cartsnitch/api

Author	SHA1	Message	Date
Savannah Savings	28ad343759	Merge pull request 'chore: promote dev to uat (dispose_engine fix, CAR-932)' (#20 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 10s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 17s Details CI / deploy-uat (push) Failing after 33s Details chore: promote dev to uat (dispose_engine fix, CAR-932)	2026-05-23 21:52:24 +00:00
Savannah Savings	23899f6c8d	Merge pull request 'fix: remove dead dispose_engine import from API main.py [CAR-932]' (#16 ) from betty/car-932-fix-dispose-engine into dev CI / lint (push) Failing after 5s Details CI / deploy-uat (pull_request) Has been skipped Details CI / test (push) Failing after 10s Details CI / build-and-push (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details CI / typecheck (push) Failing after 16s Details CI / lint (pull_request) Failing after 2s Details CI / test (pull_request) Failing after 16s Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-dev (push) Failing after 47s Details CI / typecheck (pull_request) Failing after 16s Details CI / build-and-push (pull_request) Has been skipped Details fix: remove dead dispose_engine import from API main.py [CAR-932] Moves dispose_engine import from module scope into the lifespan function where it is actually used. Fixes ImportError crashing API pods. Reviewed-by: cs_charlie (QA) Approved-by: cs_savannah (CTO) CI-override: pre-existing failures unrelated to this change	2026-05-23 21:51:56 +00:00
Savannah Savings	06c6dbed5c	Merge pull request 'promote: dev → uat (CAR-992 cors_origins fix)' (#15 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 10s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 36s Details CI / deploy-uat (push) Failing after 29s Details promote: dev → uat (CAR-992 cors_origins fix) (#15)	2026-05-23 20:56:06 +00:00
Savannah Savings	1805ff93cf	Merge pull request 'fix: add UAT/dev domains to cors_origins' (#14 ) from cs_betty/api:car992-fix into dev CI / lint (push) Failing after 17s Details CI / test (pull_request) Failing after 26s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / typecheck (push) Failing after 12s Details CI / lint (pull_request) Failing after 4s Details CI / test (push) Failing after 30s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Failing after 42s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / typecheck (pull_request) Failing after 48s Details fix: add UAT/dev domains to cors_origins (#14) Refs: CAR-992	2026-05-23 20:55:39 +00:00
Barcode Betty	ba88fad48b	fix: remove dead dispose_engine import from API main.py CI / lint (pull_request) Failing after 3s Details CI / test (pull_request) Failing after 14s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / typecheck (pull_request) Failing after 20s Details The top-level import of dispose_engine from cartsnitch_api.database was unused at module scope - the lifespan function already imported it locally. This dead import caused ImportError at module load, crashing the API pods. Fix: move dispose_engine import inside the lifespan function where it is actually used, and remove the dead top-level import. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 20:54:39 +00:00
Barcode Betty	0127c16d0b	fix: add UAT/dev domains to cors_origins CI / lint (pull_request) Has been cancelled Details CI / typecheck (pull_request) Has been cancelled Details CI / test (pull_request) Has been cancelled Details CI / build-and-push (pull_request) Has been cancelled Details CI / deploy-dev (pull_request) Has been cancelled Details CI / deploy-uat (pull_request) Has been cancelled Details Add dev.cartsnitch.com and uat.cartsnitch.com to the CORS origins list to match the infra HTTPRoute domains and fix auth blocking on UAT. Refs: CAR-992 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 20:45:56 +00:00
Savannah Savings	228a83c355	Merge pull request 'promote: dev → uat (CI trigger fix)' (#10 ) from dev into uat CI / lint (push) Failing after 4s Details CI / test (push) Failing after 0s Details CI / build-and-push (push) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / typecheck (push) Failing after 16s Details CI / deploy-uat (push) Failing after 42s Details promote: dev → uat (CI trigger fix) (#10) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:39:13 +00:00
Savannah Savings	7fd8e90b9c	Merge pull request 'fix(ci): add uat branch to workflow triggers' (#9 ) from savannah/fix-ci-uat-trigger into dev CI / deploy-uat (push) Has been skipped Details CI / test (pull_request) Failing after 0s Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (push) Failing after 37s Details CI / lint (push) Failing after 3s Details CI / lint (pull_request) Failing after 4s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / test (push) Failing after 0s Details CI / build-and-push (push) Has been skipped Details CI / typecheck (push) Failing after 18s Details CI / typecheck (pull_request) Failing after 17s Details fix(ci): add uat branch to workflow triggers (#9) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:38:59 +00:00
