Commit Graph

Select branches

Hide Pull Requests

barcode-betty/car-1078-email-worker-dragonfly-reset

barcode-betty/fix-dispose-engine-import

barcode-betty/gitea-registry

barcode-betty/move-workflows-to-gitea

betty/car-517-domain-tables-migration

betty/car-548-email-verification

betty/car-551-remove-mock-auth

betty/car-552-redis-rate-limiting

betty/car-553-redis-cache

betty/car-554-audit-logging

betty/car-555-health-check-db

betty/car-580-n1-normalization-query

betty/car-599-vite-audit-fix

betty/car-673-fix-e2e-playwright-mock-auth

betty/car-749-remove-auth-ci

betty/car-812-uat-seed-tooling

betty/car-862-fix-auth-build

betty/car-869-gitea-actions-cartsnitch

betty/car-900-gitea-workflows

betty/car-964-gitea-registry-v2

betty/fix-alembic-create-all-commit

betty/fix-alembic-dockerfile

betty/fix-alembic-fresh-db

betty/fix-alembic-model-import

betty/fix-api-database-url-fallback

betty/fix-ci-dev-uat-branches

betty/fix-dead-dispose-engine-import

betty/fix-email-inbound-token-server-default

betty/fix-gitea-ci-secrets

betty/fix-libpq5-dockerfile

betty/fix-secure-session-cookie

betty/fix-session-cookie-parsing

betty/fix-session-token-hash

betty/fix-sha-tag-format-long

betty/fix-uat-trustedorigins

betty/fix-uat-users-table-bootstrap

betty/revert-sha256-session-hash

calver-tagging

carl/car-933-gitea-registry

charlie/ci-remove-trigger-uat

ci/add-github-actions

content/cartsnitch-vs-flipp

content/email-welcome-sequence-links

content/fix-launch-stats

content/founder-blog-post

content/launch-calendar

content/launch-marketing-pages

content/phase-2-onboarding-faq

content/pre-launch-social-mar25-26

content/seo-comparison-article

content/shrinkflation-consumer-faq

content/shrinkflation-series-1-cereal

content/shrinkflation-series-alignment

content/shrinkflation-series-social-copy

content/shrinkflation-top-10

content/what-is-unit-price

debbie/fix-frontend-docker-cache

debbie/proper-cache-and-dockerhub-cleanup

dev

docs/uat-runbook

feat/add-auth-image-to-deploy-dev

feat/api-alembic-dockerfile

feat/axe-core-playwright

feat/ci-api-image-build

feat/ci-api-image-build-v2

feat/ci-api-image-build-v3

feat/ci-deploy-uat

feat/ci-npm-audit

feat/ci-receiptwitness-build

feat/deploy-dev-uat-trigger

feat/e2e-journey-tests

feat/email-in-settings

feat/lighthouse-ci

feat/msw-integration-tests

feat/playwright-setup

feat/sync-common-email-inbound-token

feat/uat-seed-user

feat/utility-functions-tests

feature/better-auth

feature/cart-550-api-lifespan-pooling

feature/core-screens

feature/dev-seed-script

feature/dockerfile

feature/dragonfly-rate-limiting

feature/grype-image-scanning

feature/public-endpoint-validation

feature/renovate-config

feature/repo-consolidation

feature/trivy-image-scanning

fix/alembic-in-dockerfile

fix/alembic-percent-escape

fix/alembic-version-table-width

fix/api-auto-migration

fix/api-date-schema-types

fix/api-dockerfile-libpq

fix/api-v1-prefix

fix/auth-config-validation

fix/auth-contract-mismatch

fix/auth-session-table-mapping

fix/auth-url-same-origin

fix/car-608-auth-health-check

fix/car-616-remediate-docker-cves

fix/car-620-grype-ignore-and-cache-bust

fix/car-620-grype-only-fixed

fix/car-620-remaining-docker-cves

fix/car-656-deploy-commit-guard

fix/car-663-bcrypt-cost-factor

fix/car-665-eslint-unused-vars

fix/car-676-axe-color-contrast

fix/car-709-receiptwitness-grype-cves

fix/car-741-login-redirect-race

fix/car-741-login-redirect-race-clean

fix/car-741-login-redirect-race-v2

fix/ci-api-dockerfile-path

fix/ci-deploy-race

fix/ci-docker-ratelimit

fix/ci-remove-dockerhub-login

fix/ci-runner-and-mirrors

fix/ci-runner-label

fix/cors-security-headers

