- Global setup no longer throws when API is unavailable; writes empty
auth state so Playwright can start; specs that need auth use their
own login or storageState override.
- Ensure e2e/.auth dir exists before writing empty state.
- Remove src/eventbus/ directory (orphan — event_bus.rs is the active module)
- Remove src/prometheus_metrics.rs (orphan duplicate — monitoring/prometheus_metrics.rs is active)
- Remove src/core/sync.rs_test_snippet (leftover artifact)
Stream server compiles with zero errors.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Remove packages/design-system/ directory (superseded by SUMI tokens
in apps/web/src/index.css, confirmed no imports exist)
- Update package.json keywords from kodo-design-system to sumi-design-system
- Create docs/STORYBOOK_CONTRACT.md defining mandatory story structure:
Default, Loading, Error, Empty states for feature components
- Typography audit: SUMI utility classes defined in index.css, codebase
correctly uses Tailwind classes with SUMI tokens via @theme — no
migration needed
Co-authored-by: Cursor <cursoragent@cursor.com>
- Fix setTimeout memory leak in ChatRoom.tsx by storing timeout in
useRef and cleaning up on unmount
- Add tests for Accordion, Collapsible, FloatingInput, AnimatedNumber,
and FAB components (5 new test files, all passing)
- Fix socialService methods (deleteComment, markRead, markAllRead) to
return values matching test expectations
- Fix MSW handlers for chat/token and notification endpoints to use
proper { success: true, data: ... } envelope format
- Fix invalid CSS selector in TrackList.test.tsx that caused JSDOM crash
- Document excluded test files with TODO tickets in vitest.config.ts
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add Group and GroupMember models with CRUD service methods
- Implement social group endpoints: create, list, get, join, leave
- Add WishlistItem model with get/add/remove service methods
- Add CartItem model with get/add/remove/checkout service methods
- Create handlers for marketplace wishlist and cart operations
- Register playlist export (JSON/CSV) and duplicate routes
- Enable PLAYLIST_SHARE and NOTIFICATIONS feature flags
Co-authored-by: Cursor <cursoragent@cursor.com>
- Fix chat-ci.yml and stream-ci.yml to reference veza-chat-server/
and veza-stream-server/ instead of non-existent apps/ paths
- Add veza-common/ to CI triggers so shared library changes are tested
- Reactivate CD pipeline with Docker registry push and Kubernetes
deployment steps (gated on secrets availability)
- Standardize Redis dependency to v0.32 across both Rust services
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add IsURLSafe() function to webhook service blocking private IPs,
localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health
Co-authored-by: Cursor <cursoragent@cursor.com>