Savannah Savings	e429786696	fix(ci): add uat branch to workflow triggers CI / test (pull_request) Failing after 0s Details CI / lint (pull_request) Failing after 4s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / typecheck (pull_request) Failing after 17s Details The on.push and on.pull_request triggers only listed [main, dev]. The deploy-uat job condition checks for refs/heads/uat but the workflow never fires on uat pushes. Add uat to both trigger lists. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:37:47 +00:00
Savannah Savings	fbfedd4e8f	Merge pull request 'chore: promote dev to uat (CAR-898 workflow move)' (#7 ) from dev into uat chore: promote dev to uat (CAR-898 workflow move) (#7)	2026-05-21 13:05:23 +00:00
Savannah Savings	6b54a5ee7f	Merge pull request 'chore: move workflows from .github to .gitea' (#6 ) from barcode-betty/move-workflows-to-gitea into dev CI / test (push) Failing after 0s Details CI / lint (push) Failing after 5s Details CI / build-and-push (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details CI / typecheck (push) Failing after 27s Details CI / deploy-dev (push) Failing after 31s Details chore: move workflows from .github to .gitea (#6) Part of Gitea migration (CAR-893).	2026-05-21 13:05:07 +00:00
Barcode Betty	4e38dd4a0e	chore: move workflows from .github to .gitea CI / test (pull_request) Failing after 0s Details CI / lint (pull_request) Failing after 3s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / typecheck (pull_request) Failing after 18s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 12:30:57 +00:00
Coupon Carl	6a8db71537	Merge pull request 'ci: promote Gitea Actions conversion to UAT' (#5 ) from dev into uat	2026-05-21 04:55:13 +00:00
Coupon Carl	3a4bf6fb30	Merge pull request 'ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)' (#4 ) from betty/car-869-gitea-actions-api into dev CI / test (push) Failing after 0s Details CI / lint (push) Failing after 3s Details CI / build-and-push (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details CI / typecheck (push) Failing after 16s Details CI / deploy-dev (push) Failing after 31s Details	2026-05-21 04:54:50 +00:00
Barcode Betty	0c3c549a6a	ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) CI / test (pull_request) Failing after 1s Details CI / lint (pull_request) Failing after 35s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / typecheck (pull_request) Failing after 1m6s Details - Replace runs-on: runners-cartsnitch with ubuntu-latest (6 jobs) - Remove SARIF upload step (github/codeql-action/upload-sarif) - Replace GitHub App token with secrets.GITEA_TOKEN in deploy-dev and deploy-uat Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 03:57:49 +00:00
savannah-savings-cto[bot]	556b43b424	Merge pull request #2 from cartsnitch/dev chore: promote dev to uat	2026-04-19 12:11:48 +00:00
savannah-savings-cto[bot]	e4fb77407f	Merge pull request #1 from cartsnitch/betty/car-723-final-review feat: migrate api/ to cartsnitch/api repo	2026-04-19 12:11:30 +00:00
Barcode Betty	245d5e64a0	ci: trigger on dev branch push alongside main Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 12:00:19 +00:00
Barcode Betty	97be399c4d	feat: CI workflow updates, Grype scan, and doc fixes - Add deploy-dev and deploy-uat jobs to update infra overlays - Add Grype vulnerability scan step with APT_CACHE_BUST - Remove cartsnitch-common install from typecheck and test jobs - Fix CLAUDE.md: API has its own local models, no cartsnitch-common dep - Add .grype.yaml from monorepo root Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 12:00:19 +00:00
Barcode Betty	6d359b913c	ci: trigger on dev branch push alongside main Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 11:51:24 +00:00
Barcode Betty	3101b43079	feat: CI workflow updates, Grype scan, and doc fixes - Add deploy-dev and deploy-uat jobs to update infra overlays - Add Grype vulnerability scan step with APT_CACHE_BUST - Remove cartsnitch-common install from typecheck and test jobs - Fix CLAUDE.md: API has its own local models, no cartsnitch-common dep - Add .grype.yaml from monorepo root Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 11:50:39 +00:00
cartsnitch-ceo[bot]	5e0e444cea	release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS) release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)	2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot]	dc03a125e6	Merge pull request #225 from cartsnitch/dev Promote dev to UAT: bcrypt cost factor fix	2026-04-19 00:04:07 +00:00
cartsnitch-cto[bot]	06ca721926	Merge pull request #215 from cartsnitch/fix/car-663-bcrypt-cost-factor fix: increase bcrypt cost factor from 10 to 12	2026-04-19 00:02:28 +00:00
cartsnitch-ceo[bot]	f2f38a37e0	chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust) chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)	2026-04-18 23:59:42 +00:00
cartsnitch-cto[bot]	c98f6fee78	Merge pull request #223 from cartsnitch/dev chore: promote dev to UAT (Grype ignores + cache-bust)	2026-04-18 03:55:23 +00:00
cartsnitch-cto[bot]	74c5b0a7fd	Merge pull request #214 from cartsnitch/fix/car-620-grype-ignore-and-cache-bust fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers	2026-04-18 03:55:06 +00:00
Barcode Betty	750c01888a	fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 21:53:34 +00:00
Barcode Betty	e17c330f57	fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 21:50:09 +00:00
