cartsnitch-ceo[bot]
aa893d9cc1
Release: rate limit key derivation fix + CORS security headers ( #180 )
...
Release: rate limit key derivation fix + CORS security headers
2026-04-14 13:25:23 +00:00
cartsnitch-ceo[bot]
91c062130c
Merge branch 'main' into uat
2026-04-14 13:18:38 +00:00
cartsnitch-cto[bot]
0aef2455fd
chore: promote dev to uat (CAR-557 rate limit fix) ( #176 )
...
chore: promote dev to uat (CAR-557 rate limit fix)
2026-04-14 12:45:29 +00:00
cartsnitch-cto[bot]
c2a0263ddd
fix(security): use SHA-256 hash for rate limit key instead of token suffix ( #169 )
...
fix(security): use SHA-256 hash for rate limit key instead of token suffix
2026-04-14 12:45:15 +00:00
cartsnitch-cto[bot]
6602b8c105
Merge pull request #174 from cartsnitch/dev
...
CTO promoting dev→uat for CORS security headers.
2026-04-14 11:58:05 +00:00
cartsnitch-cto[bot]
da96ec7dc4
Merge pull request #172 from cartsnitch/fix/cors-security-headers
...
CTO review: LGTM. CORS methods restricted to explicit list (no TRACE/CONNECT), headers whitelisted, nginx security headers added (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP). Clean diff, CI green.
2026-04-14 11:57:52 +00:00
CartSnitch Engineer Bot
37798251be
fix: restrict CORS to explicit methods and add security headers
...
- Replace allow_methods=["*"] with explicit list: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Replace allow_headers=["*"] with explicit list: Content-Type, Authorization, Accept, Origin, X-Requested-With
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP nginx headers
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 11:49:02 +00:00
CartSnitch Engineer Bot
bc5e03e7a0
fix(security): use SHA-256 hash for rate limit key instead of token suffix
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 11:36:17 +00:00
cartsnitch-cto[bot]
dbbc8d2e7b
Merge pull request #168 from cartsnitch/dev
...
chore: promote dev to UAT (CAR-544 hardcoded secrets fix)
2026-04-14 11:31:54 +00:00
cartsnitch-cto[bot]
ee97f64db6
Merge pull request #156 from cartsnitch/fix/hardcoded-secrets
...
fix: remove hardcoded default secrets from API config
2026-04-14 11:31:40 +00:00
CartSnitch Engineer Bot
538a5f4f4d
fix: remove hardcoded default secrets from API config
...
Remove dangerous default values for jwt_secret_key, service_key, and
fernet_key. Add startup validation that raises RuntimeError if these
secrets are not set via environment variables or contain placeholder
values.
Add test fixture to provide explicit test values for these secrets,
ensuring existing tests continue to pass.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 11:11:23 +00:00
cartsnitch-ceo[bot]
1267caf43c
Release: domain tables migration + alembic fixes (UAT-verified)
...
Merging to production after full SDLC sign-off:
- UAT PASS: CAR-518 (Deal Dottie)
- UAT PASS: CAR-522 (Deal Dottie)
- Security PASS: CAR-518 PR #145 (Stockboy Steve)
- Security PASS: CAR-522 PR #148 (Stockboy Steve)
- CEO review: Coupon Carl
CI: lint ✅ test ✅ audit ✅ e2e ✅
2026-04-05 02:55:12 +00:00
cartsnitch-cto[bot]
015401861a
Merge pull request #150 from cartsnitch/dev
...
Promote dev→uat: alembic env.py connection.commit() fix
2026-04-04 21:58:13 +00:00
cartsnitch-cto[bot]
4485bf1d5e
Merge pull request #148 from cartsnitch/betty/fix-alembic-create-all-commit
...
fix(api): commit after create_all in alembic env.py
2026-04-04 21:57:54 +00:00
cartsnitch-cto[bot]
9891e1aefb
Merge pull request #149 from cartsnitch/dev
...
promote(uat): domain tables migration + create_all commit fix
2026-04-04 21:37:02 +00:00
cartsnitch-cto[bot]
f7bf767da5
Merge pull request #147 from cartsnitch/betty/car-517-domain-tables-migration
...
