46 commits

Author	SHA1	Message	Date
senke	5088239337	feat(v0.14.0): validation runtime & staging pipeline ... - TASK-STAG-001: staging-validation.yml workflow (deploy + all checks) - TASK-STAG-002: k6 staging performance validation (p95<100ms, stream<500ms) - TASK-STAG-003: Lighthouse CI config (perf>=85, a11y>=90, CWV thresholds) - TASK-STAG-004: staging-stability-check.sh (5xx rate monitoring) - TASK-STAG-005: GDPR E2E integration test (export + deletion + anonymization) - TASK-STAG-006: bundle size check integrated in validation pipeline Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 16:09:43 +01:00
senke	2281c91e8b	feat(v0.13.5): polish marketplace & compliance — KYC, support, payout E2E ... - Seller KYC via Stripe Identity (start verification, status check, webhook) - Support ticket system (backend handler + frontend form page) - E2E payout flow integration test (sale → payment → balance → payout) - Migrations: seller_kyc columns, support_tickets table - Frontend: SupportPage with SUMI design, lazy loading, routing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 14:57:19 +01:00
senke	2df921abd5	v0.9.1	2026-03-05 19:22:31 +01:00
senke	7cfd48a82a	fix(release): v1.0.1 — Conformité complète ROADMAP checklist ... - Sécurité: npm 0 CRITICAL, cargo audit 0 vulnérabilités - OpenAPI: @Param id corrigé pour /tracks/quota/{id} - Tests: Payment E2E passe, OAuth DATABASE_URL fallback - Migrations: 000_mark_consolidated.sql - veza-stream-server: prometheus 0.14, validator 0.19 - docs: SECURITY_SCAN_RC1, V1_SIGNOFF, PROJECT_STATE	2026-03-03 20:17:54 +01:00
senke	7e015f8e73	chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes)	2026-03-02 19:04:30 +01:00
senke	72d40990c5	feat(v0.923): API contract tests, OpenAPI generation, CI type sync check	2026-02-27 20:23:10 +01:00
senke	7cb4ef56e1	feat(v0.912): Cashflow - payment E2E integration tests ... - Add MarketplaceServiceOverride and AuthMiddlewareOverride to config for tests - Wire overrides in routes_webhooks and routes_marketplace (authForMarketplaceInterface) - payment_flow_test: cart -> checkout -> webhook -> order completed, license, transfer - webhook_idempotency_test: 3 identical webhooks -> 1 order, 1 license - webhook_security_test: empty secret 500, invalid sig 401, valid sig 200 - refund_flow_test: completed order -> refund -> order refunded, license revoked - Shared computeWebhookSignature helper in webhook_test_helpers.go - SetMaxOpenConns(1) for sqlite :memory: in idempotency test to avoid flakiness Ref: docs/ROADMAP_V09XX_TO_V1.md v0.912 Cashflow	2026-02-27 20:00:51 +01:00
senke	4720bb20b2	feat(auth): v0.911 Keystone - OAuth and auth integration tests ... - Add access token blacklist on logout (VEZA-SEC-006) - Extend OAuthService for mock provider injection in tests - Add oauth_google_test.go: full OAuth Google flow with mocked provider - Add oauth_github_test.go: OAuth GitHub flow with PKCE verification - Add token_refresh_test.go: E2E refresh via httpOnly cookies - Add logout_blacklist_test.go: E2E logout + token blacklist - Fix testutils import path in resume_upload_test, track_quota_test - Fix CreatorID -> UserID in track_quota_test - Add test:integration script to package.json Release: v0.911 Keystone	2026-02-27 09:58:53 +01:00
senke	f9120c322b	release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 ... - ORDER BY dynamiques : whitelist explicite, fallback created_at DESC - Login/register soumis au rate limiter global - VERSION sync + check CI - Nettoyage références veza-chat-server - Go 1.24 partout (Dockerfile, workflows) - TODO/FIXME/HACK convertis en issues ou résolus	2026-02-27 09:43:25 +01:00
senke	51984e9a1f	feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities ... - OAuth: use JWTService+SessionService, httpOnly cookies (VEZA-SEC-001) - Remove PasswordService.GenerateJWT (VEZA-SEC-002) - Hyperswitch webhook: mandatory verification, 500 if secret empty (VEZA-SEC-005) - Auth middleware: TokenBlacklist.IsBlacklisted check (VEZA-SEC-006) - Waveform: ValidateExecPath before exec (VEZA-SEC-007)	2026-02-26 19:34:45 +01:00