fix/dashboard-hardcoded-product-ids

fix/deploy-dev-github-app-token-cross-repo

fix/deploy-dev-install-kustomize

fix/deploy-dev-kustomize-install-clean

fix/deploy-dev-resilience

fix/deploy-dev-resilient

fix/deploy-dev-resilient-v2

fix/dispose-engine-import

fix/dockerfile-numeric-uid

fix/dockerfile-use-dockerhub-images

fix/dockerhub-auth-rate-limit

fix/dockerhub-login-cicd

fix/email-in-address-hotfix

fix/email-in-address-routing

fix/frontend-api-routes

fix/frontend-dockerfile-user-101

fix/ghcr-mirror-base-images

fix/hardcoded-secrets

fix/hashed-password-nullable

fix/inbound-email-500

fix/lighthouse-ci-crash

fix/non-root-nginx

fix/npm-audit-vulnerabilities

fix/rate-limit-token-hash

fix/receiptwitness-config-validation

fix/receiptwitness-local-common

fix/registration-redirect

fix/remove-polyrepo-ci-leftovers

fix/remove-timestamp-mixin-from-mismatched-models

fix/restore-token-hash

fix/runner-label

fix/secure-cookie-name

fix/seed-uat-ctofixes

fix/session-token-hash

fix/signed-cookie-parsing

fix/user-id-str-type

fix/users-id-text

frankie/add-marketing-content

main

pr108

remove-trigger-uat

revert-ghcr-mirrors

sync/api-2026-04-03

sync/receiptwitness-2026-04-03

test/arc-runner-validation

uat

v2026.03.20

v2026.03.20.2

v2026.03.20.3

v2026.03.21

v2026.03.21.2

v2026.03.21.3

v2026.03.21.4

v2026.03.22

v2026.03.22.2

v2026.03.24

v2026.03.24.2

v2026.03.28

v2026.03.28.2

v2026.03.28.3

v2026.03.28.4

v2026.03.28.5

v2026.03.28.6

v2026.03.29

v2026.03.29.2

v2026.03.29.3

v2026.03.29.4

v2026.03.29.5

v2026.03.30

v2026.03.30.10

v2026.03.30.2

v2026.03.30.3

v2026.03.30.4

v2026.03.30.5

v2026.03.30.6

v2026.03.30.7

v2026.03.30.8

v2026.03.30.9

v2026.03.31

v2026.03.31.2

v2026.03.31.3

v2026.03.31.4

v2026.03.31.5

v2026.03.31.6

v2026.03.31.7

v2026.03.31.8

v2026.04.01

v2026.04.01.2

v2026.04.01.3

v2026.04.01.4

v2026.04.01.5

v2026.04.01.6

v2026.04.01.7

v2026.04.01.8

v2026.04.01.9

v2026.04.02

v2026.04.03

v2026.04.03.2

v2026.04.03.3

v2026.04.03.4

v2026.04.03.5

v2026.04.03.6

v2026.04.03.7

v2026.04.03.8

v2026.04.05

v2026.04.14

v2026.04.14.2

v2026.04.14.3

v2026.04.14.4

v2026.04.15

v2026.04.15.2

v2026.04.19

v2026.04.19.2

v2026.04.19.3

v2026.04.19.4

v2026.04.20

v2026.05.04

Mono Color

• 68420b5f01 fix(e2e): add mock for /auth/session endpoint Barcode Betty 2026-04-15 11:13:21 +00:00
• b6da52fb07 fix(e2e): correct Better Auth mock response formats Barcode Betty 2026-04-15 11:06:19 +00:00
• 5e5f13c5b5 fix(e2e): use more permissive regex patterns for route mocking Barcode Betty 2026-04-15 11:00:56 +00:00
• c47252a342 fix(e2e): correct Better Auth mock route patterns Barcode Betty 2026-04-15 10:44:57 +00:00
• 00f3c86276 fix(e2e): replace VITE_MOCK_AUTH with Playwright route mocking Barcode Betty 2026-04-15 10:32:24 +00:00
• a55c64a9c8 fix e2e: update auth route mocks and config for Better Auth betty/car-673-fix-e2e-playwright-mock-auth Barcode Betty 2026-04-15 21:18:45 +00:00
• 3a67b26e1f fix(e2e): add mock for /auth/session endpoint Barcode Betty 2026-04-15 11:13:21 +00:00
• 271406de9e fix(e2e): correct Better Auth mock response formats Barcode Betty 2026-04-15 11:06:19 +00:00
• d0b855b45d fix(e2e): use more permissive regex patterns for route mocking Barcode Betty 2026-04-15 11:00:56 +00:00
• 14e17c5fc6 fix(e2e): correct Better Auth mock route patterns Barcode Betty 2026-04-15 10:44:57 +00:00
• 70b0801228 fix(e2e): replace VITE_MOCK_AUTH with Playwright route mocking Barcode Betty 2026-04-15 10:32:24 +00:00
• f023480100 chore: promote UAT to production (CAR-662, audit logging middleware) cartsnitch-ceo[bot] 2026-04-15 04:29:39 +00:00
• 9acaf5e83a Merge branch 'main' into uat cartsnitch-ceo[bot] 2026-04-15 04:17:24 +00:00
