, erasure completed
Closed
#91 [Feature] Add policy simulation before destructive/limiting changes
Closed
#96 [Task] Introduce outbox table and dispatcher for production-safe event delivery
Closed
#95 [Task] Separate command bus from event bus
Closed
#79 [Feature] Move login/session/admin access UI into access/admin module contributions
Closed
#77 [Feature] Move access permissions and default role templates into the access manifest
Closed
#97 [Feature] Move audit log storage/query/export into audit module
Closed
#78 [Feature] Move access migrations into the access module migration registration
Closed
#70 [Feature] Move or clearly mark these as kernel-stable contracts:
Closed
#131 [Feature] Add IDM/LDAP/OIDC/SAML/SCIM provisioning
Closed
#130 [Feature] Add XRechnung workflow
Closed
#129 [Feature] Add ERP/finance connector
Closed
#128 [Feature] Add DMS/eAkte connector
Closed
#127 [Feature] Add XÖV validation/mapping module
Closed
#126 [Feature] Add FIT-Connect connector
Closed
#125 [Feature] Build govoplan-connectors registry and connector runtime
Closed
#124 [Task] Link existing files/mail/campaign to cases
Closed
#123 [Feature] Add govoplan-recipients / govoplan-address-book
Closed
#122 [Feature] Add govoplan-templates
Closed
#121 [Feature] Add govoplan-forms
Closed
#120 [Feature] Extract/generalize reusable workflow/review patterns into govoplan-workflow
Closed
#119 [Feature] Create govoplan-tasks concept and MVP
Closed
#118 [Feature] Create govoplan-cases concept and MVP
Closed
#89 [Feature] Move delegation ceilings and "more restrictive only" validation into policy
Closed
#88 [Feature] Move hierarchical policy evaluation into policy
Closed
#60 [Task] Decide early self-hosted installer packaging approach: Compose-first script, CLI wizard, generated .env plus runbook, or a staged combination
Closed
#25 [Feature] Add scripts/docs for starting, stopping, resetting, and seeding the production-like dev stack without replacing the minimal dev workflow
Closed
#21 [Feature] Add configuration validation that fails early with actionable messages when required production-like settings are missing
Closed
#20 [Feature] Add .env.example, generated config templates, or a config bootstrap command so new installs are configured intentionally instead of only cloned
Closed
#5 [Task] Check and re-check module boundaries: mail code in campaign and files, file code in mail and campaign, and campaign code in mail and file; also, check against core so cor...
Closed
#50 [Task] Replace direct cross-module SQL lookups with provider/event contracts
Closed
#82 [Feature] Move tenant registry, tenant settings, tenant lifecycle, tenant switching, and tenant deletion orchestration into tenancy
Closed
#63 Move platform admin services and models into owning modules
Closed
#62 [Task] Move legacy admin handler, service, and model ownership out of the access compatibility implementation into access, tenancy, policy, audit, and core settings modules
Closed
#87 [Feature] Add tenant lifecycle tests with files/mail/campaign installed and absent
Closed
#92 [Feature] Move mail/retention effective policy display onto shared policy components
Closed
#98 [Feature] Add event producers for access, tenancy, policy, files, mail, and campaign actions
Closed
#103 [Feature] Move policy admin pages to policy module
Closed
#99 [Feature] Add evidence bundle export as a later audit capability
Closed
#104 [Feature] Move audit admin pages to audit module
Closed
#93 [Feature] Add regression tests for non-viable lower-level options being hidden or disabled
Closed
#90 [Feature] Add explain endpoints and UI component contract for policy source paths
Closed
#94 [Feature] Define typed PlatformEvent envelope with actor, tenant, subject, resource, correlation, causation, classification, and payload
Closed
#102 [Feature] Move tenant admin pages to tenancy module
Closed
#101 [Feature] Move access admin pages to access module
Closed
#100 [Feature] Define admin route/nav contribution contract
Closed
#227 Codify interface ethics as a product-wide UI doctrine
Closed
#107 [Feature] Add WebUI module permutation builds
Closed
#69 [Task] Mark DataGrid work as explicitly deferred
Closed
#75 [Feature] Move accounts, authentication, sessions, API keys, groups, memberships, roles, role assignments, and principal resolution into access
Closed
#164 [Task] Separate tenant lifecycle from membership/roles
Closed
#162 [Task] Inventory tenant model and tenant setting usage
Closed
#84 [Feature] Define TenantResolver and tenant-context protocols in the kernel
Closed
#83 [Feature] Keep memberships and role assignments in access
Closed
#80 [Feature] Define PrincipalResolver and related protocols in the kernel
Closed
#49 [Task] Replace feature-module direct user/group/tenant model imports
Closed
#52 [Task] Remove transitional boundary checker allowlist entries as each contract lands
Closed
#74 [Feature] Add manifest schema/versioning
Closed
#73 [Feature] Add OpenAPI/route collision validation
Closed
#66 [Feature] Add dependency-boundary checks that forbid direct optional module imports
Closed
#230 Unify tree and explorer navigation components across docs, mail, and files
Closed
#229 Finish MessageDisplayPanel consolidation for mail and campaign previews
Closed
#228 Centralize policy table and policy section components in core WebUI
Closed
#68 [Feature] Keep generated WebUI/test artifacts ignored
Closed
#4 [Bug] UI lists often start at index 2, why?
