chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
# État du projet Veza — Avril 2026
2026-02-20 14:23:12 +00:00
**Document opérationnel** : Où en sommes-nous, quelles sont les prochaines étapes.
---
## 1. Version actuelle
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
| Élément | Valeur |
| --------------------- | ---------------------------------------------------------- |
| **Dernier tag** | **v1.0.8** (2026-04-26) |
| **Branche courante** | `main` |
| **Phase** | Phase 9+ — v1.0 Launch — Stabilisation continue |
| **Prochaine version** | v1.0.9 (Item G subscription + WebRTC TURN/STUN cibles) |
> **v1.0.8** (2026-04-26) — Quatre chantiers parallèles :
> - **Batch A** : MinIO/S3 wired bout-en-bout (upload + read + transcode), ferme le 🟡 stockage local de FUNCTIONAL_AUDIT.
> - **Batch B** : migration OpenAPI orval — 4 services migrés (dashboard / profile / playlist / track) + authService 9/9 (incluant register / refresh / password / verify migrés post-tag dans une session dédiée d'annotation queue + auth password).
> - **Batch B9** : suppression de `@openapitools/openapi-generator-cli` — orval = source unique. −
> - **Batch C** : workflow Playwright E2E sur Forgejo Actions (`@critical` PR / full push+nightly), `--ci` seed flag (~5s vs ~60s), runbook `docs/CI_E2E.md`.
>
> **v1.0.7** (2026-04-23) — Release post-BFG : `.git` 2.3 GB → 66 MB,
> transactions marketplace `b5281bec`, UserRateLimiter wired
> `ebf3276d`, certs/clés rotatées hors git.
>
> **v1.0.4** (2026-04-15) — Release cleanup post-audit AUDIT_REPORT v1
> (~220 MB débris retirés, docs alignées sur la réalité, RGPD
> HIGH-007 fermé, CI consolidée).
>
> Détail commit-par-commit : `CHANGELOG.md`. Audits source :
> `AUDIT_REPORT.md` v3 + `FUNCTIONAL_AUDIT.md` v2 à la racine.
2026-02-20 14:23:12 +00:00
---
2026-02-20 14:44:30 +00:00
## 2. Ce qui est livré
2026-02-20 14:23:12 +00:00
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
### v1.0.8 (2026-04-26 — Storage / OpenAPI / E2E CI)
- **Batch A — MinIO/S3** : `tracks.storage_backend` column, `S3StorageService.UploadStream` + `GetSignedURL` , `TrackService.UploadTrack` wired S3, chunked upload assembly to S3, signed URL redirect 302 stream/download, transcoder lit signed HTTPS URL, `cmd/migrate_storage` CLI bulk local→S3.
- **Batch B — OpenAPI orval migration** : install orval@^7 + Axios mutator, swaggo annotations sur 50+ endpoints (track / playlist / user / queue / password). 5 services migrés : `dashboardService` , `profileService` , `playlistService` , `trackService` , `authService` (9/9 fonctions, dont les renames wire-shape `password_confirm` → `password_confirmation` , `refreshToken` → `refresh_token` , `verifyEmail` GET→POST). `services/api/queue.ts` migré.
- **Batch B9** : suppression `@openapitools/openapi-generator-cli` + `apps/web/src/types/generated/` (198 fichiers / 23k LOC). orval = source unique. Pre-commit drift guard simplifié.
- **Batch C — E2E Playwright CI** : `.github/workflows/e2e.yml` (`@critical` PR / full push+nightly), `--ci` seed flag (`cmd/tools/seed --ci`, ~5s vs ~60s), `playwright.config.ts` `reuseExistingServer: !CI` , runbook `docs/CI_E2E.md` .
- **Cleanup** : `fast-check` install (déblo
### v1.0.7 (2026-04-23 — BFG history rewrite + hardening)
- **BFG pass** : `.git` 2.3 GB → 66 MB (− `.playwright-mcp/` , `.env*` , certs TLS, builds Incus.
- **Hardening backend** : `core/marketplace/service.go` `UpdateProductImages` + `SetProductLicenses` wrappés en transaction GORM (commit `b5281bec` ). `UserRateLimiter` wired dans `AuthMiddleware.RequireAuth()` (commit `ebf3276d` ).
- **`docs/ENV_VARIABLES.md`** : réécriture complète (172 → ~600 lignes), ~180 env vars surveyées du code.
- **Orphelins** : `internal/api/handlers/{chat,rbac,rbac_test}.go` , `internal/repository/user_repository.go` , `proto/chat/chat.proto` , `veza-common/src/types/{chat,websocket}.rs` . 19 workflows `.disabled` archivés.
