cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity
344 Commits 166 Branches 71 Tags
53ffef0ed1c5f0fc72b28d64210e52b5e024d954
Commit Graph

344 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cartsnitch-cto[bot] 53ffef0ed1 Merge pull request #212 from cartsnitch/dev 
Promote to UAT: input validation + audit logging (PR #171, #183)
 2026-04-15 03:30:04 +00:00
cartsnitch-ceo[bot] 5308923136 feat(api): add input validation on public endpoints (#171) 
feat(api): add input validation on public endpoints
 2026-04-15 03:26:38 +00:00
cartsnitch-ceo[bot] bdaca519f6 feat: implement audit logging middleware for sensitive API operations (#183) 
feat: implement audit logging middleware for sensitive API operations
 2026-04-15 03:23:37 +00:00
cartsnitch-cto[bot] cfad4eab37 Merge pull request #211 from cartsnitch/dev 
Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)
 2026-04-15 03:22:50 +00:00
cartsnitch-cto[bot] 90e23ac592 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans (#207) 
fix: upgrade bcrypt and filter unfixed CVEs in Grype scans
 2026-04-15 03:18:13 +00:00
cartsnitch-cto[bot] f051e4b4af chore: promote dev to UAT 
chore: promote dev to UAT
 2026-04-15 02:00:15 +00:00
cartsnitch-cto[bot] 908ebde4c6 fix: replace N+1 UPC query with SQL containment in normalization (#175) 
fix: replace N+1 UPC query with SQL containment in normalization
 2026-04-15 02:00:04 +00:00
Paperclip a0eef27944 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans 2026-04-15 00:51:53 +00:00
cartsnitch-cto[bot] c968088a3f Merge pull request #208 from cartsnitch/dev 
promote: dev → uat (Grype only-fixed flag)
 2026-04-15 00:46:24 +00:00
cartsnitch-cto[bot] bb50ddc85d Merge pull request #206 from cartsnitch/fix/car-620-grype-only-fixed 
fix: add only-fixed flag to Grype scans to skip unfixable CVEs
 2026-04-15 00:46:10 +00:00
Hugh Hackman bd2e8feff6 fix: add only-fixed flag to Grype scans to skip unfixable CVEs 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 00:28:56 +00:00
cartsnitch-cto[bot] 2b32bfdfe1 chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) 
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
 2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot] 1e8223caeb fix: remediate high-severity CVEs in Docker images (#204) 
fix: remediate high-severity CVEs in Docker images
 2026-04-14 23:57:40 +00:00
Paperclip e1d77d7789 fix: remediate high-severity CVEs in Docker images 
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies

Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 23:51:42 +00:00
cartsnitch-ceo[bot] 16200c5500 Merge branch 'main' into uat 2026-04-14 23:31:58 +00:00
cartsnitch-cto[bot] 1803d09095 Promote dev to UAT: Grype image vulnerability scanning 
Promote dev to UAT: Grype image vulnerability scanning
 2026-04-14 23:25:47 +00:00
cartsnitch-cto[bot] 8592701382 feat(ci): add Grype image vulnerability scanning to all Docker builds 
feat(ci): add Grype image vulnerability scanning to all Docker builds
 2026-04-14 23:25:17 +00:00
Paperclip 17447fb5e1 feat(ci): add Grype image vulnerability scanning to all Docker builds 2026-04-14 23:13:47 +00:00
cartsnitch-ceo[bot] e29bad9a39 chore: promote uat to production (auth health check DB connectivity fix) (#200) 
chore: promote uat to production (auth health check DB connectivity fix)
v2026.04.14.4 		2026-04-14 16:53:08 +00:00
cartsnitch-cto[bot] 349b519a00 Merge pull request #199 from cartsnitch/dev 
chore: promote dev to uat (auth health check DB connectivity fix)
 2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot] b274fdff8e Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check 
fix: restore DB connectivity check to auth health endpoint
 2026-04-14 16:39:18 +00:00
Paperclip a64dc7ab5e fix: restore DB connectivity check to auth health endpoint 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:35:24 +00:00
cartsnitch-cto[bot] 7fc524b593 Merge pull request #197: promote dev to uat (auth config validation + vite audit fix) 
chore: promote dev to uat (auth config validation + vite audit fix)
 2026-04-14 16:19:27 +00:00
cartsnitch-cto[bot] 0fb99e6c16 Merge pull request #187 from cartsnitch/fix/auth-config-validation 
fix: add startup validation to auth service config
 2026-04-14 16:19:13 +00:00
Barcode Betty a53daddb9a fix: update vite to resolve high-severity audit vulnerability 2026-04-14 16:09:48 +00:00
cartsnitch-ceo[bot] 4e139dc4b6 Merge pull request #196 from cartsnitch/uat 
chore: promote uat to main (ReceiptWitness config validation)
v2026.04.14.3 		2026-04-14 16:08:05 +00:00
Paperclip 3351d74058 fix: add startup validation to auth service config 
- Add DATABASE_URL validation after BETTER_AUTH_SECRET check
- Warn clearly when DATABASE_URL is not set (uses localhost default)
- Move pool declaration after validation blocks

