- Move stats endpoint before {issue_id} routes to prevent UUID parsing errors - Use remove() instead of soft_delete() since Issue model lacks deleted_at column
- Add cancel_sprint and delete_sprint endpoints to sprints.py - Add unassign_issue endpoint to issues.py - Add remove_issue_from_sprint endpoint to sprints.py - Add CRUD methods: remove_sprint_from_issues, unassign, remove_from_sprint - Add validation to prevent closed issues in active/planned sprints - Add authorization tests for SSE events endpoint - Fix IDOR vulnerabilities in agents.py and projects.py - Add Syndarix models migration (0004)
Complete REST API endpoints for all Syndarix core entities: Projects (8 endpoints): - CRUD operations with owner-based access control - Lifecycle management (pause/resume) - Slug-based retrieval Agent Types (6 endpoints): - CRUD operations with superuser-only writes - Search and filtering support - Instance count tracking Agent Instances (10 endpoints): - Spawn/list/update/terminate operations - Status lifecycle with transition validation - Pause/resume functionality - Individual and project-wide metrics Issues (8 endpoints): - CRUD with comprehensive filtering - Agent/human assignment - External tracker sync trigger - Statistics aggregation Sprints (10 endpoints): - CRUD with lifecycle enforcement - Start/complete transitions - Issue management - Velocity metrics All endpoints include: - Rate limiting via slowapi - Project ownership authorization - Proper error handling with custom exceptions - Comprehensive logging Phase 1 API Layer: 100% complete Phase 1 Overall: ~88% (frontend blocked by design approvals)