senke	83ed4f315b	chore(release): v0.602 — Payout, Dette Technique & Tests E2E ... - Stripe Connect: onboarding, balance, SellerDashboardView - Interceptors: auth.ts, error.ts extracted, facade - Grafana: dashboards enriched (p50, top endpoints, 4xx, WS, commerce) - E2E commerce: product->order->review->invoice - SMOKE_TEST_V0602, RETROSPECTIVE_V0602, PAYOUT_MANUAL - Archive V0_602 scope, V0_603 placeholder, SCOPE_CONTROL v0.603 - Fix sanitizer regex (Go no backreferences) - Marketplace test schema: product_licenses, product_images, orders, licenses	2026-02-23 22:32:01 +01:00
senke	c6f094a3d5	feat(marketplace): add POST /products/:id/preview for audio preview upload	2026-02-22 14:07:30 +01:00
senke	286be8ba1d	chore(v0.102): consolidate remaining changes — docs, frontend, backend ... - docs: SCOPE_CONTROL, CONTRIBUTING, README, .github templates - frontend: DeveloperDashboardView, Player components, MSW handlers, auth, reactQuerySync - backend: playback_analytics, playlist_service, testutils, integration README Excluded (artifacts): .auth, playwright-report, test-results, storybook_audit_detailed.json	2026-02-20 13:02:12 +01:00
senke	32348bebce	feat(developer): add API keys backend (Lot C) ... - Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at) - APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey) - APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys - AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT - CSRF: skip for API key auth (stateless) - Key format: vza_ prefix, SHA-256 hashed storage	2026-02-20 00:18:36 +01:00
senke	1159874adf	refactor(backend): unify architecture - migrate analytics handler to core (ADR-001)	2026-02-15 16:18:13 +01:00
senke	92f432fb9e	chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.)	2026-02-14 21:45:15 +01:00
senke	759154e660	fix(auth): add Redis lock for concurrent refresh token requests	2026-02-14 18:29:37 +01:00
senke	afea976f57	chore: add go.work and optional monorepo orchestrator	2026-02-14 18:21:39 +01:00
senke	ae586f6134	Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy ... Bloc A - Code mort: - Suppression Studio (components, views, features) - Suppression gamification + services mock (projectService, storageService, gamificationService) - Mise à jour Sidebar, Navbar, locales Bloc B - Frontend: - Suppression modal.tsx deprecated, Modal.stories (doublon Dialog) - Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true - Suppression 19 tests orphelins, retrait exclusions vitest.config Bloc C - Backend: - Extraction routes_auth.go depuis router.go Bloc D - Rust: - Suppression security_legacy.rs (code mort, patterns déjà dans security/)	2026-02-14 17:23:32 +01:00
senke	30f17dfc2a	chore(backend): config, router, auth, stream service, sanitizer, tests ... Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-11 22:19:09 +01:00
senke	76d95ecfb4	incus deployement fully implemented, Makefile updated and make fmt ran	2026-01-13 19:47:57 +01:00
senke	0e7b6fede1	[T0-002] fix(rust): Corriger erreurs compilation Rust ... - Conflit SQLx résolu (alignement sur version 0.7) - build.rs configurés pour protoc dans chat/stream servers - API Prometheus migrée vers HistogramOpts - Traits Display/Debug corrigés (String au lieu de &dyn Display) - API TOTP corrigée (totp-rs 5.4 avec Secret::Encoded) - Layers tracing-subscriber corrigés (types conditionnels) - VezaError/VezaResult exportés dans lib.rs - TransactionProvider simplifié (retour void au lieu de Box<dyn>) - VezaConfig contraint Serialize pour to_json() Files: veza-common/Cargo.toml, veza-common/src/*.rs, veza-chat-server/Cargo.toml, veza-chat-server/build.rs, veza-stream-server/Cargo.toml, veza-stream-server/build.rs, VEZA_ROADMAP.json Hours: 8 estimated, 3 actual	2026-01-04 01:44:20 +01:00
senke	744a98ede9	[WIP] Register: Code modifié mais échoue avec 500 - diagnostic en cours ... - Modifié Register() pour générer tokens JWT - Corrigé signature: (*User, *TokenPair, error) - Corrigé handlers et tests - Register échoue maintenant avec 'Failed to create user' (code 9000) - Erreur DB non visible dans les logs - nécessite diagnostic approfondi	2026-01-04 01:44:14 +01:00
senke	9a3c72a2da	[INT-009] int: Add API contract tests	2025-12-25 15:18:44 +01:00
senke	1ebbb06315	[FE-PAGE-015] fe-page: Add Analytics page	2025-12-25 11:25:06 +01:00
senke	0ee7232592	[BE-TEST-025] test: Add tests for marketplace flow	2025-12-25 02:39:56 +01:00
senke	33841c9337	[BE-TEST-024] test: Add tests for analytics endpoints	2025-12-25 02:36:50 +01:00
senke	83ded8ab05	[BE-TEST-023] test: Add tests for search functionality	2025-12-25 02:34:17 +01:00
senke	e4946db347	[BE-TEST-022] be-test: Add tests for 2FA flow ... - Created comprehensive 2FA flow test suite - Tests cover 2FA setup (secret generation, QR code, recovery codes) - Tests cover verification and activation with TOTP codes - Tests cover login flow with 2FA requirement - Tests cover status checking and TOTP code validation - Tests cover complete end-to-end flow (setup -> verify -> login) - Tests handle SQLite compatibility (GORM for EnableTwoFactor) - Tests verify error cases (already enabled, invalid codes) - Tests verify recovery codes generation Phase: PHASE-5 Priority: P2 Progress: 143/267 (53.56%)	2025-12-25 02:21:16 +01:00
senke	b3735c9e16	[BE-TEST-021] be-test: Add tests for webhook delivery ... - Created comprehensive webhook delivery and retry test suite - Tests cover webhook delivery success with proper headers - Tests cover retry logic for network errors with exponential backoff - Tests cover max retries exceeded scenario - Tests cover signature verification (HMAC-SHA256) - Tests cover worker retry logic - Tests for TriggerEvent skipped for SQLite (PostgreSQL array operators not supported) - Tests verify webhook payload structure and headers (X-Veza-Signature, X-Veza-Event, X-Veza-Timestamp) Phase: PHASE-5 Priority: P2 Progress: 142/267 (53.18%)	2025-12-25 02:13:27 +01:00
senke	eea79884b9	[BE-TEST-020] be-test: Add tests for filtering and sorting ... - Created comprehensive filtering and sorting test suite - Tests cover tracks endpoints: filtering by user_id, genre, format, combined filters - Tests cover tracks endpoints: sorting by created_at (asc/desc), title, default sort - Tests cover users endpoints: filtering by role, is_active, is_verified, search - Tests cover users endpoints: sorting by created_at, username - Tests cover playlists endpoints: filtering by user_id - Tests verify invalid sort fields and orders are handled gracefully - Tests verify combined filtering and sorting work together - Note: User search test skipped for SQLite (does not support ILIKE operator) Phase: PHASE-5 Priority: P2 Progress: 141/267 (52.81%)	2025-12-25 02:09:45 +01:00
senke	096da76c09	[BE-TEST-019] be-test: Add tests for pagination ... - Created comprehensive pagination test suite for all list endpoints - Tests cover tracks, users, and playlists endpoints - Tests verify default pagination (page=1, limit=20) - Tests verify custom pagination parameters - Tests verify invalid parameter validation and correction - Tests verify pagination metadata (total, total_pages, has_next, has_prev) - Tests verify navigation between pages - Tests verify edge cases (empty query, large page numbers, max limit) - Tests verify total count accuracy - Tests verify consistency across all endpoints Phase: PHASE-5 Priority: P2 Progress: 140/267 (52.43%)	2025-12-25 02:05:58 +01:00
