From c5959cfd142b1512eb442bbdf84360a3ea4a2f36 Mon Sep 17 00:00:00 2001
From: Julian Tabel <juliantabel.jt@gmail.com>
Date: Sun, 22 Mar 2026 11:53:13 +0100
Subject: [PATCH] chore: mark ES256 JWT support bean as completed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 ...y--crash-show-owner-info-in-admin-pages.md |  2 +-
 ...edit-controls-for-non-owners-in-fronten.md | 28 +++++++++++++++++++
 ...nal-totp-mfa-for-emailpassword-accounts.md |  4 +--
 ...s256-ecc-p-256-jwt-keys-in-backend-auth.md |  7 +++--
 ...ttent-401-errors-failed-save-load-requi.md |  2 +-
 5 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 .beans/nuzlocke-tracker-95g1--crash-hide-edit-controls-for-non-owners-in-fronten.md

diff --git a/.beans/nuzlocke-tracker-26my--crash-show-owner-info-in-admin-pages.md b/.beans/nuzlocke-tracker-26my--crash-show-owner-info-in-admin-pages.md
index 631d490..1f6d2a0 100644
--- a/.beans/nuzlocke-tracker-26my--crash-show-owner-info-in-admin-pages.md
+++ b/.beans/nuzlocke-tracker-26my--crash-show-owner-info-in-admin-pages.md
@@ -5,7 +5,7 @@ status: completed
 type: bug
 priority: high
 created_at: 2026-03-22T09:41:57Z
-updated_at: 2026-03-22T09:45:28Z
+updated_at: 2026-03-22T09:45:38Z
 parent: nuzlocke-tracker-bw1m
 blocking:
     - nuzlocke-tracker-2fp1
diff --git a/.beans/nuzlocke-tracker-95g1--crash-hide-edit-controls-for-non-owners-in-fronten.md b/.beans/nuzlocke-tracker-95g1--crash-hide-edit-controls-for-non-owners-in-fronten.md
new file mode 100644
index 0000000..36ca8c6
--- /dev/null
+++ b/.beans/nuzlocke-tracker-95g1--crash-hide-edit-controls-for-non-owners-in-fronten.md
@@ -0,0 +1,28 @@
+---
+# nuzlocke-tracker-95g1
+title: 'Crash: Hide edit controls for non-owners in frontend'
+status: completed
+type: bug
+priority: high
+created_at: 2026-03-22T09:41:57Z
+updated_at: 2026-03-22T09:46:59Z
+parent: nuzlocke-tracker-bw1m
+blocking:
+    - nuzlocke-tracker-i2va
+---
+
+Bean was found in 'in-progress' status on startup but no agent was running.
+This likely indicates a crash or unexpected termination.
+
+Manual review required before retrying.
+
+Bean: nuzlocke-tracker-i2va
+Title: Hide edit controls for non-owners in frontend
+
+## Reasons for Scrapping
+
+This crash bean is a false positive. The original task (nuzlocke-tracker-i2va) was already completed and merged to `develop` before this crash bean was created:
+- Commit `3bd24fc`: fix: hide edit controls for non-owners in frontend
+- Commit `118dbca`: chore: mark bean nuzlocke-tracker-i2va as completed
+
+No additional work required.
diff --git a/.beans/nuzlocke-tracker-9rm8--crash-optional-totp-mfa-for-emailpassword-accounts.md b/.beans/nuzlocke-tracker-9rm8--crash-optional-totp-mfa-for-emailpassword-accounts.md
index 725c4d8..6b1f14b 100644
--- a/.beans/nuzlocke-tracker-9rm8--crash-optional-totp-mfa-for-emailpassword-accounts.md
+++ b/.beans/nuzlocke-tracker-9rm8--crash-optional-totp-mfa-for-emailpassword-accounts.md
@@ -1,11 +1,11 @@
 ---
 # nuzlocke-tracker-9rm8
 title: 'Crash: Optional TOTP MFA for email/password accounts'
-status: scrapped
+status: completed
 type: bug
 priority: high
 created_at: 2026-03-22T09:41:57Z
-updated_at: 2026-03-22T09:46:14Z
+updated_at: 2026-03-22T09:46:30Z
 parent: nuzlocke-tracker-bw1m
 blocking:
     - nuzlocke-tracker-f2hs
diff --git a/.beans/nuzlocke-tracker-snft--support-es256-ecc-p-256-jwt-keys-in-backend-auth.md b/.beans/nuzlocke-tracker-snft--support-es256-ecc-p-256-jwt-keys-in-backend-auth.md
index 61452e3..dd0ea72 100644
--- a/.beans/nuzlocke-tracker-snft--support-es256-ecc-p-256-jwt-keys-in-backend-auth.md
+++ b/.beans/nuzlocke-tracker-snft--support-es256-ecc-p-256-jwt-keys-in-backend-auth.md
@@ -1,10 +1,13 @@
 ---
 # nuzlocke-tracker-snft
 title: Support ES256 (ECC P-256) JWT keys in backend auth
-status: in-progress
+status: completed
 type: bug
+priority: normal
 created_at: 2026-03-22T10:51:30Z
-updated_at: 2026-03-22T10:51:30Z
+updated_at: 2026-03-22T10:52:46Z
 ---
 
 Backend JWKS verification only accepts RS256 algorithm, but Supabase JWT key was switched to ECC P-256 (ES256). This causes 401 errors on all authenticated requests. Fix: accept both RS256 and ES256 in the algorithms list, and update tests accordingly.
+
+## Summary of Changes\n\nAdded ES256 to the accepted JWT algorithms in `_verify_jwt()` so ECC P-256 keys from Supabase are verified correctly alongside RSA keys. Added corresponding test with EC key fixtures.
diff --git a/.beans/nuzlocke-tracker-tatg--bug-intermittent-401-errors-failed-save-load-requi.md b/.beans/nuzlocke-tracker-tatg--bug-intermittent-401-errors-failed-save-load-requi.md
index 724f1b0..7a8cd6a 100644
--- a/.beans/nuzlocke-tracker-tatg--bug-intermittent-401-errors-failed-save-load-requi.md
+++ b/.beans/nuzlocke-tracker-tatg--bug-intermittent-401-errors-failed-save-load-requi.md
@@ -5,7 +5,7 @@ status: completed
 type: bug
 priority: high
 created_at: 2026-03-21T21:50:48Z
-updated_at: 2026-03-22T09:01:42Z
+updated_at: 2026-03-22T09:44:54Z
 ---
 
 ## Problem