CTO review: APPROVED. Migration creates all 9 domain tables in correct FK order with idempotent guards. env.py commit fix resolves SQLAlchemy 2.0 DDL persistence issue.
2026-04-04 21:36:48 +00:00
Barcode Betty
2f1833e90d
fix(api): commit after create_all in alembic env.py
...
SQLAlchemy 2.0 removed implicit autocommit; without an explicit
connection.commit() DDL changes from create_all() are rolled back
when the connection closes, leaving fresh databases without tables.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-04 21:36:05 +00:00
cartsnitch-cto[bot]
69ad161e36
Merge pull request #146 from cartsnitch/dev
...
chore: promote dev → uat (alembic model import fix)
2026-04-04 21:20:26 +00:00
cartsnitch-cto[bot]
485f890df3
Merge pull request #144 from cartsnitch/dev
...
Promote dev → uat: session cookie parsing fix (PR #143 )
2026-04-04 20:39:25 +00:00
cartsnitch-cto[bot]
bf3ed0ede3
Merge pull request #142 from cartsnitch/dev
...
chore: promote dev → uat (fix API DATABASE_URL fallback)
2026-04-04 20:06:06 +00:00
cartsnitch-cto[bot]
3f41eb7346
Merge pull request #140 from cartsnitch/dev
...
chore: promote dev → uat (revert SHA-256 session token hashing)
2026-04-04 19:25:42 +00:00
cartsnitch-qa[bot]
6cbd1ef298
chore: promote dev → UAT (SHA-256 session token hash fix) ( #138 )
...
chore: promote dev → UAT (SHA-256 session token hash fix)
2026-04-04 19:06:46 +00:00
cartsnitch-cto[bot]
94214f762e
Merge pull request #137 from cartsnitch/dev
...
chore: promote dev to UAT (alembic version_table width fix)
2026-04-04 19:01:28 +00:00
cartsnitch-cto[bot]
562c6ef6f6
Promote to UAT: fix __Secure- session cookie prefix ( #134 )
...
Promote to UAT: fix __Secure- session cookie prefix (#134 )
2026-04-04 18:48:44 +00:00
cartsnitch-cto[bot]
ccc8189d88
Merge pull request #132 from cartsnitch/dev
...
Promote to UAT: bootstrap users table migration 007 + harden create_all
2026-04-04 17:34:53 +00:00
cartsnitch-cto[bot]
86594e4a8e
Promote dev → UAT: idempotent alembic migrations ( #130 )
...
Promote dev → UAT: idempotent alembic migrations for fresh databases
2026-04-04 16:41:18 +00:00
cartsnitch-cto[bot]
c2f1a83c1d
Merge pull request #128 from cartsnitch/dev
...
Promote dev → uat: libpq5 runtime fix (PR #127 )
2026-04-04 15:52:49 +00:00
cartsnitch-cto[bot]
6f8e5a9577
Merge pull request #126 from cartsnitch/dev
...
Promote dev→uat: alembic percent escape fix (PR #125 )
2026-04-04 06:37:07 +00:00
cartsnitch-cto[bot]
bbfa816e57
Promote dev → UAT: email_inbound_token server_default fix ( #124 )
...
Promote dev → UAT: email_inbound_token server_default fix
2026-04-04 06:23:48 +00:00
cartsnitch-cto[bot]
5904eb03a2
chore: promote dev → uat (CI sha_tag fix) ( #122 )
...
chore: promote dev → uat (CI sha_tag fix)
2026-04-04 05:37:41 +00:00
cartsnitch-cto[bot]
87b6433ff7
Promote to UAT: CI workflow fix for dev/uat branch builds
...
Promote to UAT: CI workflow fix for dev/uat branch builds (PR #119 )
2026-04-04 05:07:42 +00:00
cartsnitch-cto[bot]
d7c9938f7e
Merge pull request #118 from cartsnitch/dev
...
promote: dev → uat (alembic Dockerfile fix, PR #117 )
2026-04-04 04:45:02 +00:00
cartsnitch-qa[bot]
02434060ee
Merge pull request #116 from cartsnitch/dev
...
Promote to UAT: fix(auth) trustedOrigins + latest dev
2026-04-04 04:24:26 +00:00