Closed
#222 [Feature] Platform-wide conditional GET and delta API foundation
Closed
#226 [Task] Remediate Python dependency vulnerabilities from 2026-07-09 audit
Closed
#109 [Feature] Add manifest schema tests
Closed
#106 [Feature] Add module permutation backend startup tests
Closed
#67 [Feature] Keep module-matrix tests for core-only, files-only, mail-only, campaign-only, campaign+files, campaign+mail, full product
Closed
#71 [Feature] Add contract tests for manifests, route aggregation, migration registration, and capability discovery
Closed
#116 [Task] Module-matrix CI
Closed
#9 [Task] Run and record Python dependency vulnerability audit such as pip-audit
Closed
#8 [Task] Run and record frontend npm audit --omit=dev
Closed
#7 [Feature] Add dependency vulnerability audit tooling in CI or documented local workflow
Closed
#185 [Task] Which future module comes first after platform cleanup: cases, workflow, or connectors?
Closed
#110 [Feature] Add compatibility import tests until old paths are removed
Closed
#76 [Feature] Keep compatibility imports under govoplan_core.access.* temporarily with deprecation warnings
Closed
#72 [Feature] Add a documented deprecation policy for kernel API changes
Closed
#64 [Feature] Document current module contract as the compatibility baseline
Closed
#65 [Feature] Define which APIs are stable kernel contracts and which are temporary compatibility paths
Closed
#117 [Task] Compatibility/deprecation plan
Closed
#111 [Task] Kernel contract freeze
Closed
#183 [Task] Should admin be one platform module or split across access/tenancy/policy/audit?
Closed
#182 [Task] Should tenants be extracted before policy, or after access but before policy?
Closed
#181 [Task] Is access required for any useful product startup, or should kernel-only expose only health/shell/config pages?
Closed
#180 [Task] Should govoplan-core be renamed conceptually to govoplan-kernel, while keeping package compatibility for now?
Closed
#179 [Task] Write govoplan-idm concept
Closed
#178 [Task] Write govoplan-audit concept
Closed
#177 [Task] Write govoplan-policy concept
Closed
#115 [Task] Audit extraction
Closed
#114 [Task] Policy extraction
Closed
#113 [Task] Tenancy extraction
Closed
#112 [Task] Access extraction
Closed
#215 [Docs] Public-sector integration landscape catalogue
Closed
#198 [Feature] Propose govoplan-dataflow module for pipelines, BI, and source publication
Closed
#195 [Feature] Define OpenDesk stack integration profile
Closed
#196 [Feature] Decide whether GovOPlaN needs a govoplan-projects module or only an OpenProject connector
Closed
#197 [Feature] Propose govoplan-datasources module for database, CSV, and file-backed source catalogs
Closed
#194 [Feature] Define forms module and workflow handoff
Closed
#192 [Feature] Define sources/RSS consume-publish module
Closed
#193 [Feature] Define calendar, Terminplaner, and Terminbuchung module
Closed
#186 [Task] Refine GovOPlaN public-sector module and integration roadmap
Closed
#190 [Feature] Define templates and reporting module boundary
Closed
#221 Persist user UI settings and wire Settings > Interface
Closed
#55 [Task] Decide: Which table names must remain stable for painless migrations?
Closed
#191 [Task] Build public-sector software integration catalogue
Closed
#36 [Feature] Make modules installable, activatable, deactivatable, and uninstallable via the admin interface, including migration and rollback constraints
Closed
#18 [Feature] Add a production-realistic dev profile with Postgres, Redis, Celery worker(s), persistent file/blob storage, and explicit module configuration
Closed
#57 [Task] Decide: Should audit move before policy provenance, or after access/tenancy are split?
Closed
#58 [Task] Decide: How long should core keep compatibility route paths for existing clients?
Closed
#54 [Task] Decide: Should tenant models move with access first, or should govoplan-tenancy be created before moving live models?
Closed
#53 [Task] Decide: Is govoplan-access required for any authenticated deployment, while core-only remains a diagnostics/settings shell?
