senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2251 commits 37 branches 94 tags 1.5 GiB
Commit graph

23 commits

Author SHA1 Message Date
senke
02728909f5 chore(cleanup): J1 — purge 220MB of debris, archive session docs 
Remove accidentally-committed artifacts from v1.0.3 → v1.0.4 cleanup sprint:

Binaries (5, ~167 MB):
- veza-backend-api/{server,modern-server,encrypt_oauth_tokens,seed,seed-v2}

Reports & logs (frontend):
- 9 lint_report*.json (~32 MB)
- tsc_*.{log,txt}, ts_*.log (TypeScript error snapshots)
- storybook_*.json (1375+ stored errors)
- build_errors*.txt, final_errors.txt, build_output.txt

Reports & logs (backend):
- coverage*.out + coverage_groups/ (70 files, ~4 MB)
- 3 internal/handlers/*.go.bak files

Root audit screenshots:
- 54 audit-*.png (~11 MB visual regression baselines)

Session docs archived (not deleted):
- 78 apps/web/*.md → docs/archive/frontend-sessions-2026/
- 43 veza-backend-api/*.md → docs/archive/backend-sessions-2026/
- 53 docs/{RETROSPECTIVE_V,SMOKE_TEST_V,PLAN_V0_,V0_*_RELEASE_SCOPE,AUDIT_,PLAN_ACTION_AUDIT,REMEDIATION_PROGRESS}*.md → docs/archive/v0-history/

Stale scripts removed (Jan 2026 MVP-era, hardcoded v0.101):
- start_{iteration,mvp,recovery}.sh
- test_{mvp_endpoints,protected_endpoints,user_journey}.sh
- validate_v0101.sh, verify_logs_setup.sh, gen_hash.py

.gitignore updated to prevent recurrence.

README.md and CONTRIBUTING.md preserved in both apps/web/ and veza-backend-api/.

Total: 169 deletions, 174 renames, 1 .gitignore modification.

Refs: AUDIT_REPORT.md §11
 2026-04-14 17:01:27 +02:00
senke
57b8b1431e fix(a11y): fix heading hierarchy h1→h3 gaps on 8 pages 
Changed h3 section titles to h2 on pages where they directly follow the page h1:
- Library: empty state heading
- Queue: "Now Playing" + "Up Next"
- Search: discovery sections + results sections
- Profile: "About" + "Links"
- Sessions: card title
- Notifications: date group headers

Also: add 'api' binary to .gitignore

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 10:14:18 +01:00
senke
29a40f2dcf chore: update gitignore — exclude local files and test audio 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 15:44:17 +01:00
senke
32c72a1e2c chore: update .gitignore — exclude binary, debug screenshots, MCP config 
- Add veza-backend-api/veza-api (99MB ELF binary) to gitignore
- Add root-level debug/test screenshot patterns
- Add .mcp.json (local MCP config)
- Remove veza-api binary from tracking

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-17 17:43:04 +01:00
senke
249fd99730 fix(v0.12.6): apply all pentest remediations — 36 findings across 36 files 
CRITICAL fixes:
- Race condition (TOCTOU) in payout/refund with SELECT FOR UPDATE (CRITICAL-001/002)
- IDOR on analytics endpoint — ownership check enforced (CRITICAL-003)
- CSWSH on all WebSocket endpoints — origin whitelist (CRITICAL-004)
- Mass assignment on user self-update — strip privileged fields (CRITICAL-005)

HIGH fixes:
- Path traversal in marketplace upload — UUID filenames (HIGH-001)
- IP spoofing — use Gin trusted proxy c.ClientIP() (HIGH-002)
- Popularity metrics (followers, likes) set to json:"-" (HIGH-003)
- bcrypt cost hardened to 12 everywhere (HIGH-004)
- Refresh token lock made mandatory (HIGH-005)
- Stream token replay prevention with access_count (HIGH-006)
- Subscription trial race condition fixed (HIGH-007)
- License download expiration check (HIGH-008)
- Webhook amount validation (HIGH-009)
- pprof endpoint removed from production (HIGH-010)

