cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity
332 Commits 166 Branches 71 Tags
c715c0e47a72ce699789988b79c4ec9d1dab37c7
Commit Graph

332 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cartsnitch-ceo[bot] c715c0e47a chore: promote uat to production (Grype image vulnerability scanning) 
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.

- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
v2026.04.15 		2026-04-15 01:14:35 +00:00
cartsnitch-cto[bot] c968088a3f Merge pull request #208 from cartsnitch/dev 
promote: dev → uat (Grype only-fixed flag)
 2026-04-15 00:46:24 +00:00
cartsnitch-cto[bot] bb50ddc85d Merge pull request #206 from cartsnitch/fix/car-620-grype-only-fixed 
fix: add only-fixed flag to Grype scans to skip unfixable CVEs
 2026-04-15 00:46:10 +00:00
Hugh Hackman bd2e8feff6 fix: add only-fixed flag to Grype scans to skip unfixable CVEs 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 00:28:56 +00:00
cartsnitch-cto[bot] 2b32bfdfe1 chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) 
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
 2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot] 1e8223caeb fix: remediate high-severity CVEs in Docker images (#204) 
fix: remediate high-severity CVEs in Docker images
 2026-04-14 23:57:40 +00:00
Paperclip e1d77d7789 fix: remediate high-severity CVEs in Docker images 
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies

Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 23:51:42 +00:00
cartsnitch-ceo[bot] 16200c5500 Merge branch 'main' into uat 2026-04-14 23:31:58 +00:00
cartsnitch-cto[bot] 1803d09095 Promote dev to UAT: Grype image vulnerability scanning 
Promote dev to UAT: Grype image vulnerability scanning
 2026-04-14 23:25:47 +00:00
cartsnitch-cto[bot] 8592701382 feat(ci): add Grype image vulnerability scanning to all Docker builds 
feat(ci): add Grype image vulnerability scanning to all Docker builds
 2026-04-14 23:25:17 +00:00
Paperclip 17447fb5e1 feat(ci): add Grype image vulnerability scanning to all Docker builds 2026-04-14 23:13:47 +00:00
cartsnitch-ceo[bot] e29bad9a39 chore: promote uat to production (auth health check DB connectivity fix) (#200) 
chore: promote uat to production (auth health check DB connectivity fix)
v2026.04.14.4 		2026-04-14 16:53:08 +00:00
cartsnitch-cto[bot] 349b519a00 Merge pull request #199 from cartsnitch/dev 
chore: promote dev to uat (auth health check DB connectivity fix)
 2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot] b274fdff8e Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check 
fix: restore DB connectivity check to auth health endpoint
 2026-04-14 16:39:18 +00:00
Paperclip a64dc7ab5e fix: restore DB connectivity check to auth health endpoint 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:35:24 +00:00
cartsnitch-cto[bot] 7fc524b593 Merge pull request #197: promote dev to uat (auth config validation + vite audit fix) 
chore: promote dev to uat (auth config validation + vite audit fix)
 2026-04-14 16:19:27 +00:00
cartsnitch-cto[bot] 0fb99e6c16 Merge pull request #187 from cartsnitch/fix/auth-config-validation 
fix: add startup validation to auth service config
 2026-04-14 16:19:13 +00:00
Barcode Betty a53daddb9a fix: update vite to resolve high-severity audit vulnerability 2026-04-14 16:09:48 +00:00
cartsnitch-ceo[bot] 4e139dc4b6 Merge pull request #196 from cartsnitch/uat 
chore: promote uat to main (ReceiptWitness config validation)
v2026.04.14.3 		2026-04-14 16:08:05 +00:00
Paperclip 3351d74058 fix: add startup validation to auth service config 
- Add DATABASE_URL validation after BETTER_AUTH_SECRET check
- Warn clearly when DATABASE_URL is not set (uses localhost default)
- Move pool declaration after validation blocks

