kickAccounts RPC; resetting the login token is the real kick, not device-clear/disconnect), ucenter↔chat rollback compensation, idempotent rebind, PayBy two-way callback signing, plus auth hardening (failure lockout, XFF-resistant IP resolver, anti-enumeration, unified rate-limit, 6-char email OTP) → continue| Owner | Work item | Owner / status Δ | Activity (💬 daily report) | 🚩 Action |
|---|---|---|---|---|
| WenlinYuan ·1 |
📋 COR-329 Enable Change Phone Number — Backend换手机号后端 | — no Δ (In Development) | 💬 Daily 90% (was 70%): kick-flow — new im-user kickAccounts RPC fully kicks the orphan account on the new number; corebeta1 showed disconnect alone doesn't kick (client auto-reconnects in ~1.2s), so the real fix is resetting the login token first. Added ucenter↔chat rollback compensation, idempotent (overwrite-wins) rebind, PayBy two-way response signing, and auth hardening: FailureLockout, XFF-resistant ClientIpResolver, anti-enumeration, unified rate-limit (HTTP 200 + RATE_LIMITED), SMS/email-bomb curb, 6-char alphanumeric email OTP |
🟢 continue (scope now spans Sprints 20–22) |
| Pengxiang.Xie ·1 |
📋 COR-353 India Dedicated Line — 5th 10GB (dev & internal testing)印度专线第 5 条 10GB(备用线,开发+内测) | — no Δ (In Development) | 💬 15% (06-17): handed machine list to ops; blocked — waiting on Yigang to bind the dedicated-line IPs before SpeedyAgent node deploy. 06-18: description reframed to standby/backup line (not baseline traffic) | 🟡 chase ops IP binding |
WenlinYuan:
COR-368 Website & Client Automation Development (→ Lucy Argo platform) ·
COR-370 Fix PN tracking dashboard bugs [research] — both To Do in Sprint 22, descriptions cleaned up 06-18.
Carried from earlier: COR-369 trace_id uniqueness & COR-371 OTP-cost vs user-value (To Do); 22 Platform-Terms web bugs in review; COR-281 MoEngage push On Hold.