Closed
#56 [Task] Decide: Should secret encryption remain a kernel primitive or become an access-owned capability?
Closed
#43 [Task] Access extraction Stage 3: Move Live Models And Migrations
Closed
#219 [Docs] Hardware sizing matrix and requirements calculator
Closed
#217 [Feature] Scalability profiles and autoscaling readiness
Closed
#108 [Feature] Add migration registration tests
Closed
#207 PostgreSQL runtime migration and backup/restore policy
Closed
#22 [Task] Run migrations and smoke checks against Postgres in the production-like dev profile, not only SQLite
Closed
#206 [Docs] Personalize user documentation by enabled modules and unavailable capabilities
Closed
#184 [Task] Which event transport is the first production target: DB outbox only, Redis/Celery, or pluggable dispatch?
Closed
#176 [Task] Write govoplan-connectors concept
Closed
#175 [Task] Write govoplan-workflow concept
Closed
#174 [Task] Write govoplan-cases concept
Closed
#28 [Task] Publish deployment/operator documentation from the verified production-like dev profile
Closed
#26 [Task] Draft installer/deployment flow: configure, migrate, create first admin/tenant, enable modules, start web/worker services, and verify health
Closed
#19 [Task] Define the install/runtime configuration contract: database URL, broker/result backend, storage backend/root or object-store credentials, secret/encryption keys, module e...
Closed
#47 [Task] Access extraction Stage 7: Remove Compatibility Debt
Closed
#46 [Task] Access extraction Stage 6: Decouple Feature Modules
Closed
#51 [Task] Move access admin WebUI pages to module route contributions
Closed
#48 [Task] Move auth/session/API-key routes behind access module manifest
Closed
#45 [Task] Access extraction Stage 5: Move Admin And WebUI Contributions
Closed
#44 [Task] Access extraction Stage 4: Move Auth Routes And Dependencies
Closed
#42 [Task] Access extraction Stage 2: Create govoplan-access
Closed
#41 [Task] Access extraction Stage 1: Contract Definitions
Closed
#17 [Task] Keep minimal dev mode supported and documented: SQLite, filesystem storage, and no Redis/Celery unless explicitly enabled
Closed
#2 [Task] Resolve release/version metadata mismatch: source project versions report 0.1.3, while module manifests still report 0.1.2; focused checks fail until these are reconc...
Closed
#213 [Docs] Government operations backbone reference model
Closed
#218 [Feature] Fully UI-managed configuration with safety controls
Closed
#208 [Feature] Configuration package import/export and signed preconfiguration catalogs
Closed
#209 [Task] Harden remote module catalog trust state and replay validation
Closed
#211 [Feature] Add license entitlement diagnostics and issuance workflow hooks
Closed
#212 [Task] Add installer daemon rollback drill and production runbook coverage
Closed
#204 [Feature] Design signed remote WebUI bundle loading for true hot frontend installs
Closed
#210 [Task] Add artifact digest, SBOM, and provenance verification to module installer
Closed
#156 [Feature] Add UI tests for blocked/disallowed lower-level policy choices
Closed
#155 [Feature] Define frontend effective-policy component contract
Closed
#154 [Feature] Define backend explain endpoint shape
Closed
#153 [Feature] Define policy source path format
Closed
#152 [Feature] Define shared PolicyDecision
Closed
#151 [Task] Inventory current mail, retention, RBAC, delegation, and governance policy logic
Closed
#140 [Task] Write a concise kernel responsibility statement in MODULE_ARCHITECTURE.md
Closed
#145 [Feature] Keep compatibility imports documented before extraction begins
Closed
#144 [Feature] Add manifest schema/version validation
Closed
#142 [Feature] Add a dependency-boundary test or lint script
Closed
#141 [Feature] Add "kernel must not own product semantics" as an architecture rule
Closed
#147 [Task] Identify which imports belong to future govoplan-access
Closed
#146 [Task] Inventory all current govoplan_core.access, auth, user, account, group, API key, role, and permission imports
Closed
#143 [Feature] Add backend startup tests for supported module permutations
Closed
#149 [Feature] Define access module manifest target
Closed
#148 [Feature] Define PrincipalResolver protocol in kernel
Closed
#157 [Feature] Define typed event envelope
Closed
#166 [Task] Inventory admin pages by owning future module
Closed
#150 [Feature] Create extraction checklist for models, migrations, routes, services, WebUI pages, and tests
Closed
#169 [Feature] Keep module-specific admin panels in owning modules
Closed
#167 [Feature] Define admin route contribution contract
Closed
#168 [Feature] Move generic admin layout into core WebUI
Closed
#173 [Feature] Keep mailbox, mail policy, mail credential inheritance, and file storage behavior covered by focused tests
Closed
#172 [Feature] Ensure mail does not require campaign
Closed
#171 [Feature] Ensure files does not require campaign
Closed
#170 [Feature] Ensure campaign uses files/mail only through capabilities/metadata/API boundaries
Closed
#163 [Feature] Define TenantResolver protocol
Closed
#161 [Task] Identify domain events from access, tenancy, policy, files, mail, campaign
Closed
#160 [Feature] Define audit module MVP boundaries
Closed
#159 [Feature] Add correlation/causation ID support
Closed