• 4e10c75fd0 Merge pull request #217 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-15 04:04:25 +00:00
• ffdc26cce5 Merge pull request #216 from cartsnitch/fix/car-665-eslint-unused-vars cartsnitch-cto[bot] 2026-04-15 03:59:45 +00:00
• 2e96e8f0a7 fix: remove unused navigate variable from Register.tsx fix/car-665-eslint-unused-vars Barcode Betty 2026-04-15 03:57:01 +00:00
• c7026f7134 chore: update package-lock.json with dev dependencies betty/car-548-email-verification Barcode Betty 2026-04-15 03:41:53 +00:00
• 88ac74e94c Merge pull request #213 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-15 03:33:42 +00:00
• 66279716ba feat(auth): enable email verification with Resend (#173) cartsnitch-ceo[bot] 2026-04-15 03:32:23 +00:00
• 15ab4ed38c feat(api): implement Redis cache get/set/delete with TTL support (#195) cartsnitch-ceo[bot] 2026-04-15 03:32:11 +00:00
• fbd77a9434 fix: remove VITE_MOCK_AUTH bypass from production code (#193) cartsnitch-ceo[bot] 2026-04-15 03:32:02 +00:00
• fef5e86645 feat: Redis-backed rate limiting with stricter auth limits (#194) cartsnitch-ceo[bot] 2026-04-15 03:31:42 +00:00
• cf39ed1dcd fix: update vite to 6.4.2 to patch high-severity vulnerabilities (#191) cartsnitch-ceo[bot] 2026-04-15 03:31:34 +00:00
• 71e2978f52 Enable Better-Auth email verification with Resend Barcode Betty 2026-04-14 13:18:13 +00:00
• 4945ac71ae feat(auth): enable email verification with Resend Barcode Betty 2026-04-15 03:30:44 +00:00
• 53ffef0ed1 Merge pull request #212 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-15 03:30:04 +00:00
• 5308923136 feat(api): add input validation on public endpoints (#171) cartsnitch-ceo[bot] 2026-04-15 03:26:38 +00:00
• bdaca519f6 feat: implement audit logging middleware for sensitive API operations (#183) cartsnitch-ceo[bot] 2026-04-15 03:23:37 +00:00
• cfad4eab37 Merge pull request #211 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-15 03:22:50 +00:00
• 90e23ac592 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans (#207) cartsnitch-cto[bot] 2026-04-15 03:18:13 +00:00
• d8e7a416d2 chore: promote UAT to production (CAR-630) v2026.04.15.2 cartsnitch-ceo[bot] 2026-04-15 02:16:12 +00:00
• c03e599ae3 feat: Redis-backed rate limiting with stricter auth limits betty/car-552-redis-rate-limiting Barcode Betty 2026-04-15 02:10:02 +00:00
• f051e4b4af chore: promote dev to UAT cartsnitch-cto[bot] 2026-04-15 02:00:15 +00:00
• 908ebde4c6 fix: replace N+1 UPC query with SQL containment in normalization (#175) cartsnitch-cto[bot] 2026-04-15 02:00:04 +00:00
• c715c0e47a chore: promote uat to production (Grype image vulnerability scanning) v2026.04.15 cartsnitch-ceo[bot] 2026-04-15 01:14:35 +00:00
• a0eef27944 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans fix/car-620-remaining-docker-cves Paperclip 2026-04-15 00:51:53 +00:00
• c968088a3f Merge pull request #208 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-15 00:46:24 +00:00
• bb50ddc85d Merge pull request #206 from cartsnitch/fix/car-620-grype-only-fixed cartsnitch-cto[bot] 2026-04-15 00:46:10 +00:00
• bd2e8feff6 fix: add only-fixed flag to Grype scans to skip unfixable CVEs fix/car-620-grype-only-fixed Hugh Hackman 2026-04-15 00:28:56 +00:00
• 2b32bfdfe1 chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) cartsnitch-cto[bot] 2026-04-14 23:57:52 +00:00
• 1e8223caeb fix: remediate high-severity CVEs in Docker images (#204) cartsnitch-cto[bot] 2026-04-14 23:57:40 +00:00
• e1d77d7789 fix: remediate high-severity CVEs in Docker images fix/car-616-remediate-docker-cves Paperclip 2026-04-14 23:51:42 +00:00
• 16200c5500 Merge branch 'main' into uat cartsnitch-ceo[bot] 2026-04-14 23:31:58 +00:00
