marcel
0 Followers · 0 Following
  • Joined on 2026-03-17
Repositories
3
 Projects Packages Public Activity Starred Repositories
marcel commented on pull request marcel/mealprep#34 2026-04-02 19:24:59 +02:00
feat(onboarding): A2 — Household setup page

🔒 Sable — Security Engineer

Verdict: Approved

Clean implementation for an authenticated onboarding screen. No significant vulnerabilities. Notes below.

Observations

**Auth…

marcel commented on pull request marcel/mealprep#34 2026-04-02 19:24:35 +02:00
feat(onboarding): A2 — Household setup page

🎨 Atlas — UI/UX Designer

Verdict: ⚠️ Approved with concerns

Layout structure and token usage are mostly right. Two things need fixing before this ships visually.

Blockers

**1…

marcel commented on pull request marcel/mealprep#34 2026-04-02 19:24:13 +02:00
feat(onboarding): A2 — Household setup page

🧑‍💻 Kai — Frontend Engineer

Verdict: ⚠️ Approved with concerns

Good TDD discipline, clean Svelte 5 runes usage throughout. A few things I want addressed before merge.

###…

marcel created pull request marcel/mealprep#34 2026-04-02 19:22:31 +02:00
feat(onboarding): A2 — Household setup page
marcel pushed to feat/issue-19-household-setup at marcel/mealprep 2026-04-02 19:22:19 +02:00
6de7f5a9b5 feat(onboarding): add A2 household setup page with responsive progress sidebar layout
e85a7ca313 feat(onboarding): add household setup page server action and load guard
175bfbe7dd feat(onboarding): add HouseholdSetupForm component with disabled-until-valid continue button
b9ef06fd73 feat(onboarding): add ProgressSidebar component with 3-step active/completed/future states
Compare 4 commits »
marcel created branch feat/issue-19-household-setup in marcel/mealprep 2026-04-02 19:22:18 +02:00
marcel commented on issue marcel/mealprep#19 2026-04-02 19:20:27 +02:00
Frontend: A2 — Household setup + invite

Implementation complete — branch feat/issue-19-household-setup

What was built

All 4 plan items delivered with red/green/refactor TDD. 183 tests pass, 0 type errors.

###…

marcel commented on issue marcel/mealprep#20 2026-04-02 19:03:37 +02:00
Frontend: A3/D3 — Pantry staples component (onboarding + settings)

🎨 Atlas — UI/UX Designer

Questions & Observations

  • Border-radius 20px is off-system: The design system goes --radius-xl (16px) → --radius-full (9999px). 20px sits between them…
marcel commented on issue marcel/mealprep#20 2026-04-02 19:03:24 +02:00
Frontend: A3/D3 — Pantry staples component (onboarding + settings)

🔒 Sable — Security Engineer

Questions & Observations

  • IDOR risk on the toggle endpoint: The debounced PATCH /ingredients/{id} must verify that `ingredient.householdId ==…
marcel commented on issue marcel/mealprep#20 2026-04-02 19:03:12 +02:00
Frontend: A3/D3 — Pantry staples component (onboarding + settings)

🧪 QA Engineer — Test Coverage Review

Questions & Observations

  • Missing error state in acceptance criteria: The ACs cover happy paths well (toggle, default selection, debounce,…
marcel commented on issue marcel/mealprep#20 2026-04-02 19:02:58 +02:00
Frontend: A3/D3 — Pantry staples component (onboarding + settings)

🏗️ Backend Engineer — Spring Boot / PostgreSQL

Questions & Observations

  • Household vs. global is_staple: The spec says staples are excluded from generated shopping lists, which…
marcel commented on issue marcel/mealprep#20 2026-04-02 19:02:47 +02:00
Frontend: A3/D3 — Pantry staples component (onboarding + settings)

👨‍💻 Kai — Frontend Engineer

Questions & Observations

  • Context switching via prop: The component must know whether it's in onboarding (2-col) or settings (3-col) context. I'd…
marcel deleted branch feat/issue-16-design-system from marcel/mealprep 2026-04-02 19:00:22 +02:00
marcel pushed to master at marcel/mealprep 2026-04-02 19:00:21 +02:00
09333ccc0a test(auth): verify security context is stored in session after login and signup
93ce1eaeac refactor(auth): add comments, clearContext on logout, explain session auth
61249af086 feat(auth): add secure flag to JSESSIONID cookie and test JSESSIONID cookie setting
16f0feb8d5 fix(auth): fix mock responses in tests and block open redirect in login
0aa65214fc fix(auth): resolve broken signup/login flow end-to-end
Compare 25 commits »
marcel merged pull request marcel/mealprep#33 2026-04-02 19:00:20 +02:00
Frontend: design system, navigation, auth guard, signup screen
marcel closed issue marcel/mealprep#18 2026-04-02 19:00:20 +02:00
Frontend: A1 — Sign up screen
marcel commented on pull request marcel/mealprep#33 2026-04-02 18:56:28 +02:00
Frontend: design system, navigation, auth guard, signup screen

All reviewer concerns addressed

Here's a summary of every open concern resolved in this round, with the relevant commits:

Sable — Security Engineer

**BLOCKER: Open redirect in…

marcel pushed to feat/issue-16-design-system at marcel/mealprep 2026-04-02 18:56:08 +02:00
09333ccc0a test(auth): verify security context is stored in session after login and signup
93ce1eaeac refactor(auth): add comments, clearContext on logout, explain session auth
61249af086 feat(auth): add secure flag to JSESSIONID cookie and test JSESSIONID cookie setting
16f0feb8d5 fix(auth): fix mock responses in tests and block open redirect in login
Compare 4 commits »
marcel commented on pull request marcel/mealprep#33 2026-04-02 17:34:04 +02:00
Frontend: design system, navigation, auth guard, signup screen

🎨 Atlas — UI/UX Designer

Verdict: Approved

The auth changes are backend/server plumbing — no visual impact. One small layout fix in signup/+page.svelte caught my eye.

###…

marcel commented on pull request marcel/mealprep#33 2026-04-02 17:33:59 +02:00
Frontend: design system, navigation, auth guard, signup screen

🔒 Sable — Security Engineer

Verdict: 🚫 Changes requested

One blocker. The auth foundation is now correct — CSRF handling is appropriate for this architecture, session fixation…