#158 [Task] Decide command bus versus event bus API shape
Closed
#203 [Feature] Add post-install activation checklist and status for Admin > Modules
Closed
#200 [Feature] Add module/core compatibility metadata and installer version preflight
Closed
#201 [Feature] Add module uninstall guard providers for data, migrations, workers, and schedulers
Closed
#202 [Feature] Add supervised installer watchdog with health-check rollback
Closed
#199 [Task] Create and publish govoplan-scheduling repository
Closed
#61 Split platform admin routes into module contributions
Closed
#1 [Task] Wire core auth compatibility through access capabilities
267 Issues created by 1 user
Opened
#1 [Task] Wire core auth compatibility through access capabilities
Opened
#2 [Task] Resolve release/version metadata mismatch: source project versions report 0.1.3, while module manifests still report 0.1.2; focused checks fail until these are reconc...
Opened
#3 [Task] Optimize governance role-template sync for large tenant counts by bulk-loading tenant validation and materialized group/role rows per template instead of querying per ten...
Opened
#4 [Bug] UI lists often start at index 2, why?
Opened
#5 [Task] Check and re-check module boundaries: mail code in campaign and files, file code in mail and campaign, and campaign code in mail and file; also, check against core so cor...
Opened
#6 [Feature] Add session/device listing and revocation UI
Opened
#7 [Feature] Add dependency vulnerability audit tooling in CI or documented local workflow
Opened
#8 [Task] Run and record frontend npm audit --omit=dev
Opened
#9 [Task] Run and record Python dependency vulnerability audit such as pip-audit
Opened
#10 [Feature] Add structured log/audit/report redaction regression tests
Opened
#11 [Task] Design encryption key rotation and backup recovery
Opened
#12 [Task] Review broader backend-at-rest encryption needs beyond mail secrets
Opened
#13 [Task] Surface governance source path more explicitly in tenant details and other admin panels
Opened
#14 [Task] Consider backend-provided exact policy source metadata for "which specific scope caused this value"
Opened
#15 [Feature] Add impact analysis before delete, disable, unshare, policy changes, and cascading changes
Opened
#16 [Task] Define inheritance/delegation constraints explicitly: may use, must use, may override, may not override, may merge, may delegate
Opened
#17 [Task] Keep minimal dev mode supported and documented: SQLite, filesystem storage, and no Redis/Celery unless explicitly enabled
Opened
#18 [Feature] Add a production-realistic dev profile with Postgres, Redis, Celery worker(s), persistent file/blob storage, and explicit module configuration
Opened
#19 [Task] Define the install/runtime configuration contract: database URL, broker/result backend, storage backend/root or object-store credentials, secret/encryption keys, module e...
Opened
#20 [Feature] Add .env.example, generated config templates, or a config bootstrap command so new installs are configured intentionally instead of only cloned
Opened
#21 [Feature] Add configuration validation that fails early with actionable messages when required production-like settings are missing
Opened
#22 [Task] Run migrations and smoke checks against Postgres in the production-like dev profile, not only SQLite
Opened
#23 [Feature] Add storage persistence checks for managed files, generated EML/report artifacts, audit-relevant blobs, and backup/restore boundaries
Opened
#24 [Feature] Add queue/worker checks covering task publishing, worker startup, retry behavior, stale worker detection, and graceful shutdown
Opened
#25 [Feature] Add scripts/docs for starting, stopping, resetting, and seeding the production-like dev stack without replacing the minimal dev workflow
Opened
#26 [Task] Draft installer/deployment flow: configure, migrate, create first admin/tenant, enable modules, start web/worker services, and verify health
Opened
#27 [Feature] Add UI/admin visibility for worker enabled/running/stale queue states
Opened
#28 [Task] Publish deployment/operator documentation from the verified production-like dev profile
Opened
#29 [Feature] Add backup/restore procedure and restore drill
Opened
#30 [Feature] Add monitoring dashboard for queue depth, worker health, storage use, failed/unknown jobs, backup status, and system health
Opened
#31 [Feature] Extend dashboard with deeper operational metrics once queue, worker, storage, backup, and system-health metrics are stable
Opened
#32 [Task] LDAP/OIDC/SAML provisioning; OIDC likely first
Opened
#33 [Task] Catch error mail address
Opened
#34 [Task] Server update from WebUI only after CLI backup/restore is proven
Opened
#35 [Task] WebUI-driven update/rollback with backup and rollback guardrails
Opened
#36 [Feature] Make modules installable, activatable, deactivatable, and uninstallable via the admin interface, including migration and rollback constraints
Opened
#37 [Feature] Allow module configuration so behavior can be controlled through settings
Opened
#38 [Debt] Revisit the fragile DataGrid fill-column/buffer resize issue later with focused tests
Opened
#39 [Debt] Define and implement a DataGrid column sizing contract with min width, preferred percentage/fraction width, max width, and initial layout that respects min/max without de...
