# Sprint 24

**Dates:** 2026-03-31 to 2026-04-11
**Team:** Platform Engineering
**Sprint Goal:** Migrate auth service to OAuth 2.1 and close remaining P1 tickets from Sprint 23.

## Completed Items

- [ENG-401] OAuth 2.1 token endpoint migration — merged Wed, staging verified, prod deploy Monday
- [ENG-412] Fix rate limiter bypass on `/api/v2/export` — merged Fri (coordinated with infra)
- [ENG-418] Add structured logging to payment webhook handler — merged last day of sprint

## Deferred

- [ENG-420] Deprecate legacy session cookie fallback → Sprint 25 (needs mobile client migration plan)

## Carry-over

- [ENG-389] Retry logic for idempotent POST requests — blocked on API gateway config (3rd sprint)

## Velocity

- Planned: 34 pts
- Completed: 29 pts
- Carry-over: 5 pts (ENG-389)

## Retro Summary

**What went well:**
- OAuth 2.1 migration landed mid-sprint; staging integration tests all green
- PR review turnaround improved significantly (avg 4h vs 8h in Sprint 23)

**What to improve:**
- Friday deployment window too narrow — discuss moving to Tuesday
- ENG-389 blocked for 3 sprints running — needs escalation

**Actions:**
_To be filled after retro._

## Links

- [[Standup Notes]]
- [[Retro Action Items]]
- [[Sprint 23]]