• 1803d09095 Promote dev to UAT: Grype image vulnerability scanning cartsnitch-cto[bot] 2026-04-14 23:25:47 +00:00
• 8592701382 feat(ci): add Grype image vulnerability scanning to all Docker builds cartsnitch-cto[bot] 2026-04-14 23:25:17 +00:00
• 17447fb5e1 feat(ci): add Grype image vulnerability scanning to all Docker builds feature/grype-image-scanning Paperclip 2026-04-14 23:13:47 +00:00
• e29bad9a39 chore: promote uat to production (auth health check DB connectivity fix) (#200) v2026.04.14.4 cartsnitch-ceo[bot] 2026-04-14 16:53:08 +00:00
• 349b519a00 Merge pull request #199 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-14 16:39:50 +00:00
• b274fdff8e Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check cartsnitch-cto[bot] 2026-04-14 16:39:18 +00:00
• a64dc7ab5e fix: restore DB connectivity check to auth health endpoint fix/car-608-auth-health-check Paperclip 2026-04-14 16:35:24 +00:00
• 7fc524b593 Merge pull request #197: promote dev to uat (auth config validation + vite audit fix) cartsnitch-cto[bot] 2026-04-14 16:19:27 +00:00
• 0fb99e6c16 Merge pull request #187 from cartsnitch/fix/auth-config-validation cartsnitch-cto[bot] 2026-04-14 16:19:13 +00:00
• a53daddb9a fix: update vite to resolve high-severity audit vulnerability fix/auth-config-validation Barcode Betty 2026-04-14 16:09:48 +00:00
• 4e139dc4b6 Merge pull request #196 from cartsnitch/uat v2026.04.14.3 cartsnitch-ceo[bot] 2026-04-14 16:08:05 +00:00
• 3351d74058 fix: add startup validation to auth service config Paperclip 2026-04-14 16:03:37 +00:00
• 1ce5d738d1 feat(api): implement Redis cache get/set/delete with TTL support betty/car-553-redis-cache Paperclip 2026-04-14 16:00:35 +00:00
• e69b3c47be fix: update vite to resolve high-severity npm audit vulnerabilities betty/car-554-audit-logging Paperclip 2026-04-14 15:56:33 +00:00
• 4c217757c3 feat: Redis-backed rate limiting with stricter auth limits Paperclip 2026-04-14 15:46:52 +00:00
• 121dc5724e fix: remove VITE_MOCK_AUTH bypass from production code betty/car-551-remove-mock-auth Paperclip 2026-04-14 15:37:24 +00:00
• c85c9b12a7 feat(ci): add Trivy image vulnerability scanning to all Docker builds feature/trivy-image-scanning Paperclip 2026-04-14 15:21:08 +00:00
• ee45400c7c fix: update vite to 6.4.2 to patch high-severity vulnerabilities betty/car-599-vite-audit-fix Paperclip 2026-04-14 14:43:46 +00:00
• 1aff898545 fix: update vite to 6.4.2 to patch audit vulnerabilities betty/car-580-n1-normalization-query Paperclip 2026-04-14 14:31:02 +00:00
• 6481cf03e4 Merge pull request #189 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-14 14:08:08 +00:00
• adfa34f2c2 Merge pull request #186 from cartsnitch/fix/receiptwitness-config-validation cartsnitch-cto[bot] 2026-04-14 14:07:48 +00:00
• 37c75c3887 Production: API lifespan with connection pooling (CAR-550) v2026.04.14.2 cartsnitch-ceo[bot] 2026-04-14 14:00:08 +00:00
• ade03fdd1c fix: add startup validation to ReceiptWitness config fix/receiptwitness-config-validation Paperclip 2026-04-14 13:52:24 +00:00
• 8a0b2c03a1 Merge pull request #185 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-14 13:48:37 +00:00
• 5825174f0d Merge pull request #179 from cartsnitch/feature/cart-550-api-lifespan-pooling cartsnitch-cto[bot] 2026-04-14 13:48:17 +00:00
• 6b75d4906f feat: implement audit logging middleware for sensitive API operations Barcode Betty 2026-04-14 13:41:55 +00:00
• aa893d9cc1 Release: rate limit key derivation fix + CORS security headers (#180) v2026.04.14 cartsnitch-ceo[bot] 2026-04-14 13:25:23 +00:00
• 91c062130c Merge branch 'main' into uat cartsnitch-ceo[bot] 2026-04-14 13:18:38 +00:00
• 68e6be1985 feat(api): implement FastAPI lifespan with connection pooling feature/cart-550-api-lifespan-pooling Barcode Betty 2026-04-14 13:12:46 +00:00
