senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2288 commits 37 branches 94 tags 1.5 GiB
TypeScript 48.5%
Go 36.8%
Rust 6.5%
Shell 4.5%
JavaScript 1.5%
Other 2.1%
Find a file
senke 3cd82ba5be fix(hyperswitch): idempotency-key on create-payment and create-refund — v1.0.7 item D 
Every outbound POST /payments and POST /refunds from the Hyperswitch
client now carries an Idempotency-Key HTTP header. Key values are
explicit parameters at every call site — no context-carrier magic,
no auto-generation. An empty key is a loud error from the client
(not silent header omission) so a future new call site that forgets
to supply one fails immediately, not months later under an obscure
replay scenario.

Key choices, both stable across HTTP retries of the same logical
call:
  * CreatePayment → order.ID.String() (GORM BeforeCreate populates
    order.ID before the PSP call in ConfirmOrder).
  * CreateRefund → pendingRefund.ID.String() (populated by the
    Phase 1 tx.Create in RefundOrder, available for the Phase 2 PSP
    call).

Scope note (reproduced here for the next reader who grep-s the
commit log for "Idempotency-Key"):

  Idempotency-Key covers HTTP-transport retry (TLS reconnect,
  proxy retry, DNS flap) within a single CreatePayment /
  CreateRefund invocation. It does NOT cover application-level
  replay (user double-click, form double-submit, retry after crash
  before DB write). That class of bug requires state-machine
  preconditions on VEZA side — already addressed by the order
  state machine + the handler-level guards on POST
  /api/v1/payments (for payments) and the partial UNIQUE on
  `refunds.hyperswitch_refund_id` landed in v1.0.6.1 (for refunds).

  Hyperswitch TTL on Idempotency-Key: typically 24h-7d server-side
  (verify against current PSP docs). Beyond TTL, a retry with the
  same key is treated as a new request. Not a concern at current
  volumes; document if retry logic ever extends beyond 1 hour.

Explicitly out of scope: item D does NOT add application-level
retry logic. The current "try once, fail loudly" behavior on PSP
errors is preserved. Adding retries is a separate design exercise
(backoff, max attempts, circuit breaker) not part of this commit.

Interfaces changed:
  * hyperswitch.Client.CreatePayment(ctx, idempotencyKey, ...)
  * hyperswitch.Client.CreatePaymentSimple(...) convenience wrapper
  * hyperswitch.Client.CreateRefund(ctx, idempotencyKey, ...)
  * hyperswitch.Provider.CreatePayment threads through
  * hyperswitch.Provider.CreateRefund threads through
  * marketplace.PaymentProvider interface — first param after ctx
  * marketplace.refundProvider interface — first param after ctx

Removed:
  * hyperswitch.Provider.Refund (zero callers, superseded by
    CreateRefund which returns (refund_id, status, err) and is the
    only method marketplace's refundProvider cares about).

Tests:
  * Two new httptest.Server-backed tests (client_test.go) pin the
    Idempotency-Key header value for CreatePayment and CreateRefund.
  * Two new empty-key tests confirm the client errors rather than
    silently sending no header.
  * TestRefundOrder_OpensPendingRefund gains an assertion that
    f.provider.lastIdempotencyKey == refund.ID.String() — if a
    future refactor threads the key from somewhere else (paymentID,
    uuid.New() per call, etc.) the test fails loudly.
  * Four pre-existing test mocks updated for the new signature
    (mockRefundPaymentProvider in marketplace, mockPaymentProvider
    in tests/integration and tests/contract, mockRefundPayment
    Provider in tests/integration/refund_flow).

Subscription's CreateSubscriptionPayment interface declares its own
shape and has no live Hyperswitch-backed implementation today —
v1.0.6.2 noted this as the payment-gate bypass surface, v1.0.7
item G will ship the real provider. When that lands, item G's
implementation threads the idempotency key through in the same
pattern (documented in v107-plan.md item G acceptance).

