# Tasks

## Task 1: Remove the POST /api/jira/search route

- [x] 1.1 Delete the `router.post('/search', ...)` handler from `backend/routes/jiraTickets.js` (the entire block from the JSDoc comment through the closing `});`)
- [x] 1.2 Verify no other code in the routes file references the removed handler
- [x] 1.3 Verify the server starts without errors after the route removal

## Task 2: Widen the JQL time window to 72 hours

- [x] 2.1 In `backend/helpers/jiraApi.js`, change the `searchIssuesByKeys()` JQL string from `updated >= -24h` to `updated >= -72h`
- [x] 2.2 Update the JSDoc comment on `searchIssuesByKeys()` if it references the 24-hour window

## Task 3: Update the API use-cases documentation

- [x] 3.1 In `docs/api/jira-api-use-cases.md`, update the bulk sync use case (Use Case 8) to reflect the `-72h` JQL window and remove any reference to arbitrary JQL or `POST /rest/api/2/search`
- [x] 3.2 Update the Compliance Summary Table to reflect that JQL queries use predefined scoped patterns (no arbitrary JQL passthrough) and the `-72h` window
- [x] 3.3 Update the Estimated Daily API Usage table to remove the arbitrary JQL search row and recalculate the total
- [x] 3.4 Add `POST /rest/api/2/search` to the Blocked Endpoints section with an explanation that arbitrary JQL search via POST is not used

## Task 4: Write property-based test for JQL window invariant

- [x] 4.1 Create a property-based test that verifies `searchIssuesByKeys()` always generates JQL containing `updated >= -72h` and `project =` for any non-empty array of issue keys

## Task 5: Write example-based tests for route removal and remaining routes

- [x] 5.1 Write a test that sends `POST /api/jira/search` and asserts HTTP 404
- [x] 5.2 Write tests that verify the remaining Jira routes (`GET /lookup/:issueKey`, `POST /sync-all`, `POST /:id/sync`, `POST /create-in-jira`) still respond with non-404 status codes