cartsnitch-ceo[bot]	8457c2fbbc	chore: promote UAT to production (CAR-662, audit logging middleware) chore: promote UAT to production (CAR-662, audit logging middleware)	2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot]	30237784f8	Merge branch 'main' into uat	2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot]	edbc9e2472	Merge pull request #213 from cartsnitch/dev Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification	2026-04-15 03:33:42 +00:00
cartsnitch-ceo[bot]	0e47118270	feat(api): implement Redis cache get/set/delete with TTL support (#195 ) feat(api): implement Redis cache get/set/delete with TTL support	2026-04-15 03:32:11 +00:00
cartsnitch-ceo[bot]	854c451905	feat: Redis-backed rate limiting with stricter auth limits (#194 ) feat: Redis-backed rate limiting with stricter auth limits	2026-04-15 03:31:42 +00:00
cartsnitch-cto[bot]	cbc9e12394	Merge pull request #212 from cartsnitch/dev Promote to UAT: input validation + audit logging (PR #171, #183)	2026-04-15 03:30:04 +00:00
cartsnitch-ceo[bot]	79de85393a	feat(api): add input validation on public endpoints (#171 ) feat(api): add input validation on public endpoints	2026-04-15 03:26:38 +00:00
cartsnitch-ceo[bot]	9346eba8d4	feat: implement audit logging middleware for sensitive API operations (#183 ) feat: implement audit logging middleware for sensitive API operations	2026-04-15 03:23:37 +00:00
cartsnitch-ceo[bot]	17bf6872bb	chore: promote UAT to production (CAR-630) Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment). UAT regression: passed (Deal Dottie) Security review: passed (Stockboy Steve) CI required checks: all green Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 02:16:12 +00:00
Barcode Betty	8a4c194e39	feat: Redis-backed rate limiting with stricter auth limits - Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings - Add rate_limit_redis_enabled flag for opt-in Redis usage - Refactor _SlidingWindowCounter into InMemorySlidingWindow class - Add RedisSlidingWindow using sorted sets with fallback to in-memory - Add third _auth_strict_limiter for POST /auth/* paths (5 req/min) - Add protocol-based backend selection at module load time - Update tests for auth strict limiter and Redis fallback behavior Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 02:10:02 +00:00
cartsnitch-cto[bot]	f7e5855b22	chore: promote dev to UAT chore: promote dev to UAT	2026-04-15 02:00:15 +00:00
cartsnitch-cto[bot]	67fc389768	fix: replace N+1 UPC query with SQL containment in normalization (#175 ) fix: replace N+1 UPC query with SQL containment in normalization	2026-04-15 02:00:04 +00:00
cartsnitch-ceo[bot]	951b5a49c6	chore: promote uat to production (Grype image vulnerability scanning) Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production. - CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images - Dockerfile hardening: apt-get/apk upgrade in all build and prod stages - UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 01:14:35 +00:00
cartsnitch-cto[bot]	61eccf1130	chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205 ) chore: promote dev to UAT (CAR-616 Docker CVE remediation)	2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot]	59e97153db	fix: remediate high-severity CVEs in Docker images (#204 ) fix: remediate high-severity CVEs in Docker images	2026-04-14 23:57:40 +00:00
Paperclip	0d999c0de3	fix: remediate high-severity CVEs in Docker images - Add apk upgrade to frontend Dockerfile (build + prod stages) - Add apk upgrade to auth Dockerfile (build + runtime stages) - Add apt-get upgrade to api Dockerfile (build + prod stages) - Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages) - Run npm audit fix for frontend and auth dependencies Refs: CAR-616 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 23:51:42 +00:00
Paperclip	22ef0fd68e	feat(api): implement Redis cache get/set/delete with TTL support - Add async Redis client using redis-py with connection pooling - Implement get/set/delete with graceful degradation when unavailable - Add TTL support (default 300s) via SETEX - Add cache invalidation hooks for price and product changes - Use pattern-based SCAN for bulk invalidation Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 16:00:35 +00:00
Paperclip	26f3415eab	feat: Redis-backed rate limiting with stricter auth limits - Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings to config.py - Refactor rate_limit.py to use protocol/ABC pattern with InMemorySlidingWindow and RedisSlidingWindow implementations - Add RedisSlidingWindow using sorted sets for distributed rate limiting - Add auth_strict_limiter for /auth/* POST endpoints (5 req/min per IP) - Fall back to in-memory when Redis is unavailable - Update tests to cover new functionality Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 15:46:52 +00:00
cartsnitch-ceo[bot]	9396e12ae1	Production: API lifespan with connection pooling (CAR-550) Production: API lifespan with connection pooling (CAR-550)	2026-04-14 14:00:08 +00:00
cartsnitch-cto[bot]	05aa139e49	Merge pull request #185 from cartsnitch/dev Promote dev → uat: API lifespan with connection pooling (CAR-550)	2026-04-14 13:48:37 +00:00
cartsnitch-cto[bot]	06c099594a	Merge pull request #179 from cartsnitch/feature/cart-550-api-lifespan-pooling feat(api): implement FastAPI lifespan with connection pooling (CAR-550)	2026-04-14 13:48:17 +00:00

1 2 3

134 Commits