CHANGELOG v1.0.7-rc1 entry updated with the full item D scope note
and the "out of scope: retries" caveat.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 02:30:02 +02:00
.github ci: retire legacy backend-ci.yml, centralize Docker probe in SkipIfNoIntegration 2026-04-15 16:12:45 +02:00
.husky implicit: implement Implicit 10.3 - add optional test check to pre-commit hook 2026-01-16 14:18:41 +01:00
apps/web feat(backend,web): surface RTMP ingest health on the Go Live page 2026-04-16 23:52:36 +02:00
chat_exports report generation and future tasks selection 2025-12-08 19:57:54 +01:00
config chore(infra): J6 — mark 3 dormant docker-compose files as deprecated 2026-04-15 12:58:39 +02:00
dev-environment refactor: remove dead code (api_manager.go, unused templates) 2026-02-22 17:44:19 +01:00
docker/haproxy chore: consolidate CI, E2E, backend and frontend updates 2026-02-17 16:43:21 +01:00
docs fix(hyperswitch): idempotency-key on create-payment and create-refund — v1.0.7 item D 2026-04-18 02:30:02 +02:00
docs-assets/mermaid BASE: completing the initial repo state 2025-12-03 22:56:50 +01:00
fixtures release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
full_veza_audit_data feat(v0.923): API contract tests, OpenAPI generation, CI type sync check 2026-02-27 20:23:10 +01:00
home/senke/git/talas/veza/apps/web/src small fixes : cors + login loop 2026-02-07 20:36:48 +01:00
infra chore(infra): J6 — mark 3 dormant docker-compose files as deprecated 2026-04-15 12:58:39 +02:00
k8s docs(J2): align docs with reality — rewrite CLAUDE.md, fix README, purge chat-server refs 2026-04-14 17:23:50 +02:00
loadtests feat(v0.14.0): validation runtime & staging pipeline 2026-03-13 16:09:43 +01:00
make fix: sync E2E tests with seed data + i18n fix 2026-04-02 19:42:03 +02:00
packages/design-system feat: design system, theme, and layout improvements 2026-03-23 15:44:37 +01:00
prompts chore: add audit screenshots, audit scripts, and prompt templates 2026-03-31 19:17:05 +02:00
proto refactor(infra): centralize protobuf definitions in shared proto/ directory 2026-02-22 17:45:11 +01:00
scripts chore(release): v1.0.6.2 — subscription payment-gate bypass hotfix 2026-04-17 12:21:53 +02:00
sub_task_agents Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 2026-02-14 17:23:32 +01:00
test-reports/20251226-132633 [TEST] MVP integration tests executed - 2/28 API passed, 0/20 E2E passed, 3 bugs found 2026-01-04 01:44:13 +01:00
tests test(e2e): convert all remaining 298 console.log to real expect() 2026-04-08 15:50:17 +02:00
tmt fix: sync E2E tests with seed data + i18n fix 2026-04-02 19:42:03 +02:00
tools BASE: completing the initial repo state 2025-12-03 22:56:50 +01:00
veza-backend-api fix(hyperswitch): idempotency-key on create-payment and create-refund — v1.0.7 item D 2026-04-18 02:30:02 +02:00
veza-common v0.9.1 2026-03-05 19:22:31 +01:00
veza-docs feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 2026-03-12 09:31:50 +01:00
veza-stream-server chore(infra): J6 — mark 3 dormant docker-compose files as deprecated 2026-04-15 12:58:39 +02:00
.cursorrules docs: retrospective v0.803, archive scope, update SCOPE_CONTROL 2026-03-03 09:25:34 +01:00
.editorconfig initial: initial repo set up (README, LICENSE, CONTRIBUTORS, etc...) 2025-12-03 13:54:23 +01:00
.gitattributes initial: initial repo set up (README, LICENSE, CONTRIBUTORS, etc...) 2025-12-03 13:54:23 +01:00
.gitignore chore(cleanup): J1 — purge 220MB of debris, archive session docs 2026-04-14 17:01:27 +02:00
.gitleaks.toml ci(security): expand gitleaks allowlist for e2e artifacts, docs, templates 2026-04-14 12:32:34 +02:00
.lighthouserc.js feat(v0.14.0): validation runtime & staging pipeline 2026-03-13 16:09:43 +01:00
.lintstagedrc.json fix(ci): lint-staged eslint rule was linting the whole project 2026-04-15 12:47:21 +02:00
.nvmrc v0.9.3 2026-03-05 19:35:57 +01:00
CHANGELOG.md fix(hyperswitch): idempotency-key on create-payment and create-refund — v1.0.7 item D 2026-04-18 02:30:02 +02:00
CLAUDE.md docs(J2): align docs with reality — rewrite CLAUDE.md, fix README, purge chat-server refs 2026-04-14 17:23:50 +02:00
CONTRIBUTING.md release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
docker-compose.dev.yml fix(backend,infra): send real verification emails + fail-loud in prod 2026-04-16 14:52:46 +02:00
docker-compose.env.example feat(payments): document Hyperswitch activation and validate checkout flow 2026-02-15 16:08:49 +01:00
docker-compose.override.yml.example BASE: completing the initial repo state 2025-12-03 22:56:50 +01:00
docker-compose.prod.yml fix(v0.12.6.1): LOW-002 update Hyperswitch 2025.01.21→2026.03.11 2026-03-12 06:23:56 +01:00
docker-compose.staging.yml chore(release): v0.981 — Beta (staging deploy, bug bash, smoke test) 2026-03-02 19:33:42 +01:00
docker-compose.test.yml fix(infra): align PostgreSQL to version 16 in test compose 2026-02-22 17:35:35 +01:00
docker-compose.yml refactor(backend,infra): unify SMTP env schema on canonical SMTP_* names 2026-04-16 20:44:09 +02:00
env.remote-r720.example stabilisation commit: while implementing v0.10.5 2026-03-09 19:36:33 +01:00
generate_page_fix_prompts.sh chore: add audit screenshots, audit scripts, and prompt templates 2026-03-31 19:17:05 +02:00
go.work fix(ci): bump go.work to 1.25 to match veza-backend-api/go.mod 2026-04-15 15:06:50 +02:00
go.work.sum chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline) 2026-03-02 12:35:49 +01:00
Makefile release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
package-lock.json feat(ui): add SUMI design system components, seasonal hooks, and i18n updates 2026-03-31 19:15:54 +02:00
package.json fix: stabilize frontend — 98 TS errors to 0, align API endpoints, optimize bundle 2026-03-24 21:18:49 +01:00
README.md chore(cleanup): J5 — defer GeoIP, rename v2-v3-types, document Storybook kill 2026-04-15 12:43:57 +02:00
RELEASE_NOTES_V1.md chore(release): v0.992 RC2 — Release notes, sign-off final 2026-03-03 19:53:41 +01:00
run-audit.sh chore: add audit screenshots, audit scripts, and prompt templates 2026-03-31 19:17:05 +02:00
rust-toolchain.toml BASE: completing the initial repo state 2025-12-03 22:56:50 +01:00
status.sh docs: add project documentation, logging config, status script 2026-03-18 11:36:36 +01:00
turbo.json chore: add Turborepo for monorepo orchestration 2026-02-14 22:38:32 +01:00
Untitled chore: consolidate CI, E2E, backend and frontend updates 2026-02-17 16:43:21 +01:00
VERSION chore(release): v1.0.6.2 — subscription payment-gate bypass hotfix 2026-04-17 12:21:53 +02:00
VEZA_VERSIONS_ROADMAP.md docs: update VEZA_VERSIONS_ROADMAP [v1.0.0-rc1 DONE] 2026-03-13 16:24:04 +01:00