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:03:37 +00:00
Paperclip e69b3c47be fix: update vite to resolve high-severity npm audit vulnerabilities 2026-04-14 15:56:33 +00:00
Paperclip 1aff898545 fix: update vite to 6.4.2 to patch audit vulnerabilities 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 14:31:02 +00:00
cartsnitch-cto[bot] 6481cf03e4 Merge pull request #189 from cartsnitch/dev 
chore: promote dev to uat (ReceiptWitness config validation)
 2026-04-14 14:08:08 +00:00
cartsnitch-cto[bot] adfa34f2c2 Merge pull request #186 from cartsnitch/fix/receiptwitness-config-validation 
fix: add startup validation to ReceiptWitness config
 2026-04-14 14:07:48 +00:00
cartsnitch-ceo[bot] 37c75c3887 Production: API lifespan with connection pooling (CAR-550) 
Production: API lifespan with connection pooling (CAR-550)
v2026.04.14.2 		2026-04-14 14:00:08 +00:00
Paperclip ade03fdd1c fix: add startup validation to ReceiptWitness config 
Add Pydantic model_validator to ReceiptWitnessSettings that fails fast
if session_encryption_key is missing or a placeholder value. Conditional
validation for resend_api_key when notifications_enabled=true.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:52:24 +00:00
cartsnitch-cto[bot] 8a0b2c03a1 Merge pull request #185 from cartsnitch/dev 
Promote dev → uat: API lifespan with connection pooling (CAR-550)
 2026-04-14 13:48:37 +00:00
cartsnitch-cto[bot] 5825174f0d Merge pull request #179 from cartsnitch/feature/cart-550-api-lifespan-pooling 
feat(api): implement FastAPI lifespan with connection pooling (CAR-550)
 2026-04-14 13:48:17 +00:00
Barcode Betty 6b75d4906f feat: implement audit logging middleware for sensitive API operations 
- Add AuditMiddleware that logs POST/PUT/PATCH/DELETE and GET /auth/me
- Logs structured JSON: event, timestamp, user_id, method, path, client_ip, status_code, duration_ms
- Excludes health endpoints and OPTIONS requests
- Never logs request/response bodies or auth headers/cookies
- Wire user_id from auth dependency via request.state
- Add add_audit_middleware() to app factory

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:41:55 +00:00
cartsnitch-ceo[bot] aa893d9cc1 Release: rate limit key derivation fix + CORS security headers (#180) 
Release: rate limit key derivation fix + CORS security headers
v2026.04.14 		2026-04-14 13:25:23 +00:00
cartsnitch-ceo[bot] 91c062130c Merge branch 'main' into uat 2026-04-14 13:18:38 +00:00
Barcode Betty 68e6be1985 feat(api): implement FastAPI lifespan with connection pooling 
- Add connection pool config to SQLAlchemy async engine (pool_size=10, max_overflow=20, pool_pre_ping, pool_recycle)
- Implement Redis connection pool in CacheClient with initialize/close lifecycle
- Wire lifespan startup/shutdown to initialize and dispose pools
- Add dispose_engine() for graceful DB pool cleanup on shutdown

Closes CAR-550

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:12:46 +00:00
cartsnitch-cto[bot] 0aef2455fd chore: promote dev to uat (CAR-557 rate limit fix) (#176) 
chore: promote dev to uat (CAR-557 rate limit fix)
 2026-04-14 12:45:29 +00:00
cartsnitch-cto[bot] c2a0263ddd fix(security): use SHA-256 hash for rate limit key instead of token suffix (#169) 
fix(security): use SHA-256 hash for rate limit key instead of token suffix
 2026-04-14 12:45:15 +00:00
CartSnitch Engineer Bot 24f0dd0e67 fix: replace N+1 UPC query with SQL containment in normalization 
- Add PostgreSQL JSONB containment (@>) query for match_by_upc
- Add SQLite LIKE fallback for test compatibility
- Update upc_variants column to JSONB with variant for cross-db support
- Add GIN index migration for upc_variants

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:59:28 +00:00
cartsnitch-cto[bot] 6602b8c105 Merge pull request #174 from cartsnitch/dev 
CTO promoting dev→uat for CORS security headers.
 2026-04-14 11:58:05 +00:00
cartsnitch-cto[bot] da96ec7dc4 Merge pull request #172 from cartsnitch/fix/cors-security-headers 
CTO review: LGTM. CORS methods restricted to explicit list (no TRACE/CONNECT), headers whitelisted, nginx security headers added (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP). Clean diff, CI green.
 2026-04-14 11:57:52 +00:00
CartSnitch Engineer Bot 37798251be fix: restrict CORS to explicit methods and add security headers 
- Replace allow_methods=["*"] with explicit list: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Replace allow_headers=["*"] with explicit list: Content-Type, Authorization, Accept, Origin, X-Requested-With
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP nginx headers

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:49:02 +00:00
CartSnitch Engineer Bot cfea2586cb feat(api): add input validation on public endpoints 
- Add days query param to GET /public/trends/{product_id} (ge=1, le=365)
- Add category query param to GET /public/store-comparison
- Add category and period query params to GET /public/inflation
- Add boundary and malicious input test cases

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:45:53 +00:00
CartSnitch Engineer Bot bc5e03e7a0 fix(security): use SHA-256 hash for rate limit key instead of token suffix 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:36:17 +00:00
cartsnitch-cto[bot] dbbc8d2e7b Merge pull request #168 from cartsnitch/dev 
chore: promote dev to UAT (CAR-544 hardcoded secrets fix)
 2026-04-14 11:31:54 +00:00
cartsnitch-cto[bot] ee97f64db6 Merge pull request #156 from cartsnitch/fix/hardcoded-secrets 
fix: remove hardcoded default secrets from API config
 2026-04-14 11:31:40 +00:00
CartSnitch Engineer Bot 538a5f4f4d fix: remove hardcoded default secrets from API config 
Remove dangerous default values for jwt_secret_key, service_key, and
fernet_key. Add startup validation that raises RuntimeError if these
secrets are not set via environment variables or contain placeholder
values.

Add test fixture to provide explicit test values for these secrets,
ensuring existing tests continue to pass.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:11:23 +00:00