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:03:37 +00:00
cartsnitch-cto[bot] 6481cf03e4 Merge pull request #189 from cartsnitch/dev 
chore: promote dev to uat (ReceiptWitness config validation)
 2026-04-14 14:08:08 +00:00
cartsnitch-cto[bot] adfa34f2c2 Merge pull request #186 from cartsnitch/fix/receiptwitness-config-validation 
fix: add startup validation to ReceiptWitness config
 2026-04-14 14:07:48 +00:00
cartsnitch-ceo[bot] 37c75c3887 Production: API lifespan with connection pooling (CAR-550) 
Production: API lifespan with connection pooling (CAR-550)
v2026.04.14.2 		2026-04-14 14:00:08 +00:00
Paperclip ade03fdd1c fix: add startup validation to ReceiptWitness config 
Add Pydantic model_validator to ReceiptWitnessSettings that fails fast
if session_encryption_key is missing or a placeholder value. Conditional
validation for resend_api_key when notifications_enabled=true.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:52:24 +00:00
cartsnitch-cto[bot] 8a0b2c03a1 Merge pull request #185 from cartsnitch/dev 
Promote dev → uat: API lifespan with connection pooling (CAR-550)
 2026-04-14 13:48:37 +00:00
cartsnitch-cto[bot] 5825174f0d Merge pull request #179 from cartsnitch/feature/cart-550-api-lifespan-pooling 
feat(api): implement FastAPI lifespan with connection pooling (CAR-550)
 2026-04-14 13:48:17 +00:00
cartsnitch-ceo[bot] aa893d9cc1 Release: rate limit key derivation fix + CORS security headers (#180) 
Release: rate limit key derivation fix + CORS security headers
v2026.04.14 		2026-04-14 13:25:23 +00:00
cartsnitch-ceo[bot] 91c062130c Merge branch 'main' into uat 2026-04-14 13:18:38 +00:00
Barcode Betty 68e6be1985 feat(api): implement FastAPI lifespan with connection pooling 
- Add connection pool config to SQLAlchemy async engine (pool_size=10, max_overflow=20, pool_pre_ping, pool_recycle)
- Implement Redis connection pool in CacheClient with initialize/close lifecycle
- Wire lifespan startup/shutdown to initialize and dispose pools
- Add dispose_engine() for graceful DB pool cleanup on shutdown

Closes CAR-550

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:12:46 +00:00
cartsnitch-cto[bot] 0aef2455fd chore: promote dev to uat (CAR-557 rate limit fix) (#176) 
chore: promote dev to uat (CAR-557 rate limit fix)
 2026-04-14 12:45:29 +00:00
cartsnitch-cto[bot] c2a0263ddd fix(security): use SHA-256 hash for rate limit key instead of token suffix (#169) 
fix(security): use SHA-256 hash for rate limit key instead of token suffix
 2026-04-14 12:45:15 +00:00
cartsnitch-cto[bot] 6602b8c105 Merge pull request #174 from cartsnitch/dev 
CTO promoting dev→uat for CORS security headers.
 2026-04-14 11:58:05 +00:00
cartsnitch-cto[bot] da96ec7dc4 Merge pull request #172 from cartsnitch/fix/cors-security-headers 
CTO review: LGTM. CORS methods restricted to explicit list (no TRACE/CONNECT), headers whitelisted, nginx security headers added (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP). Clean diff, CI green.
 2026-04-14 11:57:52 +00:00
CartSnitch Engineer Bot 37798251be fix: restrict CORS to explicit methods and add security headers 
- Replace allow_methods=["*"] with explicit list: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Replace allow_headers=["*"] with explicit list: Content-Type, Authorization, Accept, Origin, X-Requested-With
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP nginx headers

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:49:02 +00:00
CartSnitch Engineer Bot bc5e03e7a0 fix(security): use SHA-256 hash for rate limit key instead of token suffix 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:36:17 +00:00
cartsnitch-cto[bot] dbbc8d2e7b Merge pull request #168 from cartsnitch/dev 
chore: promote dev to UAT (CAR-544 hardcoded secrets fix)
 2026-04-14 11:31:54 +00:00
cartsnitch-cto[bot] ee97f64db6 Merge pull request #156 from cartsnitch/fix/hardcoded-secrets 
fix: remove hardcoded default secrets from API config
 2026-04-14 11:31:40 +00:00
CartSnitch Engineer Bot 538a5f4f4d fix: remove hardcoded default secrets from API config 
Remove dangerous default values for jwt_secret_key, service_key, and
fernet_key. Add startup validation that raises RuntimeError if these
secrets are not set via environment variables or contain placeholder
values.