- **MinIO + mc** pinned aux tags datés (`RELEASE.2025-09-07*`).
### v1.0.5 / v1.0.6 / v1.0.6.1 / v1.0.6.2 (mars-avril 2026)
Money-movement hardening — items A à F du plan v1.0.7 livrés en
cascade (idempotency keys Hyperswitch, persist `stripe_transfer_id` ,
async Stripe Connect reversal worker, reconciliation sweep, webhook
raw audit log, ledger-health Prometheus gauges + 3 alertes
Alertmanager). Détail dans `CHANGELOG.md` . Item G (subscription
`pending_payment` ) deferred v1.0.9.
2026-02-20 14:44:30 +00:00
### v0.103 (Phase 1 Fondation)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-20 14:44:30 +00:00
- Auth : OAuth Spotify (A1), Sessions enrichies (A4)
- Profils : Bannière (B1), Liens sociaux (B2), Profil privé (B3)
2026-02-20 14:23:12 +00:00
- ⏸️ 2FA SMS, Passkeys → reportés v0.104
2026-02-20 14:44:30 +00:00
### v0.201 (Phase 2 Contenu — Lot E)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-20 14:44:30 +00:00
- ✅ Lot E — Métadonnées : BPM, musical_key, lyrics, tags (E1–
- Migrations : 084 track_lyrics, 085 tracks.tags
2026-02-20 14:23:12 +00:00
feat(release): v0.202 — Lots G, H, F, C, D
- Lot G: Recherche avancée (musical_key, tri pertinence, autocomplete, facettes, historique)
- Lot H: Analytics créateur (stats, charts, completion rate, export CSV/JSON)
- Lot F: Seller dashboard (GET /sell/stats, liste produits)
- Lot C: Player (crossfade, gapless preload, PiP)
- Lot D2: Autoplay (GET /tracks/recommendations, section À écouter ensuite)
Backend: GetRecommendations handler, route /tracks/recommendations
Frontend: PlayerQueue recommendations, fix TS errors (GlobalPlayer, AnalyticsViewKpiGrid, etc.)
Docs: FEATURE_STATUS, PROJECT_STATE, CHANGELOG, SCOPE_CONTROL
2026-02-20 17:16:17 +00:00
### v0.202 (Phase 2 Contenu — Lots G, H, F, C, D)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
feat(release): v0.202 — Lots G, H, F, C, D
- Lot G: Recherche avancée (musical_key, tri pertinence, autocomplete, facettes, historique)
- Lot H: Analytics créateur (stats, charts, completion rate, export CSV/JSON)
- Lot F: Seller dashboard (GET /sell/stats, liste produits)
- Lot C: Player (crossfade, gapless preload, PiP)
- Lot D2: Autoplay (GET /tracks/recommendations, section À écouter ensuite)
Backend: GetRecommendations handler, route /tracks/recommendations
Frontend: PlayerQueue recommendations, fix TS errors (GlobalPlayer, AnalyticsViewKpiGrid, etc.)
Docs: FEATURE_STATUS, PROJECT_STATE, CHANGELOG, SCOPE_CONTROL
2026-02-20 17:16:17 +00:00
- Lot G : Recherche avancée (musical_key, tri pertinence, autocomplete, facettes type, historique)
- Lot H : Analytics créateur (stats, graphiques, taux complétion, export CSV/JSON)
- Lot F : Seller dashboard (GET /sell/stats, liste produits marketplace)
- Lot C : Player (crossfade, gapless preload, PiP)
- Lot D : Autoplay (GET /tracks/recommendations, section « À écouter ensuite »)
2026-02-20 14:23:12 +00:00
2026-02-20 17:47:23 +00:00
### v0.203 (Phase 2 Contenu — Lots L, K, D1)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-20 17:47:23 +00:00
- Lot L : Social Trending (GET /social/trending, cache Redis, SocialViewTrending connecté)
- Lot K : Recherche enrichie (pg_trgm fuzzy, AND/OR/NOT/"phrase exacte", tooltip aide)
- Lot D1 : Queue collaborative (sessions partagées, bouton Partager, polling sync)
2026-02-21 04:32:29 +00:00
### v0.301 (Phase 3 Social — Lots P0, C1, P1, S1)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-21 04:32:29 +00:00
- Lot P0 : Chat Server typing protocol, auth WebSocket doc
- Lot C1 : Typing indicators, read receipts, delivered status
- Lot P1 : Présence (migration 088, GET /users/:id/presence, PresenceBadge)
- Lot S1 : Social enrichi (feed API, actor/track enrichi, pagination, explore, filtres)
2026-02-22 02:24:01 +00:00
### v0.302 (Phase 3 Social — Lots S2, N1, P2)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 02:24:01 +00:00
- Lot S2 : Groupes avancés (request join, invite, rôles, feed groupes, mes groupes)
- Lot N1 : Notifications push Web (subscription, envoi sur événement, préférences, badge)
- Lot P2 : Présence enrichie (rich presence track, mode invisible, PUT /users/me/presence)
2026-02-22 02:46:10 +00:00
### v0.303 (Phase 3 Social — Lot C2)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 02:46:10 +00:00
- Lot C2 : Chat appels WebRTC 1-to-1 (signalisation, CallButton, IncomingCallModal, ActiveCallBar)
2026-02-22 02:24:01 +00:00
2026-02-22 13:23:28 +00:00
### v0.401 (Phase 4 Commerce — Lots M1, M2, M3)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 13:23:28 +00:00
- Lot M1 : Produits & Catalogue (BPM, musical_key, category, previews, images, filtres, rich text)
- Lot M2 : Licences & Droits (product_licenses, GET /licenses/mine, LicenceCard, LicensesView)
- Lot M3 : Seller dashboard enrichi (evolution chart, top products, real sales)
2026-02-22 15:01:03 +00:00
### v0.402 (Phase 4 Commerce — Lots P1, P2)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 15:01:03 +00:00
- Lot P1 : Checkout Hyperswitch production-ready (return URL order_id, CheckoutSuccessView/ErrorView, webhook cancelled, CheckoutPaymentForm)
- Lot P2 : Codes promo (promo_codes, ValidatePromoCode, GET /commerce/promo/:code, PromoCodeModal connecté, OrderSummary dans Cart)
2026-02-22 16:56:51 +00:00
### v0.404 (Phase 4bis Stabilisation — post-audit)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 16:56:51 +00:00
- Sécurité : JWT stream token endpoint, SSRF protection webhooks (HTTPS-only), IDOR fix GetUploadStatus, Hyperswitch webhook secret requis en prod, password reset tokens hashés (SHA-256), docker-compose.hybrid supprimé, secrets CI → GitHub Secrets
- Infra : Rate limiting Redis, alerting Prometheus, PostgreSQL 16 aligné, compose staging complet, CodeQL SAST, Rust CI avec clippy
- Qualité : 40 fmt.Printf → zap, ~45 any éliminés frontend, TypeScript 5.9.3 unifié, code mort supprimé (~1600 LOC), gorilla/websocket → coder/websocket
2026-02-22 17:45:07 +00:00
### v0.501 (Phase 5 Streaming & Cloud — Lots S1, C1, G1)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 17:45:07 +00:00
- Lot S1 — HLS production : transcoding adaptatif 3 tiers (128k, 256k, 320k), ABR hls.js, cache segments CDN, monitoring Prometheus (4 compteurs), waveform generation (FFmpeg + audiowaveform), WaveformDisplay SVG interactif, useHLSPlayer hook
- Lot C1 — Cloud Storage MVP : gestion dossiers/fichiers, upload drag-and-drop avec quota 5GB, prévisualisation audio inline, publication cloud → track
- Lot G1 — Gear avancé : profils publics (is_public toggle, GearShowcase), galerie images multi-photo avec carousel, recherche ILIKE avec SearchBar
- Infra : MinIO S3-compatible (dev, staging, prod), 6 migrations (103–
- Sécurité : Trivy container scanning CI
2026-02-25 19:04:37 +00:00
### v0.803 (Phase 8 — Sécurité, Compliance & Outillage Dev)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-03-03 08:25:20 +00:00
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- DDoS rate limiting: global 1000 req/s, per-IP 100 req/s
- Audit middleware HTTP (POST/PUT/DELETE auto-log), GET /admin/audit/logs
2026-02-25 19:04:37 +00:00
- CCPA Sec-GPC, opt-out endpoint
- Account deletion hardening (anonymisation, S3, sessions)
2026-03-03 08:25:20 +00:00
- Moderation queue (reports CRUD, actions dismiss/warn/ban)
- Maintenance mode, announcements, feature flags
- AdminSettingsView (onglet SETTINGS) : maintenance, feature flags, annonces
2026-02-25 19:04:37 +00:00
- Maintenance mode (503, admin toggle)
- Announcements CRUD, GET /announcements/active
- Feature flags DB persistence
- AdminSettingsView, AdminModerationView, AnnouncementBanner connectés
feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive
- Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView
- Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab
- MSW: cloud versions/share, gear documents/repairs, tags suggest
- Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants
- gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair
- cloudService: listVersions, restoreVersion, shareFile, getSharedFile
- gear_warranty_notifier: 24h ticker, notifications for expiring warranty
- tag_handler_test: unit tests
- docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802
- SCOPE_CONTROL, .cursorrules: scope v0.803
- archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802
2026-02-25 13:00:58 +00:00
### v0.802 (Phase 8 — Cloud avancé, Gear, Tags)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive
- Cloud: CloudFileVersions, CloudShareModal, versions/share in CloudView
- Gear: GearDocumentsTab, GearRepairsTab, warranty badge, initialTab
- MSW: cloud versions/share, gear documents/repairs, tags suggest
- Stories: CloudFileVersions, CloudShareModal, GearDetailModal variants
- gearService: listDocuments, uploadDocument, deleteDocument, listRepairs, createRepair, deleteRepair
- cloudService: listVersions, restoreVersion, shareFile, getSharedFile
- gear_warranty_notifier: 24h ticker, notifications for expiring warranty
- tag_handler_test: unit tests
- docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.802
- SCOPE_CONTROL, .cursorrules: scope v0.803
- archive: V0_802_RELEASE_SCOPE, RETROSPECTIVE_V0802
2026-02-25 13:00:58 +00:00
- Cloud : versioning, sharing, GDPR export, backup cron
- Gear : documents CRUD, repairs CRUD, warranty notifier
- Tags : GET /tags/suggest, audio/aiff
- Frontend : CloudFileVersions, CloudShareModal, GearDocumentsTab, GearRepairsTab
2026-02-23 23:21:20 +00:00
### v0.702 (Phase 7 — Reviews, Factures, Remboursements & Product Detail)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-23 23:21:20 +00:00
- Route /marketplace/products/:id avec ProductDetailPage (lazy)
- MSW handlers : reviews (GET/POST), invoice download
- Tests unitaires : reviews (6), invoices (4), refunds (6)
- API_REFERENCE.md : sections Reviews, Invoices, Refunds
2026-02-25 09:00:24 +00:00
### v0.801 (Phase 8 — UX/UI Polish, Accessibilité & PWA)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-25 09:00:24 +00:00
- User preferences: migration 118, PUT /users/me/preferences (contrast, density, accentHue, fontSize)
- Thèmes avancés: high contrast, compact/comfortable density, accent color, font size 14–
- Accessibilité: ARIA labels, aria-haspopup menu, focus-visible ring, useReducedMotion
- PWA: service worker re-enabled (safe caching), Install App in Settings
- Background playback: useWakeLock for mobile
feat(v0.703): Go Live & Streaming Complet
- Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms
- LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room
- LiveViewPlayer: real-time viewer count via polling (5s)
- Media Session: seekbackward/seekforward handlers (10s step)
- GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible
- Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703
- SCOPE_CONTROL, .cursorrules: update to v0.801
- Archive V0_703_RELEASE_SCOPE.md
2026-02-25 08:35:22 +00:00
### v0.703 (Phase 7 — Go Live & Streaming Complet)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
feat(v0.703): Go Live & Streaming Complet
- Backend: room creation for live streams, permissions CanJoin/CanSend/CanRead for stream rooms
- LiveViewChat: useLiveStreamChat hook, WebSocket connection, stream_id as room
- LiveViewPlayer: real-time viewer count via polling (5s)
- Media Session: seekbackward/seekforward handlers (10s step)
- GoLiveView.stories.tsx: Default, Loading, Error, StreamKeyVisible
- Docs: API_REFERENCE, CHANGELOG, PROJECT_STATE, FEATURE_STATUS, RETROSPECTIVE_V0703
- SCOPE_CONTROL, .cursorrules: update to v0.801
- Archive V0_703_RELEASE_SCOPE.md
2026-02-25 08:35:22 +00:00
- Go Live : page /live/go-live, stream key, OBS instructions
- Endpoints : GET/POST /live/streams/me/key, GET /live/streams/me, PUT /live/streams/:id
- Live Chat WebSocket : LiveViewChat connecté, stream_id comme room
- Viewer count temps réel : polling dans LiveViewPlayer
- Media Session : seekbackward/seekforward (10s)
feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702
- Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers
- Step 14: MSW handlers admin transfers
- Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading)
- Step 16-17: DeepHealth handler (disk, config), GET /health/deep
- Step 19: health_deep_test.go (4 tests)
- Step 20: docs/API_REFERENCE.md
- Step 21: Archive V0_604, MIGRATIONS.md migration 116
- Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701
- Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules
- Step 24: Archive V0_701_RELEASE_SCOPE
- Fix: AdminTransfersView Select component (use options API)
2026-02-23 22:42:02 +00:00
### v0.701 (Phase 7 — Retry, Admin Dashboard, Deep Health)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702
- Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers
- Step 14: MSW handlers admin transfers
- Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading)
- Step 16-17: DeepHealth handler (disk, config), GET /health/deep
- Step 19: health_deep_test.go (4 tests)
- Step 20: docs/API_REFERENCE.md
- Step 21: Archive V0_604, MIGRATIONS.md migration 116
- Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701
- Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules
- Step 24: Archive V0_701_RELEASE_SCOPE
- Fix: AdminTransfersView Select component (use options API)
2026-02-23 22:42:02 +00:00
- Transfer Retry Worker : retry automatique des transferts failed (backoff exponentiel, max 3)
- Migration 116 : retry_count, next_retry_at sur seller_transfers
- GET /admin/transfers, POST /admin/transfers/:id/retry
- AdminTransfersView : tableau admin avec filtres, pagination, bouton Retry
- GET /health/deep : DB, Redis, S3, disk, config summary
- docs/API_REFERENCE.md
2026-02-23 21:59:38 +00:00
### v0.603 (Phase 6+ Transfer automatique, Commission & Stabilisation)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-23 21:59:38 +00:00
- T1 : Transfer automatique Stripe Connect après paiement réussi (webhook Hyperswitch)
- Commission plateforme configurable (PLATFORM_FEE_RATE, défaut 10 %)
- Migration 115 seller_transfers, modèle SellerTransfer, GET /sell/transfers
- Carte Transfer History dans SellerDashboard
- Tests unitaires : transfer success, multi-seller, transfer-fails
- Archivage docs pre-v0.501
chore(release): v0.602 — Payout, Dette Technique & Tests E2E
- Stripe Connect: onboarding, balance, SellerDashboardView
- Interceptors: auth.ts, error.ts extracted, facade
- Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce)
- E2E commerce: product->order->review->invoice
- SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL
- Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603
- Fix sanitizer regex (Go no backreferences)
- Marketplace test schema: product_licenses, product_images, orders, licenses
2026-02-23 21:32:01 +00:00
### v0.602 (Phase 6+ Payout, Dette Technique & Tests E2E)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
chore(release): v0.602 — Payout, Dette Technique & Tests E2E
- Stripe Connect: onboarding, balance, SellerDashboardView
- Interceptors: auth.ts, error.ts extracted, facade
- Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce)
- E2E commerce: product->order->review->invoice
- SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL
- Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603
- Fix sanitizer regex (Go no backreferences)
- Marketplace test schema: product_licenses, product_images, orders, licenses
2026-02-23 21:32:01 +00:00
- CLN2 : Split interceptors auth.ts, error.ts, facade < 30 LOC
2026-02-23 21:59:38 +00:00
- P3 : Stripe Connect payout (onboarding, balance, seller_stripe_accounts)
chore(release): v0.602 — Payout, Dette Technique & Tests E2E
- Stripe Connect: onboarding, balance, SellerDashboardView
- Interceptors: auth.ts, error.ts extracted, facade
- Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce)
- E2E commerce: product->order->review->invoice
- SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL
- Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603
- Fix sanitizer regex (Go no backreferences)
- Marketplace test schema: product_licenses, product_images, orders, licenses
2026-02-23 21:32:01 +00:00
- INF2 : Grafana dashboards enrichis (p50, top endpoints, 4xx, WS connections, messages/s, orders, refunds, payout)
- QA2 : E2E commerce backend (product -> order -> review -> invoice), SMOKE_TEST_V0602.md
### v0.601 (Phase 6 — Production Readiness & Commerce)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
chore(release): v0.602 — Payout, Dette Technique & Tests E2E
- Stripe Connect: onboarding, balance, SellerDashboardView
- Interceptors: auth.ts, error.ts extracted, facade
- Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce)
- E2E commerce: product->order->review->invoice
- SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL
- Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603
- Fix sanitizer regex (Go no backreferences)
- Marketplace test schema: product_licenses, product_images, orders, licenses
2026-02-23 21:32:01 +00:00
- INF1 : Blue-green HAProxy, Grafana dashboards (API, Chat, Commerce), Alertmanager, Hyperswitch LIVE_MODE
- AUTH1 : OAuth Discord, OAuth Spotify opérationnels
- CLN1 : handler.go split en 4 sous-handlers, interceptors.ts en modules (utils, request, response)
- QA1 : Tests OAuth, MIGRATIONS.md, audit console.log
2026-02-22 20:28:46 +00:00
### v0.503 (Phase 5 — HLS E2E + Chat Hardening + Cleanup)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 20:28:46 +00:00
- SS1 : HLS Streaming E2E (backend serving routes, frontend ABR player)
- CH1 : Redis rate limiter (sliding window + in-memory fallback), présence persistante Redis (2min TTL), PostgreSQL full-text search (tsvector + GIN index)
- CL1 : veza-chat-server directory supprimé, références CI/CD/config/scripts nettoyées
- QA1 : 23 Go tests passing, documentation
2026-02-22 19:51:55 +00:00
### v0.502 (Phase 5 Communication — Chat Server Rewrite)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 19:51:55 +00:00
- Chat Server Rust → Go : WebSocket intégré dans veza-backend-api (`/api/v1/ws`)
- Hub/Client avec goroutines readPump/writePump, 30s ping keepalive
- 18 types messages entrants, 20 types sortants (protocole identique au Rust)
- Handlers : SendMessage, EditMessage, DeleteMessage, JoinConversation, LeaveConversation, FetchHistory, SearchMessages, SyncMessages, Typing, MarkAsRead, Delivered, AddReaction, RemoveReaction, WebRTC signaling (5 types)
- PermissionService (room_members), RateLimiter (per-user per-action)
- ChatPubSubService (Redis PubSub + fallback in-memory)
- 4 nouvelles migrations (109–
- Docker : suppression chat-server Rust de docker-compose.yml, staging.yml, prod.yml
- Frontend : dérivation WS_URL depuis API_URL, types TS mis à jour, MSW mis à jour
- 15 tests unitaires Go, E2E tests intégration, CHAT_FEATURE_PARITY.md (25/25 OK)
2026-02-20 14:23:12 +00:00
---
## 3. Prochaines étapes
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
### Cible v1.0.9
Triés par effort ×
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
- **Item G subscription `pending_payment` ** (M, 3j) — `docs/audit-2026-04/v107-plan.md` §G. State machine + recovery endpoint + tests + E2E `@critical` . Le hotfix v1.0.6.2 compense via filter ; G replace le creation path. **TODO marqué dans `subscription/service.go`** .
- **WebRTC STUN/TURN** (M, 1-2j) — FUNCTIONAL_AUDIT 🟡 #1 . Coturn (Incus container ?), env vars, UI fallback si NAT échoue. Le seul 🟡 fonctionnel encore ouvert.
- **Email tokens query→header** (S, 0.5j) — FUNCTIONAL_AUDIT §4 #7 . Sécu (anti-leak Referer/logs). Coupler avec migration `verifyEmail` POST déjà landée v1.0.8.
- **Register UX** (S, 0.5j) — FUNCTIONAL_AUDIT §4 #8 . JWT émis avant l'email send → 403 immédiat tant que non-vérifié. Friction UX.
- **Multipart S3 chunked upload natif** (M, 1-2j) — plan v1.0.8 D4 deferred. Aujourd'hui : assemble local puis single-shot stream 500 MB. Risque OOM en pic de concurrence.
- **Consolider `services/api/*.ts` wrappers** (M, 1j) — auth/users/tracks/playlists/search/social. Parallèles aux feature services ; rewire ~30 importers vers feature-direct.
- **C6 E2E flake stab** (S, 0.5j) — après le 1er run E2E vert, identifier les vrais flakes en CI vs ceux observés en dev.
2026-02-22 16:56:51 +00:00
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
### Plus tard (deferred v1.1+)
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8
Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.
PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
description + next-version hint refreshed (v1.0.9 with item G +
WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
consolidated entries (with batch labels A/B/B9/C and the
money-movement plan items A–F). The v0.x sections kept verbatim
for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
(long since shipped) with the v1.0.9 candidate list, ordered by
effort × impact. Item G subscription pending_payment + WebRTC TURN
are the two cibles. C6 flake stab + wrappers consolidation +
multipart S3 + register UX + email tokens header migration listed
alongside.
FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
(TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
(v0.101 era) to `false` (v1.0.7 default) — referencing the
fallback /tracks/:id/stream Range cache bypass landed in
v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).
The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:56:44 +00:00
- Consolidation dual-trigger transcode gRPC + RabbitMQ (FUNCTIONAL §2 parcours 2 #5 ).
- Études OOM stockage si scale x10.
- Backfill `seller_transfers.stripe_transfer_id` pour les rows pré-v1.0.7 (CHANGELOG ops task #38 ).
- Sandbox Hyperswitch → prod réel (mode `live` ).
2026-02-22 20:28:46 +00:00
2026-02-22 16:56:51 +00:00
---
## 4. Sécurité
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Métrique | Avant v0.404 | Après v0.404 |
| ------------------ | ------------ | ------------ |
| **Score sécurité** | 5/10 | 7/10 |
2026-02-22 16:56:51 +00:00
**Améliorations v0.404 :**
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
2026-02-22 16:56:51 +00:00
- JWT stream token endpoint (`POST /auth/stream-token`) pour auth HLS/WebSocket
- SSRF protection sur webhooks (HTTPS-only, whitelist schéma)
- IDOR corrigé dans GetUploadStatus (ownership check)
- Hyperswitch webhook secret requis en production (HMAC)
- Password reset tokens hashés (SHA-256)
- Docker hybrid compose supprimé
- Credentials CI migrés vers GitHub Secrets
---
## 5. Infrastructure
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Élément | État v0.404 |
| ------------------- | ---------------------------------------- |
| Rate limiting Redis | ✅ Disponible |
| Alerting Prometheus | ✅ Règles ajoutées |
| PostgreSQL | ✅ Aligné v16 |
| Compose staging | ✅ Complet (chat, stream, reverse proxy) |
| CodeQL SAST | ✅ Ajouté |
| Rust CI (clippy) | ✅ Ajouté |
2026-02-22 16:56:51 +00:00
---
## 6. Qualité du code
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Métrique | v0.404 |
| ----------------------- | ---------------------------- |
| fmt.Printf → zap | 40 remplacements |
| any TypeScript éliminés | ~45 |
| TypeScript unifié | 5.9.3 |
| Code mort supprimé | ~1600 LOC |
| gorilla/websocket | Remplacé par coder/websocket |
2026-02-20 14:23:12 +00:00
---
2026-02-22 16:56:51 +00:00
## 7. Références rapides
2026-02-20 14:23:12 +00:00
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Document | Usage |
| ------------------------------------------------------------------ | ------------------------------------------------------- |
| [PLAN_V0_301_FINALISATION.md ](archive/PLAN_V0_301_FINALISATION.md ) | Plan de finalisation v0.301 |
| [V0_401_RELEASE_SCOPE.md ](archive/V0_401_RELEASE_SCOPE.md ) | Scope v0.401 (Phase 4 Commerce) |
| [V0_402_RELEASE_SCOPE.md ](V0_402_RELEASE_SCOPE.md ) | Scope v0.402 (checkout & codes promo) |
| [V0_303_RELEASE_SCOPE.md ](V0_303_RELEASE_SCOPE.md ) | Scope v0.303 (Chat appels WebRTC 1-to-1) |
| [PLAN_V0_401_IMPLEMENTATION.md ](PLAN_V0_401_IMPLEMENTATION.md ) | Plan d'implémentation v0.401 |
| [PLAN_V0_402_IMPLEMENTATION.md ](PLAN_V0_402_IMPLEMENTATION.md ) | Plan d'implémentation v0.402 |
| [V0_404_RELEASE_SCOPE.md ](V0_404_RELEASE_SCOPE.md ) | Scope v0.404 (stabilisation post-audit) |
| [V0_501_RELEASE_SCOPE.md ](archive/V0_501_RELEASE_SCOPE.md ) | Scope v0.501 (Streaming & Cloud, archivé) |
| [V0_502_RELEASE_SCOPE.md ](archive/V0_502_RELEASE_SCOPE.md ) | Scope v0.502 (Chat Server Rewrite, archivé) |
| [V0_503_RELEASE_SCOPE.md ](archive/V0_503_RELEASE_SCOPE.md ) | Scope v0.503 (archivé) |
| [V0_601_RELEASE_SCOPE.md ](archive/V0_601_RELEASE_SCOPE.md ) | Scope v0.601 (archivé) |
| [V0_602_RELEASE_SCOPE.md ](archive/V0_602_RELEASE_SCOPE.md ) | Scope v0.602 (archivé) |
| [PLAN_V0_601_IMPLEMENTATION.md ](PLAN_V0_601_IMPLEMENTATION.md ) | Plan d'implémentation v0.601 |
| [PLAN_V0_602_IMPLEMENTATION.md ](PLAN_V0_602_IMPLEMENTATION.md ) | Plan d'implémentation v0.602 |
| [V0_603_RELEASE_SCOPE.md ](V0_603_RELEASE_SCOPE.md ) | Scope v0.603 (Transfer auto, Commission, Stabilisation) |
| [PLAN_V0_603_IMPLEMENTATION.md ](PLAN_V0_603_IMPLEMENTATION.md ) | Plan d'implémentation v0.603 |