Opened
#40 [Debt] Remove legacy compatibility code only after migration/export compatibility requirements are explicit
Opened
#41 [Task] Access extraction Stage 1: Contract Definitions
Opened
#42 [Task] Access extraction Stage 2: Create govoplan-access
Opened
#43 [Task] Access extraction Stage 3: Move Live Models And Migrations
Opened
#44 [Task] Access extraction Stage 4: Move Auth Routes And Dependencies
Opened
#45 [Task] Access extraction Stage 5: Move Admin And WebUI Contributions
Opened
#46 [Task] Access extraction Stage 6: Decouple Feature Modules
Opened
#47 [Task] Access extraction Stage 7: Remove Compatibility Debt
Opened
#48 [Task] Move auth/session/API-key routes behind access module manifest
Opened
#49 [Task] Replace feature-module direct user/group/tenant model imports
Opened
#50 [Task] Replace direct cross-module SQL lookups with provider/event contracts
Opened
#51 [Task] Move access admin WebUI pages to module route contributions
Opened
#52 [Task] Remove transitional boundary checker allowlist entries as each contract lands
Opened
#53 [Task] Decide: Is govoplan-access required for any authenticated deployment, while core-only remains a diagnostics/settings shell?
Opened
#54 [Task] Decide: Should tenant models move with access first, or should govoplan-tenancy be created before moving live models?
Opened
#55 [Task] Decide: Which table names must remain stable for painless migrations?
Opened
#56 [Task] Decide: Should secret encryption remain a kernel primitive or become an access-owned capability?
Opened
#57 [Task] Decide: Should audit move before policy provenance, or after access/tenancy are split?
Opened
#58 [Task] Decide: How long should core keep compatibility route paths for existing clients?
Opened
#59 [Feature] Add full DSAR search/export/delete workflow while respecting immutable evidence obligations
Opened
#60 [Task] Decide early self-hosted installer packaging approach: Compose-first script, CLI wizard, generated .env plus runbook, or a staged combination
Opened
#61 Split platform admin routes into module contributions
Opened
#62 [Task] Move legacy admin handler, service, and model ownership out of the access compatibility implementation into access, tenancy, policy, audit, and core settings modules
Opened
#63 Move platform admin services and models into owning modules
Opened
#64 [Feature] Document current module contract as the compatibility baseline
Opened
#65 [Feature] Define which APIs are stable kernel contracts and which are temporary compatibility paths
Opened
#66 [Feature] Add dependency-boundary checks that forbid direct optional module imports
Opened
#67 [Feature] Keep module-matrix tests for core-only, files-only, mail-only, campaign-only, campaign+files, campaign+mail, full product
Opened
#68 [Feature] Keep generated WebUI/test artifacts ignored
Opened
#69 [Task] Mark DataGrid work as explicitly deferred
Opened
#70 [Feature] Move or clearly mark these as kernel-stable contracts:
Opened
#71 [Feature] Add contract tests for manifests, route aggregation, migration registration, and capability discovery
Opened
#72 [Feature] Add a documented deprecation policy for kernel API changes
Opened
#73 [Feature] Add OpenAPI/route collision validation
Opened
#74 [Feature] Add manifest schema/versioning
Opened
#75 [Feature] Move accounts, authentication, sessions, API keys, groups, memberships, roles, role assignments, and principal resolution into access
Opened
#76 [Feature] Keep compatibility imports under govoplan_core.access.* temporarily with deprecation warnings
Opened
#77 [Feature] Move access permissions and default role templates into the access manifest
Opened
#78 [Feature] Move access migrations into the access module migration registration
Opened
#79 [Feature] Move login/session/admin access UI into access/admin module contributions
Opened
#80 [Feature] Define PrincipalResolver and related protocols in the kernel
Opened
#81 [Feature] Ensure core-only startup still works enough to show shell/health, but access is required for authenticated product use
Opened
#82 [Feature] Move tenant registry, tenant settings, tenant lifecycle, tenant switching, and tenant deletion orchestration into tenancy
Opened
#83 [Feature] Keep memberships and role assignments in access
Opened
#84 [Feature] Define TenantResolver and tenant-context protocols in the kernel
Opened
#85 [Feature] Define tenant lifecycle events: created, suspended, resumed, deletion requested, erasure completed
Opened