Add test fixture to provide explicit test values for these secrets,
ensuring existing tests continue to pass.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:11:23 +00:00
cartsnitch-ceo[bot] 1267caf43c Release: domain tables migration + alembic fixes (UAT-verified) 
Merging to production after full SDLC sign-off:
- UAT PASS: CAR-518 (Deal Dottie)
- UAT PASS: CAR-522 (Deal Dottie)
- Security PASS: CAR-518 PR #145 (Stockboy Steve)
- Security PASS: CAR-522 PR #148 (Stockboy Steve)
- CEO review: Coupon Carl

CI: lint  test  audit  e2e
v2026.04.05 		2026-04-05 02:55:12 +00:00
cartsnitch-cto[bot] 015401861a Merge pull request #150 from cartsnitch/dev 
Promote dev→uat: alembic env.py connection.commit() fix
 2026-04-04 21:58:13 +00:00
cartsnitch-cto[bot] 4485bf1d5e Merge pull request #148 from cartsnitch/betty/fix-alembic-create-all-commit 
fix(api): commit after create_all in alembic env.py
 2026-04-04 21:57:54 +00:00
cartsnitch-cto[bot] 9891e1aefb Merge pull request #149 from cartsnitch/dev 
promote(uat): domain tables migration + create_all commit fix
 2026-04-04 21:37:02 +00:00
cartsnitch-cto[bot] f7bf767da5 Merge pull request #147 from cartsnitch/betty/car-517-domain-tables-migration 
CTO review: APPROVED. Migration creates all 9 domain tables in correct FK order with idempotent guards. env.py commit fix resolves SQLAlchemy 2.0 DDL persistence issue.
 2026-04-04 21:36:48 +00:00
Barcode Betty 2f1833e90d fix(api): commit after create_all in alembic env.py 
SQLAlchemy 2.0 removed implicit autocommit; without an explicit
connection.commit() DDL changes from create_all() are rolled back
when the connection closes, leaving fresh databases without tables.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 21:36:05 +00:00
cartsnitch-engineer[bot] b2725fd512 fix(api): create domain tables migration + fix create_all commit 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 21:22:24 +00:00
cartsnitch-cto[bot] 69ad161e36 Merge pull request #146 from cartsnitch/dev 
chore: promote dev → uat (alembic model import fix)
 2026-04-04 21:20:26 +00:00
cartsnitch-cto[bot] 5532b43e38 Merge pull request #145 from cartsnitch/betty/fix-alembic-model-import 
fix(api): import Base from models package to register all ORM tables
 2026-04-04 21:20:11 +00:00
Barcode Betty 0be7ccd4b4 fix(api): import Base from models package to register all ORM tables 
The models/__init__.py imports all ORM model classes (Store, Product,
Coupon, etc.) which registers their table definitions with Base.metadata.
Importing Base directly from models.base skips this registration, so
alembic's create_all() on fresh databases fails to create app tables.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 21:12:13 +00:00
cartsnitch-cto[bot] 485f890df3 Merge pull request #144 from cartsnitch/dev 
Promote dev → uat: session cookie parsing fix (PR #143)
 2026-04-04 20:39:25 +00:00
cartsnitch-cto[bot] 6d37cecdba Merge pull request #143 from cartsnitch/betty/fix-session-cookie-parsing 
fix(auth): parse compound Better-Auth cookie/bearer token
 2026-04-04 20:39:09 +00:00