P1 follow-ups: track 4 audit items deferred from PR #1

This issue tracks the 4 P1 follow-ups deferred from the 2026-04-26 P0 security audit (PR #1 was merged on 2026-04-28).

Full plan: [docs/superpowers/plans/2026-04-26-p1-followups.md](https://github.com/abk1969/ai_act_assistant/blob/main/docs/superpowers/plans/2026-04-26-p1-followups.md) _(not yet committed to main — stub body used)_

## Tasks
- [ ] **Task 0** — v1→v2 ciphertext re-encryption migration (unblocks `ENCRYPTION_KEY` rotation)
- [ ] **Task 1** — Replace EUR-Lex mock with real Puppeteer scraping + Redis cache (closes audit finding #5)
- [ ] **Task 2** — Zod validation of LLM JSON outputs in agents (closes #6)
- [ ] **Task 3** — `db.transaction()` on multi-table writes in `storage.ts` (closes #7)
- [ ] **Task 4** — Delete `decryptV1Legacy` after 7-day prod soak

Order: 0 → 1 → 2 → 3 → 4. Task 0 first because it unblocks `ENCRYPTION_KEY` rotation.

_Automated 14-day kickoff after PR #1 merge._

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

P1 follow-ups: track 4 audit items deferred from PR #1 #68

Tasks

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

P1 follow-ups: track 4 audit items deferred from PR #1 #68

Description

Tasks

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions