senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: update PROJECT_STATE.md to reflect v0.404 stabilization

Browse source 
FIN-02: Updated version to v0.404, added security score improvements
(5->7/10), infrastructure readiness, code quality metrics, and
updated next version target to v0.501.
This commit is contained in:
senke 2026-02-22 17:56:51 +01:00
parent 22083aedd9
commit 9e7e2f6e37
1 changed files with 58 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
docs/PROJECT_STATE.md
View file

@ -8,10 +8,10 @@
| Élément | Valeur |
|---------|--------|
| **Dernier tag** | v0.402 |
| **Dernier tag** | v0.404 |
| **Branche courante** | `main` |
| **Phase** | Phase 4 Commerce — v0.402 livrée |
| **Prochaine version** | v0.403 |
| **Phase** | Phase 4bis Stabilisation — v0.404 livrée |
| **Prochaine version** | v0.501 |
---
@ -61,20 +61,64 @@
- Lot P1 : Checkout Hyperswitch production-ready (return URL order_id, CheckoutSuccessView/ErrorView, webhook cancelled, CheckoutPaymentForm)
- Lot P2 : Codes promo (promo_codes, ValidatePromoCode, GET /commerce/promo/:code, PromoCodeModal connecté, OrderSummary dans Cart)
### v0.404 (Phase 4bis Stabilisation — post-audit)
- Sécurité : JWT stream token endpoint, SSRF protection webhooks (HTTPS-only), IDOR fix GetUploadStatus, Hyperswitch webhook secret requis en prod, password reset tokens hashés (SHA-256), docker-compose.hybrid supprimé, secrets CI → GitHub Secrets
- Infra : Rate limiting Redis, alerting Prometheus, PostgreSQL 16 aligné, compose staging complet, CodeQL SAST, Rust CI avec clippy
- Qualité : 40 fmt.Printf → zap, ~45 any éliminés frontend, TypeScript 5.9.3 unifié, code mort supprimé (~1600 LOC), gorilla/websocket → coder/websocket
---
## 3. Prochaines étapes
### Prochaine version (v0.403)
- **Lot P3** : Payout vendeurs (Stripe Connect, balance, transferts)
- **Lot R1** : Reviews produits (product_reviews, notation, note moyenne)
- **Lot F1** : Factures PDF (génération, téléchargement)
- **Lot R2** : Remboursements (refund API, webhook, révocation licence)
- Référence : [V0_403_RELEASE_SCOPE.md](V0_403_RELEASE_SCOPE.md), [PLAN_V0_403_IMPLEMENTATION.md](PLAN_V0_403_IMPLEMENTATION.md)
### Prochaine version (v0.501)
- **Phase 5 — Streaming & Cloud** : HLS production-ready, Cloud storage MVP, Gear avancé
- Référence : [V0_501_RELEASE_SCOPE.md](V0_501_RELEASE_SCOPE.md)
---
## 4. Références rapides
## 4. Sécurité
| Métrique | Avant v0.404 | Après v0.404 |
|----------|--------------|--------------|
| **Score sécurité** | 5/10 | 7/10 |
**Améliorations v0.404 :**
- JWT stream token endpoint (`POST /auth/stream-token`) pour auth HLS/WebSocket
- SSRF protection sur webhooks (HTTPS-only, whitelist schéma)
- IDOR corrigé dans GetUploadStatus (ownership check)
- Hyperswitch webhook secret requis en production (HMAC)
- Password reset tokens hashés (SHA-256)
- Docker hybrid compose supprimé
- Credentials CI migrés vers GitHub Secrets
---
## 5. Infrastructure
| Élément | État v0.404 |
|---------|-------------|
| Rate limiting Redis | ✅ Disponible |
| Alerting Prometheus | ✅ Règles ajoutées |
| PostgreSQL | ✅ Aligné v16 |
| Compose staging | ✅ Complet (chat, stream, reverse proxy) |
| CodeQL SAST | ✅ Ajouté |
| Rust CI (clippy) | ✅ Ajouté |
---
## 6. Qualité du code
| Métrique | v0.404 |
|----------|--------|
| fmt.Printf → zap | 40 remplacements |
| any TypeScript éliminés | ~45 |
| TypeScript unifié | 5.9.3 |
| Code mort supprimé | ~1600 LOC |
| gorilla/websocket | Remplacé par coder/websocket |
---
## 7. Références rapides
| Document | Usage |
|----------|-------|
@ -84,8 +128,8 @@
| [V0_303_RELEASE_SCOPE.md](V0_303_RELEASE_SCOPE.md) | Scope v0.303 (Chat appels WebRTC 1-to-1) |
| [PLAN_V0_401_IMPLEMENTATION.md](PLAN_V0_401_IMPLEMENTATION.md) | Plan d'implémentation v0.401 |
| [PLAN_V0_402_IMPLEMENTATION.md](PLAN_V0_402_IMPLEMENTATION.md) | Plan d'implémentation v0.402 |
| [V0_403_RELEASE_SCOPE.md](V0_403_RELEASE_SCOPE.md) | Scope v0.403 (Payout, reviews, factures, remboursements) |
| [PLAN_V0_403_IMPLEMENTATION.md](PLAN_V0_403_IMPLEMENTATION.md) | Plan d'implémentation v0.403 |
| [V0_404_RELEASE_SCOPE.md](V0_404_RELEASE_SCOPE.md) | Scope v0.404 (stabilisation post-audit) |
| [V0_501_RELEASE_SCOPE.md](V0_501_RELEASE_SCOPE.md) | Scope v0.501 (Streaming & Cloud) |
| [V0_301_RELEASE_SCOPE.md](V0_301_RELEASE_SCOPE.md) | Scope détaillé v0.301 (Phase 3 Social) |
| [V0_203_RELEASE_SCOPE.md](V0_203_RELEASE_SCOPE.md) | Scope v0.203 (archivé) |
| [SCOPE_CONTROL.md](SCOPE_CONTROL.md) | Anti-scope-creep, workflow |
@ -94,7 +138,7 @@
---
## 5. Stack technique
## 8. Stack technique
| Composant | État |
|-----------|------|
@ -107,7 +151,7 @@
---
## 6. Indicateurs
## 9. Indicateurs
| Métrique | Valeur |
|----------|--------|