• 0aef2455fd chore: promote dev to uat (CAR-557 rate limit fix) (#176) cartsnitch-cto[bot] 2026-04-14 12:45:29 +00:00
• c2a0263ddd fix(security): use SHA-256 hash for rate limit key instead of token suffix (#169) cartsnitch-cto[bot] 2026-04-14 12:45:15 +00:00
• 24f0dd0e67 fix: replace N+1 UPC query with SQL containment in normalization CartSnitch Engineer Bot 2026-04-14 11:59:28 +00:00
• 6602b8c105 Merge pull request #174 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-14 11:58:05 +00:00
• da96ec7dc4 Merge pull request #172 from cartsnitch/fix/cors-security-headers cartsnitch-cto[bot] 2026-04-14 11:57:52 +00:00
• 37798251be fix: restrict CORS to explicit methods and add security headers fix/cors-security-headers CartSnitch Engineer Bot 2026-04-14 11:49:02 +00:00
• cfea2586cb feat(api): add input validation on public endpoints feature/public-endpoint-validation CartSnitch Engineer Bot 2026-04-14 11:45:53 +00:00
• bc5e03e7a0 fix(security): use SHA-256 hash for rate limit key instead of token suffix fix/rate-limit-token-hash CartSnitch Engineer Bot 2026-04-14 11:36:17 +00:00
• dbbc8d2e7b Merge pull request #168 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-14 11:31:54 +00:00
• ee97f64db6 Merge pull request #156 from cartsnitch/fix/hardcoded-secrets cartsnitch-cto[bot] 2026-04-14 11:31:40 +00:00
• 538a5f4f4d fix: remove hardcoded default secrets from API config fix/hardcoded-secrets CartSnitch Engineer Bot 2026-04-14 11:11:23 +00:00
• 1267caf43c Release: domain tables migration + alembic fixes (UAT-verified) v2026.04.05 cartsnitch-ceo[bot] 2026-04-05 02:55:12 +00:00
• 015401861a Merge pull request #150 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 21:58:13 +00:00
• 4485bf1d5e Merge pull request #148 from cartsnitch/betty/fix-alembic-create-all-commit cartsnitch-cto[bot] 2026-04-04 21:57:54 +00:00
• 9891e1aefb Merge pull request #149 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 21:37:02 +00:00
• f7bf767da5 Merge pull request #147 from cartsnitch/betty/car-517-domain-tables-migration cartsnitch-cto[bot] 2026-04-04 21:36:48 +00:00
• 2f1833e90d fix(api): commit after create_all in alembic env.py betty/fix-alembic-create-all-commit Barcode Betty 2026-04-04 21:36:05 +00:00
• b2725fd512 fix(api): create domain tables migration + fix create_all commit betty/car-517-domain-tables-migration cartsnitch-engineer[bot] 2026-04-04 21:22:24 +00:00
• 69ad161e36 Merge pull request #146 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 21:20:26 +00:00
• 5532b43e38 Merge pull request #145 from cartsnitch/betty/fix-alembic-model-import cartsnitch-cto[bot] 2026-04-04 21:20:11 +00:00
• 0be7ccd4b4 fix(api): import Base from models package to register all ORM tables betty/fix-alembic-model-import Barcode Betty 2026-04-04 21:12:13 +00:00
• 485f890df3 Merge pull request #144 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 20:39:25 +00:00
• 6d37cecdba Merge pull request #143 from cartsnitch/betty/fix-session-cookie-parsing cartsnitch-cto[bot] 2026-04-04 20:39:09 +00:00
• 3745f5be69 fix(auth): parse compound Better-Auth cookie/bearer token to extract token part betty/fix-session-cookie-parsing Barcode Betty 2026-04-04 20:32:43 +00:00
• bf3ed0ede3 Merge pull request #142 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 20:06:06 +00:00
• abec954320 Merge pull request #141 from cartsnitch/betty/fix-api-database-url-fallback cartsnitch-cto[bot] 2026-04-04 20:05:47 +00:00
• ec9deb515b fix(api): accept DATABASE_URL as fallback for shared DB with auth service betty/fix-api-database-url-fallback Barcode Betty 2026-04-04 19:52:24 +00:00
• 3f41eb7346 Merge pull request #140 from cartsnitch/dev cartsnitch-cto[bot] 2026-04-04 19:25:42 +00:00