#86 [Feature] Add delete-veto orchestration through module providers
Opened
#87 [Feature] Add tenant lifecycle tests with files/mail/campaign installed and absent
Opened
#88 [Feature] Move hierarchical policy evaluation into policy
Opened
#89 [Feature] Move delegation ceilings and "more restrictive only" validation into policy
Opened
#90 [Feature] Add explain endpoints and UI component contract for policy source paths
Opened
#91 [Feature] Add policy simulation before destructive/limiting changes
Opened
#92 [Feature] Move mail/retention effective policy display onto shared policy components
Opened
#93 [Feature] Add regression tests for non-viable lower-level options being hidden or disabled
Opened
#94 [Feature] Define typed PlatformEvent envelope with actor, tenant, subject, resource, correlation, causation, classification, and payload
Opened
#95 [Task] Separate command bus from event bus
Opened
#96 [Task] Introduce outbox table and dispatcher for production-safe event delivery
Opened
#97 [Feature] Move audit log storage/query/export into audit module
Opened
#98 [Feature] Add event producers for access, tenancy, policy, files, mail, and campaign actions
Opened
#99 [Feature] Add evidence bundle export as a later audit capability
Opened
#100 [Feature] Define admin route/nav contribution contract
Opened
#101 [Feature] Move access admin pages to access module
Opened
#102 [Feature] Move tenant admin pages to tenancy module
Opened
#103 [Feature] Move policy admin pages to policy module
Opened
#104 [Feature] Move audit admin pages to audit module
Opened
#105 [Feature] Keep only shell-level admin layout and module aggregation in kernel/core WebUI
Opened
#106 [Feature] Add module permutation backend startup tests
Opened
#107 [Feature] Add WebUI module permutation builds
Opened
#108 [Feature] Add migration registration tests
Opened
#109 [Feature] Add manifest schema tests
Opened
#110 [Feature] Add compatibility import tests until old paths are removed
Opened
#111 [Task] Kernel contract freeze
Opened
#112 [Task] Access extraction
Opened
#113 [Task] Tenancy extraction
Opened
#114 [Task] Policy extraction
Opened
#115 [Task] Audit extraction
Opened
#116 [Task] Module-matrix CI
Opened
#117 [Task] Compatibility/deprecation plan
Opened
#118 [Feature] Create govoplan-cases concept and MVP
Opened
#119 [Feature] Create govoplan-tasks concept and MVP
Opened
#120 [Feature] Extract/generalize reusable workflow/review patterns into govoplan-workflow
Opened
#121 [Feature] Add govoplan-forms
Opened
#122 [Feature] Add govoplan-templates
Opened
#123 [Feature] Add govoplan-recipients / govoplan-address-book
Opened
#124 [Task] Link existing files/mail/campaign to cases
Opened
#125 [Feature] Build govoplan-connectors registry and connector runtime
Opened
#126 [Feature] Add FIT-Connect connector
Opened
#127 [Feature] Add XÖV validation/mapping module
Opened
#128 [Feature] Add DMS/eAkte connector
Opened
#129 [Feature] Add ERP/finance connector
Opened
#130 [Feature] Add XRechnung workflow
Opened
#131 [Feature] Add IDM/LDAP/OIDC/SAML/SCIM provisioning
Opened
#132 [Task] Cross-module reporting
Opened
#133 [Task] Permission-aware search
Opened
#134 [Task] Data catalogue
Opened
#135 [Task] Compliance workspace
Opened
#136 [Task] Evidence bundle verifier
Opened
#137 [Task] Policy impact analysis
Opened
#138 [Task] Destructive tenant erasure orchestration
Opened
#139 [Task] Operations governance dashboard
Opened
#140 [Task] Write a concise kernel responsibility statement in MODULE_ARCHITECTURE.md
Opened
#141 [Feature] Add "kernel must not own product semantics" as an architecture rule
Opened
#142 [Feature] Add a dependency-boundary test or lint script
Opened
#143 [Feature] Add backend startup tests for supported module permutations
Opened
#144 [Feature] Add manifest schema/version validation
Opened
#145 [Feature] Keep compatibility imports documented before extraction begins
Opened
#146 [Task] Inventory all current govoplan_core.access, auth, user, account, group, API key, role, and permission imports
Opened
#147 [Task] Identify which imports belong to future govoplan-access
Opened
#148 [Feature] Define PrincipalResolver protocol in kernel
Opened
#149 [Feature] Define access module manifest target
Opened
#150 [Feature] Create extraction checklist for models, migrations, routes, services, WebUI pages, and tests
Opened
#151 [Task] Inventory current mail, retention, RBAC, delegation, and governance policy logic
Opened
#152 [Feature] Define shared PolicyDecision
