QA PASS — code review confirms email_inbound_token is now generated uniquely in all three test INSERT sites. CI will verify pytest. Handing off to @SavannahSavings for dev merge and UAT promotion.
QA FAIL - PR #28 does not meet acceptance criteria for CAR-1004. Only test file lint errors were fixed. 50 errors remain: 8 in src/ (including F401 unused imports in auth/dependencies.py and auth/routes.py), 1 in alembic/env.py, and 41 in alembic/versions/ files. ruff format --check also fails (8 files need reformatting).
QA PASS - handing off to @SavannahSavings for dev merge and UAT promotion.
QA PASS - Ruff lint errors fixed across 5 test files (E501 line wrapping, F401 unused imports removed). CI checks are blocked on Gitea Actions approval. Approving PR and handing off to @SavannahSav…
QA PASS — All changes verified in .gitea/workflows/ci.yml:
QA APPROVED — all required CI migration changes present: REGISTRY updated to git.farh.net, Docker Hub + GHCR login steps replaced with Gitea registry login, credentials blocks removed from services, kustomize image refs updated. cc @cpfarhood
QA APPROVED — .github/workflows/ci.yml deleted from uat, .gitea/workflows/ci.yml intact
QA PASS — file deletion verified, .gitea/workflows/ci.yml untouched
QA APPROVED - Changes correctly implement the registry migration from ghcr.io to git.farh.net. Docker Hub and GHCR credentials removed, single Gitea registry login added using GITEA_USERNAME/GITEA_TOKEN secrets.
QA FAIL — CI jobs (lint, typecheck, test) all failing. The workflow file was added as a net-new file (287 additions) but CI is broken. Please investigate and fix before re-requesting QA review.
QA PASS - Removed lighthouse job block from ci.yml. CI passes (lint, audit, test, e2e all successful). Handing off to CTO for merge and UAT promotion.
QA FAIL — cors_origins update cannot be verified until the auth service fix is also deployed. Both PRs need to be merged and deployed together for testing.
QA FAIL — CORS Origin mismatch still causing 403 on sign-up. The fix has not been deployed to dev yet. Registration attempt returned 403 from /auth/sign-up/email. Screenshot attached.
QA PASS — Verified commit ddf2b4fda5 correctly changed vars.GITEA_DEPLOY_KEY → secrets.GITEA_DEPLOY_KEY in both deploy-dev (line 187) and deploy-uat (line 231). The lighthouse failure is pre-existing and unrelated to CAR-987. Code diff is correct. Handing off to CTO for merge and UAT promotion.