MEDIUM fixes:
- WebSocket message size limit 64KB (MEDIUM-010)
- HSTS header in nginx production (MEDIUM-001)
- CORS origin restricted in nginx-rtmp (MEDIUM-002)
- Docker alpine pinned to 3.21 (MEDIUM-003/004)
- Redis authentication enforced (MEDIUM-005)
- GDPR account deletion expanded (MEDIUM-006)
- .gitignore hardened (MEDIUM-007)

LOW/INFO fixes:
- GitHub Actions SHA pinning on all workflows (LOW-001)
- .env.example security documentation (INFO-001)
- Production CORS set to HTTPS (LOW-002)

All tests pass. Go and Rust compile clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-14 00:44:46 +01:00
senke
9a93068a9b v0.9.1 2026-03-05 19:22:31 +01:00
senke
e118199637 chore(release): v0.981 — Beta (staging deploy, bug bash, smoke test) 2026-03-02 19:33:42 +01:00
senke
1b239d13ab chore(release): v0.941 — Cleanup (dead code, migrations dedup, deprecated routes) 2026-03-02 19:04:30 +01:00
senke
e11984898d chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
 2026-02-17 16:43:21 +01:00
senke
6ab03bf3df chore(e2e): Playwright webServer env for CI, gitignore e2e auth 
- Pass VITE_DOMAIN, VITE_BACKEND_PORT to webServer in CI
- Add apps/web/e2e/.auth/ to gitignore
 2026-02-17 16:42:48 +01:00
senke
1a67ceb28b chore: clean root directory, move design system files, update .gitignore 2026-02-15 16:05:54 +01:00
senke
503ef4e8dc chore: audit 2.8 et 2.9 — gitignore et Tokio 
2.8: Mise à jour .gitignore
- .turbo/ (cache Turborepo)
- *.out (Go coverage, artefacts)
- test-results/ et playwright-report/ (patterns globaux)

2.9: Alignement Tokio 1.0 → 1.35
- veza-common: dependencies + dev-dependencies
- veza-stream-server/tools
 2026-02-15 14:47:31 +01:00
senke
7f7b6547bc chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.) 2026-02-14 21:45:15 +01:00
senke
04c25aa24f Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 
Bloc A - Code mort:
- Suppression Studio (components, views, features)
- Suppression gamification + services mock (projectService, storageService, gamificationService)
- Mise à jour Sidebar, Navbar, locales

Bloc B - Frontend:
- Suppression modal.tsx deprecated, Modal.stories (doublon Dialog)
- Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true
- Suppression 19 tests orphelins, retrait exclusions vitest.config

Bloc C - Backend:
- Extraction routes_auth.go depuis router.go

Bloc D - Rust:
- Suppression security_legacy.rs (code mort, patterns déjà dans security/)
 2026-02-14 17:23:32 +01:00
senke
895ab65050 chore: add .cursor/ to .gitignore 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:20:44 +01:00
senke
702ef968e4 fix(security): stop tracking veza-stream-server/.env and config/incus env files 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 19:48:51 +01:00
senke
31c9f2af0c feat: global update including storybook setup and backend fixes 
- Web: Setup Storybook, added addons, configured Tailwind, added stories for UI components.
- Backend: Updated API router, database, workers, and auth in common.
- Stream Server: Removed SQLx queries and updated auth.
- Docs & Scripts: Updated documentation and recovery scripts.
 2026-02-02 19:34:14 +01:00
senke
7452bd637a stabilisation commit A 2026-01-07 19:39:21 +01:00
senke
ae1c9c2795 stabilizing apps/web: FIRST BATCH 2025-12-17 08:07:35 -05:00
okinrev
8d6ce72bb2 report generation and future tasks selection 2025-12-08 19:57:54 +01:00
okinrev
5ffcd50e0a P0: stabilisation backend/chat/stream + nouvelle base migrations v1 
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.

Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.

Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).

Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.

Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
 2025-12-06 11:14:38 +01:00
okinrev
6e2e16fbb5 initial: initial repo set up (README, LICENSE, CONTRIBUTORS, etc...) 2025-12-03 13:54:23 +01:00
okinrev
d6a9eef4d6 Initial commit 2025-12-03 10:02:55 +01:00