Opened
#153 [Feature] Define policy source path format
Opened
#154 [Feature] Define backend explain endpoint shape
Opened
#155 [Feature] Define frontend effective-policy component contract
Opened
#156 [Feature] Add UI tests for blocked/disallowed lower-level policy choices
Opened
#157 [Feature] Define typed event envelope
Opened
#158 [Task] Decide command bus versus event bus API shape
Opened
#159 [Feature] Add correlation/causation ID support
Opened
#160 [Feature] Define audit module MVP boundaries
Opened
#161 [Task] Identify domain events from access, tenancy, policy, files, mail, campaign
Opened
#162 [Task] Inventory tenant model and tenant setting usage
Opened
#163 [Feature] Define TenantResolver protocol
Opened
#164 [Task] Separate tenant lifecycle from membership/roles
Opened
#165 [Feature] Define tenant deletion and module cleanup/veto contract
Opened
#166 [Task] Inventory admin pages by owning future module
Opened
#167 [Feature] Define admin route contribution contract
Opened
#168 [Feature] Move generic admin layout into core WebUI
Opened
#169 [Feature] Keep module-specific admin panels in owning modules
Opened
#170 [Feature] Ensure campaign uses files/mail only through capabilities/metadata/API boundaries
Opened
#171 [Feature] Ensure files does not require campaign
Opened
#172 [Feature] Ensure mail does not require campaign
Opened
#173 [Feature] Keep mailbox, mail policy, mail credential inheritance, and file storage behavior covered by focused tests
Opened
#174 [Task] Write govoplan-cases concept
Opened
#175 [Task] Write govoplan-workflow concept
Opened
#176 [Task] Write govoplan-connectors concept
Opened
#177 [Task] Write govoplan-policy concept
Opened
#178 [Task] Write govoplan-audit concept
Opened
#179 [Task] Write govoplan-idm concept
Opened
#180 [Task] Should govoplan-core be renamed conceptually to govoplan-kernel, while keeping package compatibility for now?
Opened
#181 [Task] Is access required for any useful product startup, or should kernel-only expose only health/shell/config pages?
Opened
#182 [Task] Should tenants be extracted before policy, or after access but before policy?
Opened
#183 [Task] Should admin be one platform module or split across access/tenancy/policy/audit?
Opened
#184 [Task] Which event transport is the first production target: DB outbox only, Redis/Celery, or pluggable dispatch?
Opened
#185 [Task] Which future module comes first after platform cleanup: cases, workflow, or connectors?
Opened
#186 [Task] Refine GovOPlaN public-sector module and integration roadmap
Opened
#187 [Feature] Define project management module and OpenProject API integration
Opened
#188 [Feature] Define govoplan-datasources module
Opened
#189 [Feature] Define govoplan-dataflow module
Opened
#190 [Feature] Define templates and reporting module boundary
Opened
#191 [Task] Build public-sector software integration catalogue
Opened
#192 [Feature] Define sources/RSS consume-publish module
Opened
#193 [Feature] Define calendar, Terminplaner, and Terminbuchung module
Opened
#194 [Feature] Define forms module and workflow handoff
Opened
#195 [Feature] Define OpenDesk stack integration profile
Opened
#196 [Feature] Decide whether GovOPlaN needs a govoplan-projects module or only an OpenProject connector
Opened
#197 [Feature] Propose govoplan-datasources module for database, CSV, and file-backed source catalogs
Opened
#198 [Feature] Propose govoplan-dataflow module for pipelines, BI, and source publication
Opened
#199 [Task] Create and publish govoplan-scheduling repository
Opened
#200 [Feature] Add module/core compatibility metadata and installer version preflight
Opened
#201 [Feature] Add module uninstall guard providers for data, migrations, workers, and schedulers
Opened
#202 [Feature] Add supervised installer watchdog with health-check rollback
Opened
#203 [Feature] Add post-install activation checklist and status for Admin > Modules
Opened
#204 [Feature] Design signed remote WebUI bundle loading for true hot frontend installs
Opened
#205 [Feature] Coordinate bulk individualized invitation send across campaign, mail, and calendar
Opened
#206 [Docs] Personalize user documentation by enabled modules and unavailable capabilities
Opened
#207 PostgreSQL runtime migration and backup/restore policy
Opened
#208 [Feature] Configuration package import/export and signed preconfiguration catalogs
Opened
#209 [Task] Harden remote module catalog trust state and replay validation
Opened