| [CHAT_FEATURE_PARITY.md ](CHAT_FEATURE_PARITY.md ) | Feature parity Rust vs Go (25/25 OK) |
| [V0_301_RELEASE_SCOPE.md ](archive/V0_301_RELEASE_SCOPE.md ) | Scope détaillé v0.301 (Phase 3 Social) |
| [V0_203_RELEASE_SCOPE.md ](V0_203_RELEASE_SCOPE.md ) | Scope v0.203 (archivé) |
| [SCOPE_CONTROL.md ](SCOPE_CONTROL.md ) | Anti-scope-creep, workflow |
| [FEATURE_STATUS.md ](FEATURE_STATUS.md ) | Statut des features par domaine |
| [CHANGELOG.md ](../CHANGELOG.md ) | Historique des versions |
2026-02-20 14:23:12 +00:00
---
2026-02-22 16:56:51 +00:00
## 8. Stack technique
2026-02-20 14:23:12 +00:00
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Composant | État |
| ------------------------- | ---------------------------------------- |
| Backend Go | ✅ Opérationnel |
| Frontend React (Vite) | ✅ Opérationnel |
| Chat Go (intégré backend) | ✅ Opérationnel (v0.502) |
| Stream Server Rust | ✅ Compile — HLS en intégration (v0.503) |
| PostgreSQL | ✅ |
| Redis | ✅ |
2026-02-20 14:23:12 +00:00
---
2026-02-22 16:56:51 +00:00
## 9. Indicateurs
2026-02-20 14:23:12 +00:00
chore(release): v1.0.4 — cleanup sprint complete, CI green
7-day cleanup sprint (J1–J7) done. The codebase is unchanged
functionally but the working tree, docs, k8s runbooks, CI, and
Go dependency graph are all realigned with reality for the first
time since the v1.0.0 release.
VERSION 1.0.2 → 1.0.4 (skips v1.0.3 — that tag already
exists upstream, unused on this branch)
CHANGELOG.md full v1.0.4 entry with per-day (J1–J7) breakdown
and the govulncheck + CI fix trail
docs/PROJECT_STATE.md header month + version table refreshed,
pointer to AUDIT_REPORT.md added
docs/FEATURE_STATUS.md header updated — no feature matrix
changes (no feature work in this sprint)
Key deliverables of the sprint:
J1 0e7097ed1 purge 220 MB of debris (binaries, reports,
session docs, stale MVP scripts)
J2 2aea1af36 rewrite CLAUDE.md, fix README, purge chat-server
refs from k8s runbooks and env examples
J3 67f18892a remove 3 deprecated unused handlers
J3+ 7fa314866 2FA handler duplicate removal (bundled by parallel
ci-cache commit)
J4 9cdfc6d89 GDPR-compliant hard delete with Redis SCAN cursor
and ES DeleteByQuery — closes TODO(HIGH-007)
J5 0589ec9fc defer GeoIP, rename v2-v3-types.ts to domain.ts,
document Storybook kill
J5+ 7f89bebe1 fix lint-staged eslint rule (was linting the
whole project — root cause of earlier --no-verify)
J6 113210734 mark 3 dormant docker-compose files deprecated
fix 3d1f127ad bump x/image, quic-go, testcontainers-go — drops
containerd + docker/docker from dep graph,
resolving 5 govulncheck findings without allowlist
fix b33227a57 bump go.work to 1.25 to match veza-backend-api
fix 73fc6e128 bump x/net v0.51.0 for GO-2026-4559
fix 376d9adc4 retire legacy backend-ci.yml, centralize Docker
probe in SkipIfNoIntegration
CI status on the consolidated ci.yml workflow for 376d9adc4:
Veza CI / Backend (Go) OK 6m36s
Veza CI / Frontend (Web) OK 20m57s
Veza CI / Rust (Stream) OK 6m25s
Security Scan / gitleaks OK 4m13s
Veza CI / Notify skipped (fires only on failure)
First fully green CI run of the sprint and the first in a long
time overall. The tag v1.0.4 is cut on this state.
Refs: AUDIT_REPORT.md, all commits 0e7097ed1..376d9adc4
2026-04-15 14:39:30 +00:00
| Métrique | Valeur |
| --------------------------- | ---------- |
| Features livrées (cumul) | ~353 / 600 |
| Features E2E fonctionnelles | 22 |
| Score maturité produit | 5/10 |
| Module Streaming | 55% |
| Module Cloud | 30% |
| Module Gear | 60% |