senke	1f574bec10	[BE-TEST-018] be-test: Add tests for error handling ... - Created comprehensive error handling test suite - Tests verify error response format standardization - Tests cover all error types (validation, not found, unauthorized, forbidden, internal, database, conflict, rate limit, quota) - Tests verify error recovery and retry logic - Tests verify validation error details - Tests verify HTTP status code mapping - Tests verify error response consistency Phase: PHASE-5 Priority: P2 Progress: 139/267 (52.06%)	2025-12-25 02:02:54 +01:00
senke	f8aa42df20	[BE-TEST-017] be-test: Add security tests for authorization ... - Created comprehensive authorization test suite - Tests verify unauthorized access is blocked (401/403) - Tests cover: no token, invalid token, expired token - Tests verify role-based access control (admin, creator, regular user) - Tests verify ownership checks and admin override - Tests verify token version mismatch protection Phase: PHASE-5 Priority: P2 Progress: 138/267 (51.69%)	2025-12-25 02:00:56 +01:00
senke	6e4a3578c9	[BE-TEST-016] be-test: Add security tests for injection attacks ... - Created comprehensive security test suite for SQL injection, XSS, and command injection - Added 30+ SQL injection test payloads - Added 50+ XSS test payloads - Added 30+ command injection test payloads - Tests verify GORM parameterized queries protection - Tests verify input sanitization utilities - Added README documentation for security tests Phase: PHASE-5 Priority: P2 Progress: 137/267 (51.31%)	2025-12-25 01:57:59 +01:00
senke	f71d6add4b	[BE-TEST-015] be-test: Add load tests for upload endpoints ... - Created k6 load test script for concurrent and chunked uploads - Added Go performance tests for upload endpoints - Updated README with usage instructions for upload load tests - Tests cover simple upload, chunked upload (initiate/chunk/complete), and batch upload - Performance thresholds defined for upload operations Phase: PHASE-5 Priority: P2 Progress: 136/267 (50.94%)	2025-12-25 01:55:22 +01:00
senke	05c3d12478	[BE-TEST-015] test: Add load tests for upload endpoints ... - Added comprehensive load tests for upload endpoints: * Concurrent simple uploads (20 concurrent uploads) * Concurrent chunked uploads (5 uploads with 10 chunks each) * Chunked upload stress test (10 uploads with 20 chunks each) * Upload status polling under load (50 concurrent polls) - All tests measure throughput, success rates, and response times - Tests use in-memory SQLite and Redis (if available) for fast execution - All tests tagged with load build tag	2025-12-25 01:52:22 +01:00
senke	b805ddf9d9	[BE-TEST-014] test: Add performance tests for critical endpoints ... - Added comprehensive performance tests for critical endpoints: * Health check endpoints (/health, /readyz) - threshold: 10ms * Authentication endpoints (login: 100ms, register: 200ms) * Track endpoints (list: 50ms, get: 30ms, create: 500ms) * Playlist endpoints (list: 50ms, create: 200ms) * User endpoints (list: 50ms, get: 30ms) - Includes both performance tests (measuring response times against thresholds) - Includes benchmarks using Go benchmark framework - All tests tagged with performance build tag - Tests use in-memory SQLite for fast execution	2025-12-25 01:48:38 +01:00
senke	6cdd3b7abe	[BE-API-026] be-api: Implement track quota endpoint validation	2025-12-24 14:45:12 +01:00
senke	64cdfcc7bd	[BE-API-025] be-api: Implement upload resume endpoint validation	2025-12-24 14:42:52 +01:00
senke	d61d851f65	stabilizing veza-backend-api: phase 1	2025-12-16 11:23:49 -05:00
senke	2dfde29f7d	refonte: backend-api go first; phase 1	2025-12-12 21:34:34 -05:00
okinrev	87c6461900	report generation and future tasks selection	2025-12-08 19:57:54 +01:00
okinrev	1e4f7b1756	STABILISATION: phase 3–5 – API contract, tests & chat-server hardening	2025-12-06 17:21:59 +01:00
okinrev	b7955a680c	P0: stabilisation backend/chat/stream + nouvelle base migrations v1 ... Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).	2025-12-06 11:14:38 +01:00
okinrev	2425c15b09	adding initial backend API (Go)	2025-12-03 20:29:37 +01:00