#210 [Task] Add artifact digest, SBOM, and provenance verification to module installer
Opened
#211 [Feature] Add license entitlement diagnostics and issuance workflow hooks
Opened
#212 [Task] Add installer daemon rollback drill and production runbook coverage
Opened
#213 [Docs] Government operations backbone reference model
Opened
#214 [Feature] Configuration package for permit-to-payment workflows
Opened
#215 [Docs] Public-sector integration landscape catalogue
Opened
#216 [Feature] Recurring datasource and data-transformation workflows
Opened
#217 [Feature] Scalability profiles and autoscaling readiness
Opened
#218 [Feature] Fully UI-managed configuration with safety controls
Opened
#219 [Docs] Hardware sizing matrix and requirements calculator
Opened
#220 [Feature] Collaboration suite integration strategy
Opened
#221 Persist user UI settings and wire Settings > Interface
Opened
#222 [Feature] Platform-wide conditional GET and delta API foundation
Opened
#223 [Task] Define release migration squashing and baseline workflow
Opened
#224 [Feature] Platform theming system and visual appearance controls
Opened
#225 Guided layered UI/UX overhaul for admin and configuration surfaces
Opened
#226 [Task] Remediate Python dependency vulnerabilities from 2026-07-09 audit
Opened
#227 Codify interface ethics as a product-wide UI doctrine
Opened
#228 Centralize policy table and policy section components in core WebUI
Opened
#229 Finish MessageDisplayPanel consolidation for mail and campaign previews
Opened
#230 Unify tree and explorer navigation components across docs, mail, and files
Opened
#231 [Feature] Target-state module update planner
Opened
#232 [Security] Harden module installer shell command hooks
Opened
#233 [Security] Redact installer run-record secrets
Opened
#235 [Security] Reject wildcard CORS with credentials at runtime
Opened
#234 [Security] Stop persisting UI API keys in localStorage
Opened
#236 [Security] Broaden audit/config secret redaction key matching
Opened
#237 [Security] Harden installer shell hook execution and command trust boundary
Opened
#238 [Security] Harden release-doctor shell command execution
Opened
#239 [Security] Centralize outbound URL policy for core fetches and health checks
Opened
#240 [Security] Review dynamic SQL text findings and add safe identifier helpers
Opened
#241 [Supply-chain] Pin Gitea workflow actions to immutable revisions
Opened
#242 [Security] Review dynamic module import trust boundary
Opened
#243 [Security] Fix audit report capture and duplicate-scan noise
Opened
#244 [Security] Lock audit toolbox dependencies flagged by OSV
Opened
#245 [Debt] Refactor high-complexity core installer/configuration/runtime functions
Opened
#246 [Feature] Customize theming from palettes to full appearance controls
Opened
#247 [Feature] Notification settings and preferences surface
Opened
#248 [Feature] Emit notifications for core module installer queue lifecycle
Opened
#249 [Debt] Centralize repeated WebUI API client request helpers
Opened
#250 [Debt] Define shared platform API schema primitives across access, admin, policy, and tenancy
Opened
#251 [Debt] Provide shared module runtime proxy helper for modules
Opened
#252 [Debt] Define shared SQLAlchemy change-tracking helpers for modules
Opened
#253 [Security audit] Centralize safe HTTP(S) fetch and URL validation in core
Opened
#254 [Security audit] Harden module installer subprocess command provenance
Opened
#255 [Security audit] Replace silent core exception handling with narrow logging
Opened
#256 [Security audit] Document safe SQLAlchemy text usage in migration helpers
Opened
#257 [Audit] Refactor core installer, catalog, and runtime validation complexity hotspots
Opened
#260 [Debt] Add safe auth principal caching with explicit invalidation
Opened
#261 [Task] Add pagination and windowing for large address and calendar views
Opened
#262 [Debt] Optimize dev-server reload behavior with many enabled modules
Opened
#259 [Debt] Add DB query timing and batch auth principal resolution
Opened
#258 [Task] Split auth session check from full user bootstrap
Opened
#263 [Bug] DataGrid filters must apply to the full result set, not only the current page
Opened
#264 [Feature] Aggregated statistics should drill down to their underlying data where useful
Opened
#265 [Feature] General configuration export and import
Opened
#266 [Feature] Configurable side rail ordering by system, tenant, and user preference
Opened
#267 Password fields: add generator action and overlay