README.md

Veza Monorepo

CI

Version courante : v1.0.4 (cleanup + consolidation post-audit). Voir CHANGELOG.md et docs/PROJECT_STATE.md.

Project Structure

  • apps/web — Frontend React 18 + Vite 5 + TypeScript strict (source of truth for the UI)
  • veza-backend-api — Main Go 1.25 API service (Gin, GORM, Postgres, Redis, RabbitMQ, Elasticsearch). Handles REST, WebSocket, and chat (chat server was merged into this service in v0.502).
  • veza-stream-server — Rust streaming server (Axum 0.8, Tokio 1.35, Symphonia) — HLS, HTTP Range, WebSocket, gRPC
  • veza-common — Shared Rust types and logging
  • packages/design-system — Shared design tokens

See CLAUDE.md for the full architecture map.

Development Setup

Prerequisites: Node 20 (see .nvmrc), Go, Rust, Docker. Configure .env from .env.example.

# Verify environment
make doctor
./scripts/validate-env.sh development

# Install dependencies
make install-deps

# Option A — Backend in Docker + Web local
make dev

# Option B — All apps local with hot reload (infra from docker-compose.dev.yml)
make dev-full

# Option C — Infra only, then run services manually
docker compose -f docker-compose.dev.yml up -d
make dev-web              # or make dev-backend-api, make dev-stream-server

See docs/ENV_VARIABLES.md for required variables. make build builds all services.

Quick Start

Frontend only

cd apps/web
npm install
npm run dev

Docker Production

Canonical production compose file: docker-compose.prod.yml

docker compose -f docker-compose.prod.yml up -d

See make/config.mk for COMPOSE_PROD and deployment docs.

CI/CD

  • Badge : CI status above. Set SLACK_WEBHOOK_URL (Incoming Webhook) in repo secrets to receive Slack notifications on failure.

Disabled workflows

  • Storybook (chromatic.yml.disabled, storybook-audit.yml.disabled, visual-regression.yml.disabled): deferred until MSW is wired up for /api/v1/auth/me and /api/v1/logs/frontend, which currently causes ~1 400 network errors in the Storybook build. The npm scripts (storybook, build-storybook) still work locally for one-off component inspection. To reactivate in CI, fix the MSW handlers and rename the three files back to .yml.

Documentation

  • Developer Onboarding — Setup, architecture, conventions, troubleshooting
  • Documentation index — Index complet de la documentation
  • See docs/ for detailed architecture and development guides. Older audits and reports are archived in docs/archive/.